File name:

Undeliverable- FW- Miral shared a file with you.eml

Full analysis: https://app.any.run/tasks/aa39c18f-46ea-4b26-aa9e-40dbfe0bc13d
Verdict: Malicious activity
Analysis date: October 30, 2024, 07:36:51
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
attachments
attc-unc
attc-eml
mailgun
Indicators:
MIME: message/rfc822
File info: RFC 822 mail, ASCII text, with very long lines (941), with CRLF line terminators
MD5:

733DD626CC32152C575C8866CE360BD3

SHA1:

08DE6616FFA3A6E8DB57A22563F64EABB871B5F4

SHA256:

1C4621177F3638FCD8710AF06CB7D4D7DE08F38946C80B2F78DA2311C17B1E35

SSDEEP:

3072:JWj4q5RTFcKojQfNP8nTbSoIGqSyDhG6TbgiIvhVDaOkO2qDgEomWGu63Dj2Hsmx:4cq5RTZ8XSoIxSMGwEieDaXO2PmWJ63O

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Email came from third-party service (Mailgun)

      • OUTLOOK.EXE (PID: 2432)

  • SUSPICIOUS

    • Application launched itself

      • OUTLOOK.EXE (PID: 2432)

  • INFO

    • The process uses the downloaded file

      • OUTLOOK.EXE (PID: 2432)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 6776)

    • Application launched itself

      • msedge.exe (PID: 7868)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.eml | E-Mail message (Var. 5) (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
204
Monitored processes
58
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start outlook.exe ai.exe no specs outlook.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs ucpdmgr.exe no specs conhost.exe no specs ucpdmgr.exe no specs conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1180"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6612 --field-trial-handle=2436,i,1801960642563841451,8851274898400495243,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1332"C:\WINDOWS\system32\UCPDMgr.exe"C:\Windows\System32\UCPDMgr.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
User Choice Protection Manager
Exit code:
0
Version:
1.0.0.414301
Modules
Images
c:\windows\system32\ucpdmgr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1572"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=2436,i,1801960642563841451,8851274898400495243,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1584"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6624 --field-trial-handle=2436,i,1801960642563841451,8851274898400495243,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1804"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6216 --field-trial-handle=2436,i,1801960642563841451,8851274898400495243,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2076"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --no-appcompat-clear --mojo-platform-channel-handle=3884 --field-trial-handle=2436,i,1801960642563841451,8851274898400495243,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2140"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5752 --field-trial-handle=2436,i,1801960642563841451,8851274898400495243,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2140"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6376 --field-trial-handle=2436,i,1801960642563841451,8851274898400495243,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2184"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6252 --field-trial-handle=2436,i,1801960642563841451,8851274898400495243,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2432"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\admin\AppData\Local\Temp\Undeliverable- FW- Miral shared a file with you.eml"C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Outlook
Version:
16.0.16026.20146
Modules
Images
c:\program files\microsoft office\root\office16\outlook.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\program files\microsoft office\root\office16\outlookservicing.dll
c:\program files\common files\microsoft shared\clicktorun\appvisvsubsystems64.dll
Total events
17 224
Read events
15 941
Write events
1 105
Delete events
178

Modification events

(PID) Process:(2432) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
Operation:writeName:6
Value:
01941A000000001000B24E9A3E06000000000000000600000000000000
(PID) Process:(2432) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\2432
Operation:writeName:0
Value:
0B0E107B4600F462238D4A9E0E394320BBD349230046DEBED689E8D3CAED016A04102400449A7D64B29D01008500A907556E6B6E6F776EC906022222CA0DC2190000C91003783634C5118013D2120B6F00750074006C006F006F006B002E00650078006500C51620C517808004C91808323231322D44656300
(PID) Process:(2432) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
Operation:delete valueName:BootCommand
Value:
(PID) Process:(2432) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
Operation:delete valueName:BootFailureCount
Value:
(PID) Process:(2432) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:delete keyName:(default)
Value:
(PID) Process:(2432) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:writeName:CantBootResolution
Value:
BootSuccess
(PID) Process:(2432) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:writeName:ProfileBeingOpened
Value:
Outlook
(PID) Process:(2432) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:writeName:SessionId
Value:
C3D8E96E-C1AF-4750-8D52-F4E28119C131
(PID) Process:(2432) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:writeName:BootDiagnosticsLogFile
Value:
C:\Users\admin\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16026_20146-20240718T1116060318-1644.etl
(PID) Process:(2432) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
Operation:delete valueName:ProfileBeingOpened
Value:
Executable files
3
Suspicious files
316
Text files
100
Unknown types
0

Dropped files

PID
Process
Filename
Type
2432OUTLOOK.EXEC:\Users\admin\Documents\Outlook Files\Outlook1.pst
MD5:
SHA256:
2432OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbresbinary
MD5:0D526BC6634E1B88B59F0D1CA69BF5A4
SHA256:85D9FD494A1E0EC6CDC0D3F9697A98EE9463C299ED1E8678FA39E0D5A7D8BB91
2432OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bintext
MD5:CC90D669144261B198DEAD45AA266572
SHA256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
2432OUTLOOK.EXEC:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotmbinary
MD5:53982A7E41B2B5A305FF3DD305624EF6
SHA256:7D99F6F34053C2C41D5DD1E81D7937576B9107DEE8102F870ED5AA7FBB838A57
2432OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bintext
MD5:4087AAD249F8D352C9B4A5D97A95959B
SHA256:FD76FF3BFEFF1E199A37E5EABBDFCDECE1B44408C0C7C3C80B01F739D04E1D39
2432OUTLOOK.EXEC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9der
MD5:F95FD1C51EF0654EEFE193A23E2F0836
SHA256:9DD7ADC41207C97A4A9763EC5387FA6F04DC21C827BD770AD993A60912CC7C41
2432OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_27.ttfbinary
MD5:59610D64A881E76BAD429817056A9E34
SHA256:264CEBF14D79463C65BCE44297E19FA0FC6D75848CA07B45C2F563344530336A
2432OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbresbinary
MD5:97BF35C744A55A09AAABCE93C7EE9AA0
SHA256:7C06A73FAFF9D41E32A6171C7FED43230F7ABBD9BF24B7BB18588474CE93A494
2432OUTLOOK.EXEC:\Users\admin\AppData\Local\Temp\olkC1F1.tmptext
MD5:C249CB444BF668668A461F35F0B22CE5
SHA256:D9438FCBA4AE566CB15B7F674DBAA94638A46A5E159396CE08B9A7A62EBB38B2
2432OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\F5RUI7W1\Miral shared a file with you.eml:Zone.Identifiertext
MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
SHA256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
44
TCP/UDP connections
100
DNS requests
90
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
632
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2432
OUTLOOK.EXE
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7564
svchost.exe
HEAD
200
217.20.57.19:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/181d62d0-8e71-4ab0-b6f0-62f746749689?P1=1730301041&P2=404&P3=2&P4=LKp%2fWuCZ%2bmgbXefS82tXbgXo9%2btmxy%2fid4r%2fiSv9k%2b0s0hxylMwXwpgUCL5UU8XKIMzD%2bKuJpw%2biYKQmKaYXGA%3d%3d
unknown
whitelisted
7480
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
4680
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
7480
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7564
svchost.exe
GET
206
217.20.57.19:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/181d62d0-8e71-4ab0-b6f0-62f746749689?P1=1730301041&P2=404&P3=2&P4=LKp%2fWuCZ%2bmgbXefS82tXbgXo9%2btmxy%2fid4r%2fiSv9k%2b0s0hxylMwXwpgUCL5UU8XKIMzD%2bKuJpw%2biYKQmKaYXGA%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
3000
RUXIMICS.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5488
MoUsoCoreWorker.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6944
svchost.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
2432
OUTLOOK.EXE
52.113.194.132:443
ecs.office.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2432
OUTLOOK.EXE
23.50.131.87:443
omex.cdn.office.net
Akamai International B.V.
DE
whitelisted
2432
OUTLOOK.EXE
52.111.231.13:443
messaging.lifecycle.office.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
4360
SearchApp.exe
104.126.37.139:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4360
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.23.110
whitelisted
ecs.office.com
  • 52.113.194.132
whitelisted
omex.cdn.office.net
  • 23.50.131.87
  • 23.50.131.86
  • 23.50.131.74
whitelisted
messaging.lifecycle.office.com
  • 52.111.231.13
whitelisted
www.bing.com
  • 104.126.37.139
  • 104.126.37.155
  • 104.126.37.152
  • 104.126.37.144
  • 104.126.37.153
  • 104.126.37.136
  • 104.126.37.131
  • 104.126.37.137
  • 104.126.37.145
  • 104.126.37.163
  • 104.126.37.162
  • 104.126.37.171
  • 104.126.37.161
  • 104.126.37.178
  • 104.126.37.177
  • 104.126.37.170
  • 104.126.37.160
  • 104.126.37.146
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 20.190.159.68
  • 40.126.31.67
  • 20.190.159.2
  • 40.126.31.73
  • 20.190.159.0
  • 40.126.31.69
  • 40.126.31.71
  • 20.190.159.71
whitelisted
nleditor.osi.office.net
  • 52.111.231.25
  • 52.111.231.24
  • 52.111.231.23
  • 52.111.231.26
whitelisted
th.bing.com
  • 104.126.37.137
  • 104.126.37.136
  • 104.126.37.139
  • 104.126.37.185
  • 104.126.37.131
  • 104.126.37.128
  • 104.126.37.186
  • 104.126.37.184
  • 104.126.37.130
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Undeliverable- FW- Miral shared a file with you.eml