URL:

http://officecdn.microsoft.com.edgesuite.net/pr/wsus/setup.exe

Full analysis: https://app.any.run/tasks/fec2f376-cf38-4c3e-9416-d29619213109
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: September 17, 2018, 03:24:54
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MD5:

26F25BE6A87EECDD6F415D1C21F7E7C7

SHA1:

50F0B90B635303122EB285BF5107D867A2AE9044

SHA256:

16E5F3FB087254F9160C34844F5D7E79FAD0D112006EF6F2D52397B038CA985F

SSDEEP:

3:N1KRDQGAKyutQkCdaz90KWpVL4A:CyGAqd4aqzVL4A

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Downloads executable files from the Internet

      • iexplore.exe (PID: 3184)
      • chrome.exe (PID: 3828)

    • Loads dropped or rewritten executable

      • software_reporter_tool.exe (PID: 2764)

    • Application was dropped or rewritten from another process

      • setup[1].exe (PID: 1708)
      • setup.exe (PID: 1508)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 3184)
      • software_reporter_tool.exe (PID: 2764)
      • iexplore.exe (PID: 3052)
      • chrome.exe (PID: 3828)

    • Application launched itself

      • software_reporter_tool.exe (PID: 2216)

    • Searches for installed software

      • software_reporter_tool.exe (PID: 2764)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3052)
      • chrome.exe (PID: 3828)

    • Changes internet zones settings

      • iexplore.exe (PID: 3052)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3184)
      • chrome.exe (PID: 3828)

    • Loads the Task Scheduler COM API

      • software_reporter_tool.exe (PID: 3996)
      • software_reporter_tool.exe (PID: 2216)

    • Reads settings of System Certificates

      • setup[1].exe (PID: 1708)
      • chrome.exe (PID: 3828)
      • setup.exe (PID: 1508)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
64
Monitored processes
29
Malicious processes
1
Suspicious processes
2

Behavior graph

Click at the process to see the details
drop and start start drop and start iexplore.exe iexplore.exe setup[1].exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs software_reporter_tool.exe no specs software_reporter_tool.exe no specs software_reporter_tool.exe no specs software_reporter_tool.exe no specs software_reporter_tool.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs setup.exe

Process information

PID
CMD
Path
Indicators
Parent process
664"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=936,4257019118264431659,1917556752870222553,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=03B3A882185E6B0D481DF0065FF140B6 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=03B3A882185E6B0D481DF0065FF140B6 --renderer-client-id=13 --mojo-platform-channel-handle=3516 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
892"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=936,4257019118264431659,1917556752870222553,131072 --enable-features=PasswordImport --service-pipe-token=9EAAC928C0F40162EC868E2A756E7202 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9EAAC928C0F40162EC868E2A756E7202 --renderer-client-id=3 --mojo-platform-channel-handle=2076 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1088"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x701200b0,0x701200c0,0x701200ccC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1508"C:\Users\admin\Downloads\setup.exe" C:\Users\admin\Downloads\setup.exe
chrome.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Office
Exit code:
0
Version:
16.0.10810.33603
Modules
Images
c:\users\admin\downloads\setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
1708"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\setup[1].exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\setup[1].exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Office
Exit code:
0
Version:
16.0.10810.33603
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\0uu90r59\setup[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
1752"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=936,4257019118264431659,1917556752870222553,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=DA399601A693A00995CD5A6BAC6AD43F --mojo-platform-channel-handle=2096 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1820"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=936,4257019118264431659,1917556752870222553,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=5C6A8BCDDF30FB1F935B094BF05F16C0 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5C6A8BCDDF30FB1F935B094BF05F16C0 --renderer-client-id=16 --mojo-platform-channel-handle=820 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2044"c:\users\admin\appdata\local\google\chrome\user data\swreporter\33.170.201\software_reporter_tool.exe" --crash-handler "--database=c:\users\admin\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=33.170.201 --initial-client-data=0xe4,0xec,0xf0,0xe8,0xf4,0x1114c10,0x1114c20,0x1114c2cc:\users\admin\appdata\local\google\chrome\user data\swreporter\33.170.201\software_reporter_tool.exesoftware_reporter_tool.exe
User:
admin
Company:
Google
Integrity Level:
MEDIUM
Description:
Software Reporter Tool
Exit code:
0
Version:
33.170.201
Modules
Images
c:\users\admin\appdata\local\google\chrome\user data\swreporter\33.170.201\software_reporter_tool.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2200"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=936,4257019118264431659,1917556752870222553,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=C30214DDD003DAB58A274CD3E4E1FC51 --mojo-platform-channel-handle=796 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2216"C:\Users\admin\AppData\Local\Google\Chrome\User Data\SwReporter\33.170.201\software_reporter_tool.exe" --engine=2 --session-id=lBtZQHwpAceEBbHGaWA3YQwHiWcJjd0X2JlFnKik --registry-suffix=ESET --srt-field-trial-group-name=NewCleanerUIExperimentC:\Users\admin\AppData\Local\Google\Chrome\User Data\SwReporter\33.170.201\software_reporter_tool.exechrome.exe
User:
admin
Company:
Google
Integrity Level:
MEDIUM
Description:
Software Reporter Tool
Exit code:
2
Version:
33.170.201
Modules
Images
c:\users\admin\appdata\local\google\chrome\user data\swreporter\33.170.201\software_reporter_tool.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
2 325
Read events
1 942
Write events
352
Delete events
31

Modification events

(PID) Process:(3052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(3052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(3052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005C000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(3052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{47CE410B-BA29-11E8-BFAB-5254004AAD11}
Value:
0
(PID) Process:(3052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(3052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
2
(PID) Process:(3052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E207090001001100030019000B008B00
Executable files
11
Suspicious files
70
Text files
162
Unknown types
5

Dropped files

PID
Process
Filename
Type
3052iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
MD5:
SHA256:
3052iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3052iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFA7511DADBF6095D6.TMP
MD5:
SHA256:
3052iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF70935BB5CE78DFC2.TMP
MD5:
SHA256:
3052iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{47CE410B-BA29-11E8-BFAB-5254004AAD11}.dat
MD5:
SHA256:
3828chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5B9F1EC0-EF4.pma
MD5:
SHA256:
3828chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
MD5:
SHA256:
3828chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0
MD5:
SHA256:
3828chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
MD5:
SHA256:
3828chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
15
TCP/UDP connections
68
DNS requests
35
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3828
chrome.exe
GET
403
2.16.186.90:80
http://officecdn.microsoft.com.edgesuite.net/favicon.ico
unknown
html
310 b
whitelisted
3828
chrome.exe
GET
200
2.16.186.104:80
http://edc.edgesuite.net/
unknown
html
1.24 Kb
malicious
3828
chrome.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D
US
der
471 b
whitelisted
3828
chrome.exe
GET
404
2.16.186.104:80
http://edc.edgesuite.net/favicon.ico
unknown
text
16 b
malicious
3828
chrome.exe
GET
403
2.16.186.90:80
http://officecdn.microsoft.com.edgesuite.net/
unknown
html
1.20 Kb
whitelisted
3828
chrome.exe
GET
200
2.16.186.104:80
http://edc.edgesuite.net/css/edgesuite_style.css
unknown
text
3.12 Kb
malicious
3828
chrome.exe
GET
200
2.16.186.104:80
http://edc.edgesuite.net/images/edgesuite-header.jpg
unknown
image
13.2 Kb
malicious
3828
chrome.exe
GET
200
2.16.186.104:80
http://edc.edgesuite.net/images/icon-device-characteristics.png
unknown
image
1.17 Kb
malicious
3828
chrome.exe
GET
200
2.16.186.104:80
http://edc.edgesuite.net/images/akamai_logo_white.png
unknown
image
4.01 Kb
malicious
3828
chrome.exe
GET
200
2.16.186.104:80
http://edc.edgesuite.net/images/icon-user-agent.png
unknown
image
1.10 Kb
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3828
chrome.exe
172.217.18.2:443
googleads.g.doubleclick.net
Google Inc.
US
whitelisted
3828
chrome.exe
118.219.252.2:443
www.malwares.com
SK Broadband Co Ltd
KR
unknown
3052
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3184
iexplore.exe
2.16.186.90:80
officecdn.microsoft.com.edgesuite.net
Akamai International B.V.
whitelisted
1708
setup[1].exe
13.107.3.128:443
config.edge.skype.com
Microsoft Corporation
US
whitelisted
1708
setup[1].exe
40.121.213.159:443
client-office365-tas.msedge.net
Microsoft Corporation
US
whitelisted
1708
setup[1].exe
52.109.76.32:443
nexusrules.officeapps.live.com
Microsoft Corporation
IE
whitelisted
3828
chrome.exe
172.217.21.227:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
3828
chrome.exe
172.217.18.3:443
ssl.gstatic.com
Google Inc.
US
whitelisted
3828
chrome.exe
172.217.18.14:443
apis.google.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
officecdn.microsoft.com.edgesuite.net
  • 2.16.186.90
  • 2.16.186.83
whitelisted
nexusrules.officeapps.live.com
  • 52.109.76.32
whitelisted
config.edge.skype.com
  • 13.107.3.128
malicious
client-office365-tas.msedge.net
  • 40.121.213.159
whitelisted
clientservices.googleapis.com
  • 172.217.21.227
whitelisted
www.google.com.ua
  • 216.58.207.35
whitelisted
accounts.google.com
  • 172.217.18.13
shared
ssl.gstatic.com
  • 172.217.18.3
whitelisted
www.gstatic.com
  • 172.217.18.3
whitelisted

Threats

PID
Process
Class
Message
3184
iexplore.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3184
iexplore.exe
Misc activity
ET INFO EXE - Served Attached HTTP
3828
chrome.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3828
chrome.exe
Misc activity
ET INFO EXE - Served Attached HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://officecdn.microsoft.com.edgesuite.net/pr/wsus/setup.exe