File name:

drw_fr_installer.17416064336923b32488.exe

Full analysis: https://app.any.run/tasks/cda692ca-c50d-4f90-8bce-ac1bf9712da5
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: July 08, 2025, 17:48:45
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
adware
gexin
installer
loader
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

BCCBB13D0F69C0BB9556EC28D2972EC8

SHA1:

452BC02CAD78F057562E6A7413ABDB25A1F88DAF

SHA256:

56FF9AF01A9333CE7605E021E34C87B964885BEE74BBF00E2B92F3327D154B2F

SSDEEP:

98304:FR62l82ZJBM7TQfycwA3bjJD8sBAIzXiN00f6gwmQznz2ALjfZkxjLelce0k0esL:6mKyuL

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • GEXIN has been detected (SURICATA)

      • AliyunWrapExe.exe (PID: 1096)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • drw_fr_installer.17416064336923b32488.exe (PID: 3780)

    • Process drops legitimate windows executable

      • drw_fr_installer.17416064336923b32488.exe (PID: 3780)

    • The process drops C-runtime libraries

      • drw_fr_installer.17416064336923b32488.exe (PID: 3780)

    • Reads Microsoft Outlook installation path

      • EDownloader.exe (PID: 1512)

    • Reads Internet Explorer settings

      • EDownloader.exe (PID: 1512)

    • Reads security settings of Internet Explorer

      • AliyunWrapExe.exe (PID: 1096)
      • EDownloader.exe (PID: 1512)

    • Access to an unwanted program domain was detected

      • AliyunWrapExe.exe (PID: 1096)

  • INFO

    • Checks supported languages

      • drw_fr_installer.17416064336923b32488.exe (PID: 3780)
      • EDownloader.exe (PID: 1512)
      • InfoForSetup.exe (PID: 2512)
      • InfoForSetup.exe (PID: 2612)
      • AliyunWrapExe.exe (PID: 1096)
      • InfoForSetup.exe (PID: 5116)
      • InfoForSetup.exe (PID: 5456)
      • InfoForSetup.exe (PID: 684)
      • InfoForSetup.exe (PID: 1128)
      • InfoForSetup.exe (PID: 4820)
      • InfoForSetup.exe (PID: 1392)

    • Create files in a temporary directory

      • drw_fr_installer.17416064336923b32488.exe (PID: 3780)
      • EDownloader.exe (PID: 1512)
      • AliyunWrapExe.exe (PID: 1096)
      • InfoForSetup.exe (PID: 2612)

    • The sample compiled with english language support

      • drw_fr_installer.17416064336923b32488.exe (PID: 3780)

    • Reads the computer name

      • InfoForSetup.exe (PID: 2512)
      • EDownloader.exe (PID: 1512)
      • AliyunWrapExe.exe (PID: 1096)

    • Creates files or folders in the user directory

      • AliyunWrapExe.exe (PID: 1096)

    • Checks proxy server information

      • AliyunWrapExe.exe (PID: 1096)
      • EDownloader.exe (PID: 1512)
      • slui.exe (PID: 4232)

    • Reads the software policy settings

      • slui.exe (PID: 4232)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:01:30 03:57:48+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 186368
UninitializedDataSize: 2048
EntryPoint: 0x338f
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
148
Monitored processes
13
Malicious processes
2
Suspicious processes
2

Behavior graph

Click at the process to see the details
start drw_fr_installer.17416064336923b32488.exe edownloader.exe infoforsetup.exe no specs infoforsetup.exe no specs aliyunwrapexe.exe infoforsetup.exe no specs infoforsetup.exe no specs infoforsetup.exe no specs infoforsetup.exe no specs slui.exe infoforsetup.exe no specs infoforsetup.exe no specs drw_fr_installer.17416064336923b32488.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
684 /SendInfo Window "Home_Installer" Activity "Result_Download_Configurefile" Attribute "{\"CDN\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/\",\"Elapsed\":\"3\",\"Errorinfo\":\"0\",\"PostURL\":\"http://download.easeus.com/api2/index.php/Apicp/Drwdl202004/index/?exeNumber=17416064336923b32488&lang=English&pcVersion=home&pid=2&tid=1&version=free\",\"ResponseJson\":\"{\\"check\\":1,\\"msg\\":\\"\\u6210\\u529f\\",\\"data\\":{\\"pid\\":\\"2\\",\\"download\\":\\"https:\\/\\/d1.easeus.com\\/drw\\/free\\/drw19.4.0.0_free.exe\\",\\"download2\\":\\"https:\\/\\/d2.easeus.com\\/drw\\/free\\/drw19.4.0.0_free.exe\\",\\"download3\\":\\"https:\\/\\/d3.easeus.com\\/drw\\/free\\/drw19.4.0.0_free.exe\\",\\"version\\":\\"free\\",\\"curNum\\":\\"19.6.0.0\\",\\"testid\\":\\"FR19600_2025623AB2-05161\\",\\"url\\":[],\\"md5\\":\\"B832922D90306AE01BEDFD02B5F8280F\\",\\"tj_download\\":\\"test\\",\\"referNumber\\":\\"1000000\\",\\"killSwitch\\":\\"true\\",\\"WriteLogSwitch\\":\\"false\\",\\"configid\\":\\"\\",\\"name\\":\\"drw_free_a\\"},\\"time\\":1751996939}\",\"Result\":\"Success\"}"C:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeEDownloader.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\downloader_easeus\2.0.0\2free\aliyun\infoforsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
1096C:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.ExeC:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\AliyunWrapExe.exe
InfoForSetup.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\appdata\local\temp\downloader_easeus\2.0.0\2free\aliyun\aliyunwrapexe.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\rpcrt4.dll
1128 /SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"0.00B\",\"Cdn\":\"https://d1.easeus.com/drw/free/drw19.4.0.0_free.exe\",\"Elapsedtime\":\"127\",\"Errorinfo\":\"328\",\"Result\":\"Failed\"}"C:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeEDownloader.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\downloader_easeus\2.0.0\2free\aliyun\infoforsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
1392 /SendInfo Window "Home_Installer" Activity "Click_Install" Attribute "{\"Country\":\"United States\",\"Install_Path\":\"C:/Program Files/EaseUS/EaseUS Data Recovery Wizard\",\"Language\":\"English\",\"Os\":\"Microsoft Windows 10\",\"Pageid\":\"17416064336923b32488\",\"Timezone\":\"GMT-00:00\"}"C:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeEDownloader.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\downloader_easeus\2.0.0\2free\aliyun\infoforsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
1512"C:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe" EXEDIR=C:\Users\admin\Desktop ||| EXENAME=drw_fr_installer.17416064336923b32488.exe ||| DOWNLOAD_VERSION=free ||| PRODUCT_VERSION=2.0.0 ||| INSTALL_TYPE=0C:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exe
drw_fr_installer.17416064336923b32488.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\appdata\local\temp\downloader_easeus\2.0.0\2free\edownloader.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2512 /Uid "S-1-5-21-1693682860-607145093-2874071422-1001"C:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeEDownloader.exe
User:
admin
Integrity Level:
HIGH
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\downloader_easeus\2.0.0\2free\aliyun\infoforsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
2612 /SendInfo Window "Web_Installer" Activity "Result_Run_Installer" Attribute "{\"Country\":\"United States\",\"Pageid\":\"17416064336923b32488\",\"Timezone\":\"GMT-00:00\"}"C:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeEDownloader.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\downloader_easeus\2.0.0\2free\aliyun\infoforsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
3780"C:\Users\admin\Desktop\drw_fr_installer.17416064336923b32488.exe" C:\Users\admin\Desktop\drw_fr_installer.17416064336923b32488.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\drw_fr_installer.17416064336923b32488.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
4232C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
4820 /SendInfo Window "Downloading" Activity "Result_Download_Program" Attribute "{\"Average_Networkspeed\":\"0.00B\",\"Cdn\":\"https://d2.easeus.com/drw/free/drw19.4.0.0_free.exe\",\"Elapsedtime\":\"150\",\"Errorinfo\":\"256\",\"Result\":\"Failed\"}"C:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\aliyun\InfoForSetup.exeEDownloader.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\appdata\local\temp\downloader_easeus\2.0.0\2free\aliyun\infoforsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
Total events
5 855
Read events
5 848
Write events
7
Delete events
0

Modification events

(PID) Process:(1096) AliyunWrapExe.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1096) AliyunWrapExe.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1096) AliyunWrapExe.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1512) EDownloader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EASEUS_DOWNLOADER
Operation:writeName:test_version_name
Value:
drw_free_a
(PID) Process:(1512) EDownloader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1512) EDownloader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1512) EDownloader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
47
Suspicious files
3
Text files
29
Unknown types
0

Dropped files

PID
Process
Filename
Type
3780drw_fr_installer.17416064336923b32488.exeC:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Danish.initext
MD5:EB6CB6A1EA028CAC7AE61DADC568C2F9
SHA256:4524116093969EE206FA4F04D84346349ED551B4D7B87D4206E9A12D32AF5D61
3780drw_fr_installer.17416064336923b32488.exeC:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\InitConfigure.iniini
MD5:59585EE1CCA2648AD7A242CE5D531E00
SHA256:79D7D5F6552BDDED7A3A89AD5458A63DBE49AC0F6AD59FAE523648AFF5141D93
3780drw_fr_installer.17416064336923b32488.exeC:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\ChineseTrad.initext
MD5:FE7AD6D1DD07AEAFEECE921ECB23F3E7
SHA256:7EF907A793D9087AA804A688BDDDECF33A76011E4D820E7332533C070277507F
3780drw_fr_installer.17416064336923b32488.exeC:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Italian.initext
MD5:AF930A64DA61B99CB120C8A3222456EB
SHA256:1287CD9E6626EC2081379694A309578C1D83BCA25B2C621D1A5D4608CD7AF9BF
3780drw_fr_installer.17416064336923b32488.exeC:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Japanese.initext
MD5:76E3CFD74C8A8C99CCD461F17CBABD4D
SHA256:64EFC20036A6CAD10DDBDB014444C55B6DB93A481EE5FE84210DEB2377918BB8
3780drw_fr_installer.17416064336923b32488.exeC:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\French.initext
MD5:1737B0DE1DA74E1D45285479CE66E556
SHA256:201229433F78F5CB87A9357921F34CAA2820B2917FF572E82A57D31DB5774E46
3780drw_fr_installer.17416064336923b32488.exeC:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Portuguese.initext
MD5:7DA92400736262F4E3032DC4B977AB39
SHA256:E22707B2E0E21C3DF87F7F85EDA9A3E76F98BDB76EDD3ED07CD19DBFA2CDC967
3780drw_fr_installer.17416064336923b32488.exeC:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\EDownloader.exeexecutable
MD5:DC0658CD11A1475603E8581BC2156723
SHA256:05E8C9DC10E5086032ECBFBB9E93BD9004DCD525593631E0C41C7B4D5A7519A4
3780drw_fr_installer.17416064336923b32488.exeC:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Mungarian.initext
MD5:35331ED66C059568C54865EF7D41087C
SHA256:F55A35E6D3CCC944D4C264E34244A127BCE54079621CAB25D9E8E53CC1F9AC07
3780drw_fr_installer.17416064336923b32488.exeC:\Users\admin\AppData\Local\Temp\downloader_easeus\2.0.0\2free\Dutch.initext
MD5:E4E098A3E165FC5ECB4CB806B7E6E9D8
SHA256:3FE882930B7C5299290AE6C0C20AE065BD915984B381436B1C3D1D1CBFC67127
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
49
TCP/UDP connections
59
DNS requests
25
Threats
10

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5944
MoUsoCoreWorker.exe
GET
200
2.18.121.139:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1164
RUXIMICS.exe
GET
200
2.18.121.139:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
2.18.121.139:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1096
AliyunWrapExe.exe
GET
200
8.218.236.152:80
http://track.easeus.com/product/index.php?c=main&a=getstatus&pid=2
unknown
unknown
1096
AliyunWrapExe.exe
POST
200
47.252.97.12:80
http://easeusinfo.us-east-1.log.aliyuncs.com/logstores/logstore_drw_ip/shards/lb
unknown
unknown
1164
RUXIMICS.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
200
40.126.32.72:443
https://login.live.com/RST2.srf
unknown
xml
1.24 Kb
whitelisted
1096
AliyunWrapExe.exe
POST
200
47.252.97.12:80
http://easeusinfo.us-east-1.log.aliyuncs.com/logstores/logstore_drw_ip/shards/lb
unknown
unknown
1096
AliyunWrapExe.exe
POST
200
47.252.97.12:80
http://easeusinfo.us-east-1.log.aliyuncs.com/logstores/logstore_drw_ip/shards/lb
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1268
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5944
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1164
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
5944
MoUsoCoreWorker.exe
2.18.121.139:80
crl.microsoft.com
AKAMAI-AS
FR
whitelisted
1268
svchost.exe
2.18.121.139:80
crl.microsoft.com
AKAMAI-AS
FR
whitelisted
1164
RUXIMICS.exe
2.18.121.139:80
crl.microsoft.com
AKAMAI-AS
FR
whitelisted
1268
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5944
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 40.127.240.158
whitelisted
google.com
  • 142.250.185.142
whitelisted
crl.microsoft.com
  • 2.18.121.139
  • 2.18.121.147
  • 23.216.77.33
  • 23.216.77.21
  • 23.216.77.37
  • 23.216.77.36
  • 23.216.77.25
  • 23.216.77.6
  • 23.216.77.42
  • 23.216.77.4
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
track.easeus.com
  • 8.218.236.152
unknown
easeusinfo.us-east-1.log.aliyuncs.com
  • 47.252.97.12
  • 47.252.97.15
  • 47.252.97.9
  • 47.252.97.13
  • 47.252.97.212
  • 47.252.97.11
  • 47.252.97.10
  • 47.252.97.14
  • 47.252.97.8
unknown
download.easeus.com
  • 18.172.112.123
  • 18.172.112.32
  • 18.172.112.107
  • 18.172.112.26
unknown
d1.easeus.com
  • 18.66.112.6
  • 18.66.112.38
  • 18.66.112.125
  • 18.66.112.111
unknown
login.live.com
  • 20.190.160.130
  • 40.126.32.140
  • 40.126.32.72
  • 40.126.32.136
  • 20.190.160.64
  • 40.126.32.76
  • 20.190.160.3
  • 40.126.32.68
whitelisted
nexusrules.officeapps.live.com
  • 52.111.243.30
whitelisted

Threats

PID
Process
Class
Message
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
2200
svchost.exe
Misc activity
ET INFO DNS Query to Alibaba Cloud CDN Domain (aliyuncs .com)
1096
AliyunWrapExe.exe
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
1096
AliyunWrapExe.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Gexin Installer POST Request
1096
AliyunWrapExe.exe
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
1096
AliyunWrapExe.exe
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
1096
AliyunWrapExe.exe
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
1096
AliyunWrapExe.exe
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
2200
svchost.exe
Misc activity
ET INFO DNS Query to Alibaba Cloud CDN Domain (aliyuncs .com)
1096
AliyunWrapExe.exe
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
Process
Message
EDownloader.exe
[6940]-17:48:55:288 ParseCmdLine param=EXEDIR=C:\Users\admin\Desktop ||| EXENAME=drw_fr_installer.17416064336923b32488.exe ||| DOWNLOAD_VERSION=free ||| PRODUCT_VERSION=2.0.0 ||| INSTALL_TYPE=0
EDownloader.exe
[6940]-17:48:55:319 Install recomand return=259
EDownloader.exe
[6940]-17:48:55:569 Install recomand return=259
AliyunWrapExe.exe
PostLogResult->statusCode=
AliyunWrapExe.exe
200
AliyunWrapExe.exe
AliyunWrapExe.exe
PostLogResult->requestID=
AliyunWrapExe.exe
x-log-requestid: 686D5A09965399948ADDDEBA
AliyunWrapExe.exe
EDownloader.exe
[6940]-17:48:57:882 Install recomand return=259
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
drw_fr_installer.17416064336923b32488.exe