File name:

SeagateToolkit.exe

Full analysis: https://app.any.run/tasks/50a43f29-9b58-42f7-abdd-0d6f9f6f4041
Verdict: Malicious activity
Analysis date: April 25, 2025, 15:35:56
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

BC6E60534E7BB6890D9448DADA315385

SHA1:

1342118DB5B288A9090DAD4D669827D23D178E18

SHA256:

C992FBE0C5B21F1ABF0A6840260CBD87BD69EA75078F2585D9DFB8F3C93122E7

SSDEEP:

98304:KRlhIGjwckJnX12HEfyoY1DiKoV8MfU0oYbnrr2zfJv2TXNZrtq6e0/ww0ce/Un0:a1D

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • SeagateToolkit.exe (PID: 2140)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • SeagateToolkit.exe (PID: 2140)
      • Upgrader.exe (PID: 668)
      • ServiceControl.exe (PID: 7036)
      • ServiceControl.exe (PID: 5600)

    • Drops 7-zip archiver for unpacking

      • SeagateToolkit.exe (PID: 2140)
      • 7za.exe (PID: 864)

    • There is functionality for taking screenshot (YARA)

      • SeagateToolkit.exe (PID: 2140)

    • Searches for installed software

      • SeagateToolkit.exe (PID: 2140)
      • Upgrader.exe (PID: 668)

    • Executable content was dropped or overwritten

      • SeagateToolkit.exe (PID: 2140)
      • 7za.exe (PID: 864)

    • Process drops legitimate windows executable

      • 7za.exe (PID: 864)
      • SeagateToolkit.exe (PID: 2140)

    • The process creates files with name similar to system file names

      • 7za.exe (PID: 864)
      • SeagateToolkit.exe (PID: 2140)

    • Creates a software uninstall entry

      • SeagateToolkit.exe (PID: 2140)
      • Upgrader.exe (PID: 668)

    • Executes as Windows Service

      • ToolkitService.exe (PID: 680)

    • Creates a new Windows service

      • sc.exe (PID: 4528)

    • Starts CMD.EXE for commands execution

      • Toolkit.exe (PID: 3020)

    • Windows service management via SC.EXE

      • sc.exe (PID: 5956)

    • Uses WMIC.EXE to obtain Windows Installer data

      • cmd.exe (PID: 968)

  • INFO

    • The sample compiled with english language support

      • SeagateToolkit.exe (PID: 2140)
      • 7za.exe (PID: 864)
      • msedge.exe (PID: 7592)

    • Creates files or folders in the user directory

      • SeagateToolkit.exe (PID: 2140)
      • 7za.exe (PID: 864)
      • Upgrader.exe (PID: 668)

    • Reads the software policy settings

      • SeagateToolkit.exe (PID: 2140)

    • Reads the computer name

      • SeagateToolkit.exe (PID: 2140)
      • 7za.exe (PID: 864)
      • Upgrader.exe (PID: 668)
      • ServiceControl.exe (PID: 5600)
      • ToolkitService.exe (PID: 680)
      • ServiceControl.exe (PID: 7036)

    • Checks supported languages

      • SeagateToolkit.exe (PID: 2140)
      • 7za.exe (PID: 864)
      • Upgrader.exe (PID: 668)
      • ServiceControl.exe (PID: 5600)
      • ToolkitService.exe (PID: 680)
      • ServiceControl.exe (PID: 7036)

    • Checks proxy server information

      • SeagateToolkit.exe (PID: 2140)

    • Reads the machine GUID from the registry

      • SeagateToolkit.exe (PID: 2140)
      • Upgrader.exe (PID: 668)
      • ServiceControl.exe (PID: 7036)
      • ServiceControl.exe (PID: 5600)
      • ToolkitService.exe (PID: 680)

    • Process checks computer location settings

      • SeagateToolkit.exe (PID: 2140)
      • Upgrader.exe (PID: 668)
      • ServiceControl.exe (PID: 7036)
      • ServiceControl.exe (PID: 5600)

    • Creates files in the program directory

      • SeagateToolkit.exe (PID: 2140)
      • Upgrader.exe (PID: 668)

    • Application launched itself

      • msedge.exe (PID: 5332)
      • msedge.exe (PID: 7952)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 7592)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (3.6)
.exe | Generic Win/DOS Executable (1.6)
.exe | DOS Executable Generic (1.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:03:11 21:10:57+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.39
CodeSize: 1756160
InitializedDataSize: 3142656
UninitializedDataSize: -
EntryPoint: 0x16cd3b
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 2.31.0.16
ProductVersionNumber: 2.31.0.16
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Seagate
FileDescription: Installer
FileVersion: 2.31.0.16
InternalName: Installer.exe
LegalCopyright: Copyright (c) 2025 Seagate Technology LLC
OriginalFileName: Installer.exe
ProductName: Toolkit
ProductVersion: 2.31.0.16
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
230
Monitored processes
91
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start seagatetoolkit.exe sppextcomobj.exe no specs slui.exe 7za.exe conhost.exe no specs upgrader.exe no specs servicecontrol.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs servicecontrol.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs toolkitservice.exe toolkit.exe cmd.exe no specs conhost.exe no specs wmic.exe no specs getcontrollers.exe no specs conhost.exe no specs 7za.exe no specs conhost.exe no specs slui.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs seagatetoolkit.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
668"C:\Program Files (x86)\Toolkit\Upgrader.exe" 0 856 "04/25/2025 15:36:02" SeagateC:\Program Files (x86)\Toolkit\Upgrader.exeSeagateToolkit.exe
User:
admin
Company:
Seagate Technology LLC
Integrity Level:
HIGH
Description:
Toolkit
Exit code:
0
Version:
2.31.0.59
Modules
Images
c:\program files (x86)\toolkit\upgrader.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
668"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2684 --field-trial-handle=2032,i,14141712885054087959,15675412846042844470,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
680"C:\Program Files (x86)\Toolkit\Service\ToolkitService.exe"C:\Program Files (x86)\Toolkit\Service\ToolkitService.exe
services.exe
User:
SYSTEM
Integrity Level:
SYSTEM
Description:
ToolkitService
Version:
1.0.0.2
Modules
Images
c:\program files (x86)\toolkit\service\toolkitservice.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
812"C:\Program Files (x86)\Toolkit\Service\GetControllers.exe"C:\Program Files (x86)\Toolkit\Service\GetControllers.exeToolkitService.exe
User:
SYSTEM
Integrity Level:
SYSTEM
Description:
GetControllers
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\program files (x86)\toolkit\service\getcontrollers.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
864"C:\Users\admin\AppData\Roaming\Toolkit\Temp\7za.exe" x "C:\Users\admin\AppData\Roaming\Toolkit\Temp\Toolkit_2.31.0.59.zip" -aoaC:\Users\admin\AppData\Roaming\Toolkit\Temp\7za.exe
SeagateToolkit.exe
User:
admin
Company:
Igor Pavlov
Integrity Level:
HIGH
Description:
7-Zip Standalone Console
Exit code:
0
Version:
21.07
Modules
Images
c:\users\admin\appdata\roaming\toolkit\temp\7za.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
968\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeServiceControl.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
968"cmd.exe"C:\Windows\SysWOW64\cmd.exeToolkit.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
1132"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4136 --field-trial-handle=2032,i,14141712885054087959,15675412846042844470,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1348\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exesc.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1512"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5056 --field-trial-handle=2212,i,2039540975593860576,14711930985775315894,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
13 977
Read events
13 897
Write events
80
Delete events
0

Modification events

(PID) Process:(2140) SeagateToolkit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
Operation:writeName:Roboto-Regular (TrueType)
Value:
Roboto-Regular.ttf
(PID) Process:(2140) SeagateToolkit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Toolkit
Operation:writeName:DisplayName
Value:
Toolkit
(PID) Process:(2140) SeagateToolkit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Toolkit
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\Toolkit
(PID) Process:(2140) SeagateToolkit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Toolkit
Operation:writeName:Publisher
Value:
Seagate
(PID) Process:(2140) SeagateToolkit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Toolkit
Operation:writeName:From
Value:
Seagate
(PID) Process:(2140) SeagateToolkit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Toolkit
Operation:writeName:HelpLink
Value:
https://www.seagate.com
(PID) Process:(2140) SeagateToolkit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Toolkit
Operation:writeName:DisplayVersion
Value:
2.31.0.59
(PID) Process:(2140) SeagateToolkit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Toolkit
Operation:writeName:UninstallString
Value:
"C:\Program Files (x86)\Toolkit\uninstaller.exe"
(PID) Process:(2140) SeagateToolkit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Toolkit
Operation:writeName:DisplayIcon
Value:
"C:\Program Files (x86)\Toolkit\uninstaller.exe"
(PID) Process:(2140) SeagateToolkit.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Toolkit
Operation:writeName:NoModify
Value:
1
Executable files
129
Suspicious files
410
Text files
1 340
Unknown types
1

Dropped files

PID
Process
Filename
Type
8647za.exeC:\Users\admin\AppData\Roaming\Toolkit\Temp\Toolkit_2.31.0.59\FwUpdateDriverAPI.dllexecutable
MD5:909BF06CB505BF3A34607EFC4E97853B
SHA256:C7740D2F308544822EDAE4A98BC7AB296D45E62C89BC752F60B27155C2419DC5
8647za.exeC:\Users\admin\AppData\Roaming\Toolkit\Temp\Toolkit_2.31.0.59\CommonUtils.dllexecutable
MD5:F55E654FEB5F8545E8631AEB7297CA51
SHA256:3963FFB662B0CB1D438E3A735FEFA9A16A422EAA1DDBA69BD226A7D2D57BAB75
8647za.exeC:\Users\admin\AppData\Roaming\Toolkit\Temp\Toolkit_2.31.0.59\AlphaFS.dllexecutable
MD5:8FF9B5C01C39E987835195124C0BC92B
SHA256:C5A02C0EB57D2E0CF6641094B66B055603D92E952FBA19A9805DB77CDE0483F3
8647za.exeC:\Users\admin\AppData\Roaming\Toolkit\Temp\Toolkit_2.31.0.59\7za.exeexecutable
MD5:1478DA9DDC92CE24551F03D78752756C
SHA256:C23A821B33E68ED64FF1A2498F066CC24FA95BB76CB5A59227BC044F55D35A82
2140SeagateToolkit.exeC:\Users\admin\AppData\Roaming\Toolkit\Temp\Toolkit_2.31.0.59.zipcompressed
MD5:C7E3639D60ED0C889599869510523037
SHA256:9603A190960262DFECAFEDF1AFF5AE9FC2ED457091A2492A3E1D793004D1185B
2140SeagateToolkit.exeC:\Users\admin\AppData\Roaming\Toolkit\Temp\server.initext
MD5:556DE13B2E00BFA7B2DFA90006C6D871
SHA256:18E6E5D80EE2F1C7E21E953E4F181C4334E524F3FFF344C9E06444D861E5216C
8647za.exeC:\Users\admin\AppData\Roaming\Toolkit\Temp\Toolkit_2.31.0.59\FwUpdateAPI.dllexecutable
MD5:C9DBA67D35CFCC443FAA893D857026E7
SHA256:B33D51CC803ED2A3A5F9D0735CD71C8B989FEBADE02BC16761D5A629CC104857
8647za.exeC:\Users\admin\AppData\Roaming\Toolkit\Temp\Toolkit_2.31.0.59\BouncyCastle.Crypto.dllexecutable
MD5:766A3AC6AFF09F3650F408446553A346
SHA256:0E70A3F73F747B4CA3D64015E82C5B74D23C71B92A673CB044D27CE8A6D2CA05
2140SeagateToolkit.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_0E7D957F8CAC4DE448BF5D34E62E9B04binary
MD5:C5CC2C4F5BAE532DFB04A8C110D375A8
SHA256:5CF87CB86A971E4F46F0BE38C13DA964887FA5882FA103317E217487D9C0BC8F
2140SeagateToolkit.exeC:\Users\admin\AppData\Roaming\Toolkit\Temp\7za.exeexecutable
MD5:DFD1CF824C781069DEF1D239A626D43E
SHA256:31FD52F8996986623CF52C3B4D0F7AC74A9DEC63FC16C902CEF673EED550C435
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
33
TCP/UDP connections
111
DNS requests
129
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.53.40.176:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2140
SeagateToolkit.exe
GET
200
172.64.149.23:80
http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEQCtjS32RoGg02RH6qlPonPB
unknown
whitelisted
2140
SeagateToolkit.exe
GET
200
18.244.18.92:80
http://crls.ssl.com/SSL.com-TLS-T-ECC-R2.crl
unknown
whitelisted
2772
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6544
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2772
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7180
svchost.exe
HEAD
200
23.50.131.74:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/5d32607d-eea9-44fc-ac55-77800b9862a5?P1=1746053293&P2=404&P3=2&P4=h4i%2fR8hhSurzKMnomDM3peNhGC5EXkmO5aBXMfL7TznRr9btp1KBdPgDXfdHnZ4n5S8Oyj2KPW75oyqD%2fSgkwQ%3d%3d
unknown
whitelisted
7180
svchost.exe
GET
206
23.50.131.74:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/5d32607d-eea9-44fc-ac55-77800b9862a5?P1=1746053293&P2=404&P3=2&P4=h4i%2fR8hhSurzKMnomDM3peNhGC5EXkmO5aBXMfL7TznRr9btp1KBdPgDXfdHnZ4n5S8Oyj2KPW75oyqD%2fSgkwQ%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
23.53.40.176:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5496
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
2140
SeagateToolkit.exe
172.64.145.31:443
www.seagate.com
CLOUDFLARENET
US
whitelisted
2140
SeagateToolkit.exe
172.64.149.23:80
ocsp.comodoca.com
CLOUDFLARENET
US
whitelisted
2140
SeagateToolkit.exe
18.244.18.92:80
crls.ssl.com
US
whitelisted
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 23.53.40.176
  • 23.53.40.178
whitelisted
google.com
  • 142.250.185.238
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
www.seagate.com
  • 172.64.145.31
  • 104.18.42.225
whitelisted
ocsp.comodoca.com
  • 172.64.149.23
  • 104.18.38.233
whitelisted
crls.ssl.com
  • 18.244.18.92
  • 18.244.18.60
  • 18.244.18.54
  • 18.244.18.55
whitelisted
client.wns.windows.com
  • 172.211.123.248
  • 172.211.123.250
whitelisted
login.live.com
  • 20.190.159.64
  • 20.190.159.130
  • 40.126.31.69
  • 40.126.31.73
  • 20.190.159.68
  • 40.126.31.3
  • 40.126.31.128
  • 20.190.159.0
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted

Threats

No threats detected
Process
Message
ToolkitService.exe
20250425 15:36:44 478|E|8|ToolkitService|Reload ToolkitService Log, Path = C:\Users\admin\AppData\Roaming\Toolkit\Log
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SeagateToolkit.exe