File name:

SeagateToolkit.exe

Full analysis: https://app.any.run/tasks/50a43f29-9b58-42f7-abdd-0d6f9f6f4041
Verdict: Malicious activity
Analysis date: April 25, 2025, 15:35:56
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

BC6E60534E7BB6890D9448DADA315385

SHA1:

1342118DB5B288A9090DAD4D669827D23D178E18

SHA256:

C992FBE0C5B21F1ABF0A6840260CBD87BD69EA75078F2585D9DFB8F3C93122E7

SSDEEP:

98304:KRlhIGjwckJnX12HEfyoY1DiKoV8MfU0oYbnrr2zfJv2TXNZrtq6e0/ww0ce/Un0:a1D

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • SeagateToolkit.exe (PID: 2140)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • SeagateToolkit.exe (PID: 2140)
      • Upgrader.exe (PID: 668)
      • ServiceControl.exe (PID: 5600)
      • ServiceControl.exe (PID: 7036)

    • Searches for installed software

      • SeagateToolkit.exe (PID: 2140)
      • Upgrader.exe (PID: 668)

    • Executable content was dropped or overwritten

      • SeagateToolkit.exe (PID: 2140)
      • 7za.exe (PID: 864)

    • There is functionality for taking screenshot (YARA)

      • SeagateToolkit.exe (PID: 2140)

    • Drops 7-zip archiver for unpacking

      • SeagateToolkit.exe (PID: 2140)
      • 7za.exe (PID: 864)

    • The process creates files with name similar to system file names

      • 7za.exe (PID: 864)
      • SeagateToolkit.exe (PID: 2140)

    • Process drops legitimate windows executable

      • 7za.exe (PID: 864)
      • SeagateToolkit.exe (PID: 2140)

    • Creates a software uninstall entry

      • SeagateToolkit.exe (PID: 2140)
      • Upgrader.exe (PID: 668)

    • Executes as Windows Service

      • ToolkitService.exe (PID: 680)

    • Creates a new Windows service

      • sc.exe (PID: 4528)

    • Uses WMIC.EXE to obtain Windows Installer data

      • cmd.exe (PID: 968)

    • Starts CMD.EXE for commands execution

      • Toolkit.exe (PID: 3020)

    • Windows service management via SC.EXE

      • sc.exe (PID: 5956)

  • INFO

    • Creates files or folders in the user directory

      • SeagateToolkit.exe (PID: 2140)
      • 7za.exe (PID: 864)
      • Upgrader.exe (PID: 668)

    • The sample compiled with english language support

      • SeagateToolkit.exe (PID: 2140)
      • 7za.exe (PID: 864)
      • msedge.exe (PID: 7592)

    • Checks supported languages

      • SeagateToolkit.exe (PID: 2140)
      • 7za.exe (PID: 864)
      • Upgrader.exe (PID: 668)
      • ServiceControl.exe (PID: 7036)
      • ServiceControl.exe (PID: 5600)
      • ToolkitService.exe (PID: 680)

    • Checks proxy server information

      • SeagateToolkit.exe (PID: 2140)

    • Reads the software policy settings

      • SeagateToolkit.exe (PID: 2140)

    • Reads the computer name

      • SeagateToolkit.exe (PID: 2140)
      • 7za.exe (PID: 864)
      • Upgrader.exe (PID: 668)
      • ServiceControl.exe (PID: 7036)
      • ServiceControl.exe (PID: 5600)
      • ToolkitService.exe (PID: 680)

    • Process checks computer location settings

      • SeagateToolkit.exe (PID: 2140)
      • Upgrader.exe (PID: 668)
      • ServiceControl.exe (PID: 5600)
      • ServiceControl.exe (PID: 7036)

    • Reads the machine GUID from the registry

      • SeagateToolkit.exe (PID: 2140)
      • Upgrader.exe (PID: 668)
      • ServiceControl.exe (PID: 7036)
      • ServiceControl.exe (PID: 5600)
      • ToolkitService.exe (PID: 680)

    • Creates files in the program directory

      • SeagateToolkit.exe (PID: 2140)
      • Upgrader.exe (PID: 668)

    • Application launched itself

      • msedge.exe (PID: 5332)
      • msedge.exe (PID: 7952)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 7592)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (3.6)
.exe | Generic Win/DOS Executable (1.6)
.exe | DOS Executable Generic (1.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:03:11 21:10:57+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.39
CodeSize: 1756160
InitializedDataSize: 3142656
UninitializedDataSize: -
EntryPoint: 0x16cd3b
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 2.31.0.16
ProductVersionNumber: 2.31.0.16
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Seagate
FileDescription: Installer
FileVersion: 2.31.0.16
InternalName: Installer.exe
LegalCopyright: Copyright (c) 2025 Seagate Technology LLC
OriginalFileName: Installer.exe
ProductName: Toolkit
ProductVersion: 2.31.0.16
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
230
Monitored processes
91
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start seagatetoolkit.exe sppextcomobj.exe no specs slui.exe 7za.exe conhost.exe no specs upgrader.exe no specs servicecontrol.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs servicecontrol.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs toolkitservice.exe toolkit.exe cmd.exe no specs conhost.exe no specs wmic.exe no specs getcontrollers.exe no specs conhost.exe no specs 7za.exe no specs conhost.exe no specs slui.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs seagatetoolkit.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
668"C:\Program Files (x86)\Toolkit\Upgrader.exe" 0 856 "04/25/2025 15:36:02" SeagateC:\Program Files (x86)\Toolkit\Upgrader.exeSeagateToolkit.exe
User:
admin
Company:
Seagate Technology LLC
Integrity Level:
HIGH
Description:
Toolkit
Exit code:
0
Version:
2.31.0.59
Modules
Images
c:\program files (x86)\toolkit\upgrader.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
668"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2684 --field-trial-handle=2032,i,14141712885054087959,15675412846042844470,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
680"C:\Program Files (x86)\Toolkit\Service\ToolkitService.exe"C:\Program Files (x86)\Toolkit\Service\ToolkitService.exe
services.exe
User:
SYSTEM
Integrity Level:
SYSTEM
Description:
ToolkitService
Version:
1.0.0.2
Modules
Images
c:\program files (x86)\toolkit\service\toolkitservice.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
812"C:\Program Files (x86)\Toolkit\Service\GetControllers.exe"C:\Program Files (x86)\Toolkit\Service\GetControllers.exeToolkitService.exe
User:
SYSTEM
Integrity Level:
SYSTEM
Description:
GetControllers
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\program files (x86)\toolkit\service\getcontrollers.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
864"C:\Users\admin\AppData\Roaming\Toolkit\Temp\7za.exe" x "C:\Users\admin\AppData\Roaming\Toolkit\Temp\Toolkit_2.31.0.59.zip" -aoaC:\Users\admin\AppData\Roaming\Toolkit\Temp\7za.exe
SeagateToolkit.exe
User:
admin
Company:
Igor Pavlov
Integrity Level:
HIGH
Description:
7-Zip Standalone Console
Exit code:
0
Version:
21.07
Modules
Images
c:\users\admin\appdata\roaming\toolkit\temp\7za.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
968\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeServiceControl.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
968"cmd.exe"C:\Windows\SysWOW64\cmd.exeToolkit.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
1132"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4136 --field-trial-handle=2032,i,14141712885054087959,15675412846042844470,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1348\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exesc.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1512"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5056 --field-trial-handle=2212,i,2039540975593860576,14711930985775315894,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
13 977
Read events
13 897
Write events
80
Delete events
0

Modification events

(PID) Process:(2140) SeagateToolkit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
Operation:writeName:Roboto-Regular (TrueType)
Value:
Roboto-Regular.ttf
(PID) Process:(2140) SeagateToolkit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Toolkit
Operation:writeName:DisplayName
Value:
Toolkit
(PID) Process:(2140) SeagateToolkit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Toolkit
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\Toolkit
(PID) Process:(2140) SeagateToolkit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Toolkit
Operation:writeName:Publisher
Value:
Seagate
(PID) Process:(2140) SeagateToolkit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Toolkit
Operation:writeName:From
Value:
Seagate
(PID) Process:(2140) SeagateToolkit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Toolkit
Operation:writeName:HelpLink
Value:
https://www.seagate.com
(PID) Process:(2140) SeagateToolkit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Toolkit
Operation:writeName:DisplayVersion
Value:
2.31.0.59
(PID) Process:(2140) SeagateToolkit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Toolkit
Operation:writeName:UninstallString
Value:
"C:\Program Files (x86)\Toolkit\uninstaller.exe"
(PID) Process:(2140) SeagateToolkit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Toolkit
Operation:writeName:DisplayIcon
Value:
"C:\Program Files (x86)\Toolkit\uninstaller.exe"
(PID) Process:(2140) SeagateToolkit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Toolkit
Operation:writeName:NoModify
Value:
1
Executable files
129
Suspicious files
410
Text files
1 340
Unknown types
1

Dropped files

PID
Process
Filename
Type
8647za.exeC:\Users\admin\AppData\Roaming\Toolkit\Temp\Toolkit_2.31.0.59\CommonUtils.dllexecutable
MD5:F55E654FEB5F8545E8631AEB7297CA51
SHA256:3963FFB662B0CB1D438E3A735FEFA9A16A422EAA1DDBA69BD226A7D2D57BAB75
2140SeagateToolkit.exeC:\Users\admin\AppData\Roaming\Toolkit\Temp\7za.exeexecutable
MD5:DFD1CF824C781069DEF1D239A626D43E
SHA256:31FD52F8996986623CF52C3B4D0F7AC74A9DEC63FC16C902CEF673EED550C435
2140SeagateToolkit.exeC:\Users\admin\AppData\Roaming\Toolkit\Temp\Toolkit_2.31.0.59.zipcompressed
MD5:C7E3639D60ED0C889599869510523037
SHA256:9603A190960262DFECAFEDF1AFF5AE9FC2ED457091A2492A3E1D793004D1185B
8647za.exeC:\Users\admin\AppData\Roaming\Toolkit\Temp\Toolkit_2.31.0.59\BouncyCastle.Crypto.dllexecutable
MD5:766A3AC6AFF09F3650F408446553A346
SHA256:0E70A3F73F747B4CA3D64015E82C5B74D23C71B92A673CB044D27CE8A6D2CA05
8647za.exeC:\Users\admin\AppData\Roaming\Toolkit\Temp\Toolkit_2.31.0.59\DeviceManage.dllexecutable
MD5:C108C2A075596890526CEAEC57451CB1
SHA256:AD16D13BA891D8587C2C44F0A0EF87B3C41BABC8A78C8B799086947AEBF0322D
8647za.exeC:\Users\admin\AppData\Roaming\Toolkit\Temp\Toolkit_2.31.0.59\AlphaFS.dllexecutable
MD5:8FF9B5C01C39E987835195124C0BC92B
SHA256:C5A02C0EB57D2E0CF6641094B66B055603D92E952FBA19A9805DB77CDE0483F3
2140SeagateToolkit.exeC:\Users\admin\AppData\Roaming\Toolkit\Log\Install.logtext
MD5:B58CD02CA5AD6497F8AF83451964AF79
SHA256:46C597A05B6FF1C9609836D7190482E007F52A2F0FC647A7F184880EFD0D91B0
2140SeagateToolkit.exeC:\Users\admin\AppData\Roaming\Toolkit\Temp\server.initext
MD5:556DE13B2E00BFA7B2DFA90006C6D871
SHA256:18E6E5D80EE2F1C7E21E953E4F181C4334E524F3FFF344C9E06444D861E5216C
8647za.exeC:\Users\admin\AppData\Roaming\Toolkit\Temp\Toolkit_2.31.0.59\7za.exeexecutable
MD5:1478DA9DDC92CE24551F03D78752756C
SHA256:C23A821B33E68ED64FF1A2498F066CC24FA95BB76CB5A59227BC044F55D35A82
2140SeagateToolkit.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\02460F0C5E46824211DA37830EBE26EFbinary
MD5:0D4F778C17B4DDA0F9BDE4B9D1DC9E07
SHA256:471B04782B9958D95F6455D3819E74B8F4D5757F90EA27ECA01BBFBAABE72B56
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
33
TCP/UDP connections
111
DNS requests
129
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.53.40.176:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2140
SeagateToolkit.exe
GET
200
172.64.149.23:80
http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEQCtjS32RoGg02RH6qlPonPB
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2140
SeagateToolkit.exe
GET
200
18.244.18.92:80
http://crls.ssl.com/SSL.com-TLS-T-ECC-R2.crl
unknown
whitelisted
2772
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6544
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2772
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7180
svchost.exe
HEAD
200
23.50.131.74:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/5d32607d-eea9-44fc-ac55-77800b9862a5?P1=1746053293&P2=404&P3=2&P4=h4i%2fR8hhSurzKMnomDM3peNhGC5EXkmO5aBXMfL7TznRr9btp1KBdPgDXfdHnZ4n5S8Oyj2KPW75oyqD%2fSgkwQ%3d%3d
unknown
whitelisted
7180
svchost.exe
GET
206
23.50.131.74:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/5d32607d-eea9-44fc-ac55-77800b9862a5?P1=1746053293&P2=404&P3=2&P4=h4i%2fR8hhSurzKMnomDM3peNhGC5EXkmO5aBXMfL7TznRr9btp1KBdPgDXfdHnZ4n5S8Oyj2KPW75oyqD%2fSgkwQ%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
23.53.40.176:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5496
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
2140
SeagateToolkit.exe
172.64.145.31:443
www.seagate.com
CLOUDFLARENET
US
whitelisted
2140
SeagateToolkit.exe
172.64.149.23:80
ocsp.comodoca.com
CLOUDFLARENET
US
whitelisted
2140
SeagateToolkit.exe
18.244.18.92:80
crls.ssl.com
US
whitelisted
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 23.53.40.176
  • 23.53.40.178
whitelisted
google.com
  • 142.250.185.238
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
www.seagate.com
  • 172.64.145.31
  • 104.18.42.225
whitelisted
ocsp.comodoca.com
  • 172.64.149.23
  • 104.18.38.233
whitelisted
crls.ssl.com
  • 18.244.18.92
  • 18.244.18.60
  • 18.244.18.54
  • 18.244.18.55
whitelisted
client.wns.windows.com
  • 172.211.123.248
  • 172.211.123.250
whitelisted
login.live.com
  • 20.190.159.64
  • 20.190.159.130
  • 40.126.31.69
  • 40.126.31.73
  • 20.190.159.68
  • 40.126.31.3
  • 40.126.31.128
  • 20.190.159.0
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted

Threats

No threats detected
Process
Message
ToolkitService.exe
20250425 15:36:44 478|E|8|ToolkitService|Reload ToolkitService Log, Path = C:\Users\admin\AppData\Roaming\Toolkit\Log
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SeagateToolkit.exe