File name:

drw_fr_installer.17416064336923b32488.exe

Full analysis: https://app.any.run/tasks/cda692ca-c50d-4f90-8bce-ac1bf9712da5
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: July 08, 2025, 17:48:45
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
adware
gexin
installer
loader
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

BCCBB13D0F69C0BB9556EC28D2972EC8

SHA1:

452BC02CAD78F057562E6A7413ABDB25A1F88DAF

SHA256:

56FF9AF01A9333CE7605E021E34C87B964885BEE74BBF00E2B92F3327D154B2F

SSDEEP:

98304:FR62l82ZJBM7TQfycwA3bjJD8sBAIzXiN00f6gwmQznz2ALjfZkxjLelce0k0esL:6mKyuL

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • GEXIN has been detected (SURICATA)

      • AliyunWrapExe.exe (PID: 1096)

  • SUSPICIOUS

    • The process drops C-runtime libraries

      • drw_fr_installer.17416064336923b32488.exe (PID: 3780)

    • Process drops legitimate windows executable

      • drw_fr_installer.17416064336923b32488.exe (PID: 3780)

    • Executable content was dropped or overwritten

      • drw_fr_installer.17416064336923b32488.exe (PID: 3780)

    • Reads security settings of Internet Explorer

      • EDownloader.exe (PID: 1512)
      • AliyunWrapExe.exe (PID: 1096)

    • Access to an unwanted program domain was detected

      • AliyunWrapExe.exe (PID: 1096)

    • Reads Microsoft Outlook installation path

      • EDownloader.exe (PID: 1512)

    • Reads Internet Explorer settings

      • EDownloader.exe (PID: 1512)

  • INFO

    • Checks supported languages

      • drw_fr_installer.17416064336923b32488.exe (PID: 3780)
      • EDownloader.exe (PID: 1512)
      • InfoForSetup.exe (PID: 2512)
      • InfoForSetup.exe (PID: 2612)
      • AliyunWrapExe.exe (PID: 1096)
      • InfoForSetup.exe (PID: 5116)
      • InfoForSetup.exe (PID: 1392)
      • InfoForSetup.exe (PID: 684)
      • InfoForSetup.exe (PID: 5456)
      • InfoForSetup.exe (PID: 1128)
      • InfoForSetup.exe (PID: 4820)

    • The sample compiled with english language support

      • drw_fr_installer.17416064336923b32488.exe (PID: 3780)

    • Create files in a temporary directory

      • drw_fr_installer.17416064336923b32488.exe (PID: 3780)
      • EDownloader.exe (PID: 1512)
      • InfoForSetup.exe (PID: 2612)
      • AliyunWrapExe.exe (PID: 1096)

    • Reads the computer name

      • EDownloader.exe (PID: 1512)
      • InfoForSetup.exe (PID: 2512)
      • AliyunWrapExe.exe (PID: 1096)

    • Checks proxy server information

      • AliyunWrapExe.exe (PID: 1096)
      • EDownloader.exe (PID: 1512)
      • slui.exe (PID: 4232)

    • Creates files or folders in the user directory

      • AliyunWrapExe.exe (PID: 1096)

    • Reads the software policy settings

      • slui.exe (PID: 4232)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:01:30 03:57:48+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 186368
UninitializedDataSize: 2048
EntryPoint: 0x338f
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
148
Monitored processes
13
Malicious processes
2
Suspicious processes
2

Behavior graph

Click at the process to see the details
start drw_fr_installer.17416064336923b32488.exe edownloader.exe infoforsetup.exe no specs infoforsetup.exe no specs aliyunwrapexe.exe infoforsetup.exe no specs infoforsetup.exe no specs infoforsetup.exe no specs infoforsetup.exe no specs slui.exe infoforsetup.exe no specs infoforsetup.exe no specs drw_fr_installer.17416064336923b32488.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
684 /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"3\",\"Errorinfo\":\"0\",\"PostURL\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/?exeNumber=17416064336923b32488&lang=English&pcVersion=home&pid=2&tid=1&version=free\",\"ResponseJson\":\"{\\"check\\":1,\\"msg\\":\\"\\u6210\\u529f\\",\\"data\\":{\\"pid\\":\\"2\\",\\"download\\":\\"https:\\/\\/d1.easeus.com\\/drw\\/free\\/drw19.4.0.0_free.exe\\",\\"download2\\":\\"https:\\/\\/d2.easeus.com\\/drw\\/free\\/drw19.4.0.0_free.exe\\",\\"download3\\":\\"https:\\/\\/d3.easeus.com\\/drw\\/free\\/drw19.4.0.0_free.exe\\",\\"version\\":\\"free\\",\\"curNum\\":\\"19.6.0.0\\",\\"testid\\":\\"FR19600_2025623AB2-05161\\",\\"url\\":[],\\"md5\\":\\"B832922D90306AE01BEDFD02B5F8280F\\",\\"tj_download\\":\\"test\\",\\"referNumber\\":\\"1000000\\",\\"killSwitch\\":\\"true\\",\\"WriteLogSwitch\\":\\"false\\",\\"configid\\":\\"\\",\\"name\\":\\"drw_free_a\\"},\\"time\\":1751996939}\",\"Result\":\"Success\"}"C:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeEDownloader.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\downloader_easeus\2.0.0\2free\aliyun\infoforsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
1096C:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.ExeC:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe
InfoForSetup.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\appdata\local\temp\downloader_easeus\2.0.0\2free\aliyun\aliyunwrapexe.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\rpcrt4.dll
1128 /SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"0.00B\",\"Cdn\":\"https://d1.easeus.com/drw/free/drw19.4.0.0_free.exe\",\"Elapsedtime\":\"127\",\"Errorinfo\":\"328\",\"Result\":\"Failed\"}"C:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeEDownloader.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\downloader_easeus\2.0.0\2free\aliyun\infoforsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
1392 /SendInfo Window "Home_Installer" Activity "Click_Install" Attribute "{\"Country\":\"United States\",\"Install_Path\":\"C:/Program Files/EaseUS/EaseUS Data Recovery Wizard\",\"Language\":\"English\",\"Os\":\"Microsoft Windows 10\",\"Pageid\":\"17416064336923b32488\",\"Timezone\":\"GMT-00:00\"}"C:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeEDownloader.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\downloader_easeus\2.0.0\2free\aliyun\infoforsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
1512"C:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe" EXEDIR=C:\Users\admin\Desktop ||| EXENAME=drw_fr_installer.17416064336923b32488.exe ||| DOWNLOAD_VERSION=free ||| PRODUCT_VERSION=2.0.0 ||| INSTALL_TYPE=0C:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe
drw_fr_installer.17416064336923b32488.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\appdata\local\temp\downloader_easeus\2.0.0\2free\edownloader.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2512 /Uid "S-1-5-21-1693682860-607145093-2874071422-1001"C:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeEDownloader.exe
User:
admin
Integrity Level:
HIGH
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\downloader_easeus\2.0.0\2free\aliyun\infoforsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
2612 /SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"United States\",\"Pageid\":\"17416064336923b32488\",\"Timezone\":\"GMT-00:00\"}"C:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeEDownloader.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\downloader_easeus\2.0.0\2free\aliyun\infoforsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
3780"C:\Users\admin\Desktop\drw_fr_installer.17416064336923b32488.exe" C:\Users\admin\Desktop\drw_fr_installer.17416064336923b32488.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\drw_fr_installer.17416064336923b32488.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
4232C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
4820 /SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"0.00B\",\"Cdn\":\"https://d2.easeus.com/drw/free/drw19.4.0.0_free.exe\",\"Elapsedtime\":\"150\",\"Errorinfo\":\"256\",\"Result\":\"Failed\"}"C:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeEDownloader.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\appdata\local\temp\downloader_easeus\2.0.0\2free\aliyun\infoforsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
Total events
5 855
Read events
5 848
Write events
7
Delete events
0

Modification events

(PID) Process:(1096) AliyunWrapExe.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1096) AliyunWrapExe.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1096) AliyunWrapExe.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1512) EDownloader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EASEUS_DOWNLOADER
Operation:writeName:test_version_name
Value:
drw_free_a
(PID) Process:(1512) EDownloader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1512) EDownloader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1512) EDownloader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
47
Suspicious files
3
Text files
29
Unknown types
0

Dropped files

PID
Process
Filename
Type
3780drw_fr_installer.17416064336923b32488.exeC:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\skin.zipcompressed
MD5:5640294CD03BF7F6491CFF398827A854
SHA256:BF227CEA0494AE6DC777B8342A473449EE5479E5169C3112AD94CCDBA3B861AA
3780drw_fr_installer.17416064336923b32488.exeC:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeexecutable
MD5:DC0658CD11A1475603E8581BC2156723
SHA256:05E8C9DC10E5086032ECBFBB9E93BD9004DCD525593631E0C41C7B4D5A7519A4
3780drw_fr_installer.17416064336923b32488.exeC:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\German.initext
MD5:DECAA2CBBACCAE2A64C588243FBD6435
SHA256:4FFD51F20C76EE5D6CBAF16EA2AB9D0A0B0491E710C42D548724D5B5AAF3D55F
3780drw_fr_installer.17416064336923b32488.exeC:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Chinese.initext
MD5:FD6CA501ED9A613A5094EB4C92C1A847
SHA256:4637C9C3FF511C3F15CB482C5A3EE42A3237D26AD002B2FCC3FF467E7A10B99F
3780drw_fr_installer.17416064336923b32488.exeC:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Danish.initext
MD5:EB6CB6A1EA028CAC7AE61DADC568C2F9
SHA256:4524116093969EE206FA4F04D84346349ED551B4D7B87D4206E9A12D32AF5D61
3780drw_fr_installer.17416064336923b32488.exeC:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Arabic.initext
MD5:B334764EB0A1069F6BA04C8E1F088CD0
SHA256:D9A87257F203A80489756B8B31628FFF8D10AAB229D20A637A083059233DC54C
3780drw_fr_installer.17416064336923b32488.exeC:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Malay.initext
MD5:534A5DFA634D7B7DF7A581D4E1D08F78
SHA256:984E71C01CB1C2DFB260AE1C0F764F6BDF91E4F523F5DC4161B3D19456993CBB
3780drw_fr_installer.17416064336923b32488.exeC:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Mungarian.initext
MD5:35331ED66C059568C54865EF7D41087C
SHA256:F55A35E6D3CCC944D4C264E34244A127BCE54079621CAB25D9E8E53CC1F9AC07
3780drw_fr_installer.17416064336923b32488.exeC:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Norwegian.initext
MD5:74F6E38B2B7AC3893B1AB6C092B854D1
SHA256:9692FECB48E8745F26C235C8925F106E56E862CD1B7B8CA8C84B8CB751B7A748
3780drw_fr_installer.17416064336923b32488.exeC:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Portuguese.initext
MD5:7DA92400736262F4E3032DC4B977AB39
SHA256:E22707B2E0E21C3DF87F7F85EDA9A3E76F98BDB76EDD3ED07CD19DBFA2CDC967
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
49
TCP/UDP connections
59
DNS requests
25
Threats
10

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5944
MoUsoCoreWorker.exe
GET
200
2.18.121.139:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
2.18.121.139:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1164
RUXIMICS.exe
GET
200
2.18.121.139:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1164
RUXIMICS.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1096
AliyunWrapExe.exe
POST
200
47.252.97.12:80
http://easeusinfo.us-east-1.log.aliyuncs.com/logstores/logstore_drw_ip/shards/lb
unknown
unknown
1096
AliyunWrapExe.exe
GET
200
8.218.236.152:80
http://track.easeus.com/product/index.php?c=main&a=getstatus&pid=2
unknown
unknown
1096
AliyunWrapExe.exe
POST
200
47.252.97.12:80
http://easeusinfo.us-east-1.log.aliyuncs.com/logstores/logstore_drw_ip/shards/lb
unknown
unknown
1512
EDownloader.exe
POST
200
18.172.112.123:80
http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1268
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5944
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1164
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
5944
MoUsoCoreWorker.exe
2.18.121.139:80
crl.microsoft.com
AKAMAI-AS
FR
whitelisted
1268
svchost.exe
2.18.121.139:80
crl.microsoft.com
AKAMAI-AS
FR
whitelisted
1164
RUXIMICS.exe
2.18.121.139:80
crl.microsoft.com
AKAMAI-AS
FR
whitelisted
1268
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5944
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 40.127.240.158
whitelisted
google.com
  • 142.250.185.142
whitelisted
crl.microsoft.com
  • 2.18.121.139
  • 2.18.121.147
  • 23.216.77.33
  • 23.216.77.21
  • 23.216.77.37
  • 23.216.77.36
  • 23.216.77.25
  • 23.216.77.6
  • 23.216.77.42
  • 23.216.77.4
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
track.easeus.com
  • 8.218.236.152
unknown
easeusinfo.us-east-1.log.aliyuncs.com
  • 47.252.97.12
  • 47.252.97.15
  • 47.252.97.9
  • 47.252.97.13
  • 47.252.97.212
  • 47.252.97.11
  • 47.252.97.10
  • 47.252.97.14
  • 47.252.97.8
unknown
download.easeus.com
  • 18.172.112.123
  • 18.172.112.32
  • 18.172.112.107
  • 18.172.112.26
unknown
d1.easeus.com
  • 18.66.112.6
  • 18.66.112.38
  • 18.66.112.125
  • 18.66.112.111
unknown
login.live.com
  • 20.190.160.130
  • 40.126.32.140
  • 40.126.32.72
  • 40.126.32.136
  • 20.190.160.64
  • 40.126.32.76
  • 20.190.160.3
  • 40.126.32.68
whitelisted
nexusrules.officeapps.live.com
  • 52.111.243.30
whitelisted

Threats

PID
Process
Class
Message
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
2200
svchost.exe
Misc activity
ET INFO DNS Query to Alibaba Cloud CDN Domain (aliyuncs .com)
1096
AliyunWrapExe.exe
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
1096
AliyunWrapExe.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Gexin Installer POST Request
1096
AliyunWrapExe.exe
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
1096
AliyunWrapExe.exe
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
1096
AliyunWrapExe.exe
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
1096
AliyunWrapExe.exe
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
2200
svchost.exe
Misc activity
ET INFO DNS Query to Alibaba Cloud CDN Domain (aliyuncs .com)
1096
AliyunWrapExe.exe
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
Process
Message
EDownloader.exe
[6940]-17:48:55:288 ParseCmdLine param=EXEDIR=C:\Users\admin\Desktop ||| EXENAME=drw_fr_installer.17416064336923b32488.exe ||| DOWNLOAD_VERSION=free ||| PRODUCT_VERSION=2.0.0 ||| INSTALL_TYPE=0
EDownloader.exe
[6940]-17:48:55:319 Install recomand return=259
EDownloader.exe
[6940]-17:48:55:569 Install recomand return=259
AliyunWrapExe.exe
PostLogResult->statusCode=
AliyunWrapExe.exe
200
AliyunWrapExe.exe
AliyunWrapExe.exe
PostLogResult->requestID=
AliyunWrapExe.exe
x-log-requestid: 686D5A09965399948ADDDEBA
AliyunWrapExe.exe
EDownloader.exe
[6940]-17:48:57:882 Install recomand return=259
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
drw_fr_installer.17416064336923b32488.exe