analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.zip

Full analysis: https://app.any.run/tasks/a4320509-bd7b-44e2-a737-f9402a9a75a9
Verdict: Malicious activity
Analysis date: February 19, 2019, 09:03:59
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v5.1 to extract
MD5:

36C04D7E790D36CF8D6701D763E35804

SHA1:

1303185FF2C328E27C5EE9785052CEC2B7E3AAFD

SHA256:

34E24362B92F3B70F656ACFFE13F5EB4329273573E69BD9478DAABD3C41395BC

SSDEEP:

49152:rSAb7AmRnjnLY3/Zvf5x/G932Lh64DwaE7T5eHR0SlMD4:rSAb77nLE3hI2OLeH+Sh

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe (PID: 3164)
      • Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe (PID: 2332)
      • OfficeClickToRun.exe (PID: 2960)
      • Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe (PID: 4072)
      • OfficeClickToRun.exe (PID: 3752)
      • Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe (PID: 2976)
      • OfficeC2RClient.exe (PID: 2824)

    • Changes settings of System certificates

      • Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe (PID: 3164)
      • OfficeClickToRun.exe (PID: 2960)

    • Loads dropped or rewritten executable

      • OfficeClickToRun.exe (PID: 2960)
      • OfficeClickToRun.exe (PID: 3752)
      • Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe (PID: 4072)
      • Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe (PID: 2976)
      • OfficeC2RClient.exe (PID: 2824)

  • SUSPICIOUS

    • Reads Internet Cache Settings

      • Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe (PID: 2332)
      • Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe (PID: 3164)
      • OfficeClickToRun.exe (PID: 3752)
      • Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe (PID: 4072)
      • Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe (PID: 2976)
      • OfficeC2RClient.exe (PID: 2824)

    • Application launched itself

      • Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe (PID: 2332)
      • Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe (PID: 4072)

    • Adds / modifies Windows certificates

      • Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe (PID: 3164)
      • OfficeClickToRun.exe (PID: 2960)

    • Creates files in the user directory

      • powershell.exe (PID: 2836)

    • Executes PowerShell scripts

      • Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe (PID: 3164)

    • Searches for installed software

      • Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe (PID: 3164)

    • Executable content was dropped or overwritten

      • OfficeClickToRun.exe (PID: 2960)
      • Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe (PID: 3164)

    • Creates files in the program directory

      • OfficeClickToRun.exe (PID: 2960)
      • Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe (PID: 3164)

    • Removes files from Windows directory

      • OfficeClickToRun.exe (PID: 2960)

    • Creates files in the Windows directory

      • OfficeClickToRun.exe (PID: 2960)

  • INFO

    • Reads Microsoft Office registry keys

      • Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe (PID: 3164)
      • OfficeClickToRun.exe (PID: 3752)
      • Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe (PID: 4072)
      • Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe (PID: 2976)
      • OfficeC2RClient.exe (PID: 2824)
      • OfficeClickToRun.exe (PID: 2960)

    • Reads settings of System Certificates

      • OfficeClickToRun.exe (PID: 3752)
      • OfficeClickToRun.exe (PID: 2960)
      • Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe (PID: 4072)
      • OfficeC2RClient.exe (PID: 2824)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe
ZipUncompressedSize: 5225368
ZipCompressedSize: 2369311
ZipCRC: 0x00000000
ZipModifyDate: 2019:02:18 17:33:03
ZipCompression: Unknown (99)
ZipBitFlag: 0x0001
ZipRequiredVersion: 51
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
46
Monitored processes
9
Malicious processes
7
Suspicious processes
0

Behavior graph

Click at the process to see the details
start drop and start winrar.exe no specs setup.def.en-us_o365businessretail_099fad3a-fc81-4eb4-af48-f29f647fe997_tx_pr_platform_def_b_16_.exe setup.def.en-us_o365businessretail_099fad3a-fc81-4eb4-af48-f29f647fe997_tx_pr_platform_def_b_16_.exe powershell.exe no specs officeclicktorun.exe officeclicktorun.exe setup.def.en-us_o365businessretail_099fad3a-fc81-4eb4-af48-f29f647fe997_tx_pr_platform_def_b_16_.exe setup.def.en-us_o365businessretail_099fad3a-fc81-4eb4-af48-f29f647fe997_tx_pr_platform_def_b_16_.exe officec2rclient.exe

Process information

PID
CMD
Path
Indicators
Parent process
3556"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
2332"C:\Users\admin\Desktop\Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe" C:\Users\admin\Desktop\Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Office
Version:
16.0.11231.20164
3164"C:\Users\admin\Desktop\Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe" ELEVATED C:\Users\admin\Desktop\Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe
Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Office
Version:
16.0.11231.20164
2836"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -WindowStyle Hidden -Command "& { $isOfficeInstalled = Get-AppxPackage Microsoft.Office.Desktop -allusers; if ($isOfficeInstalled -eq $null) { Out-File -FilePath 'C:\Users\admin\AppData\Local\Temp\Centennial.Detection.IsCentennialOfficeInstalled.scratch' -InputObject '0' -Encoding ascii; } else { Out-File -FilePath 'C:\Users\admin\AppData\Local\Temp\Centennial.Detection.IsCentennialOfficeInstalled.scratch' -InputObject '1' -Encoding ascii } }"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSetup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows PowerShell
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
3752 deliverymechanism=64256afe-f5d9-4f86-8936-8840a6a4f5be productreleaseid=O365BusinessRetail platform=x86 o365businessretail=099fad3a-fc81-4eb4-af48-f29f647fe997 tx=PR culture=en-us lcid=1033 b=16 prereleasebuild=4419 defaultplatform=True forcecentcheck= storeid= totalclientcabsize=19526529 productstoadd=O365BusinessRetail.16_en-us_x-none scenario=unknown O365BusinessRetail.excludedapps.16=groove updatesenabled.16=True cdnbaseurl.16=http://officecdn.microsoft.com/pr/64256afe-f5d9-4f86-8936-8840a6a4f5be version.16=16.0.11328.20070 mediatype.16=CDN baseurl.16=http://officecdn.microsoft.com/PR/64256afe-f5d9-4f86-8936-8840a6a4f5be sourcetype.16=CDN flt.useexptransportinplacepl=unknown flt.useoutlookshareaddon=unknown flt.useofficehelperaddon=unknown flt.useteamsaddon=enabledC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Office Click-to-Run (SxS)
Version:
16.0.11328.20068
2960"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /serviceC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Office Click-to-Run (SxS)
Version:
16.0.11328.20068
4072"C:\Users\admin\Desktop\Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe" C:\Users\admin\Desktop\Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Office
Exit code:
2147549183
Version:
16.0.11231.20164
2976"C:\Users\admin\Desktop\Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe" ELEVATED C:\Users\admin\Desktop\Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe
Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Office
Exit code:
2147549183
Version:
16.0.11231.20164
2824"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe" /progressandlaunch AppTargets="root\office16\excel.exe|root\office16\lync.exe|root\office16\msaccess.exe|root\office16\mspub.exe|root\office16\onenote.exe|root\office16\outlook.exe|root\office16\powerpnt.exe|root\office16\winword.exe" ManualUpgrade=False ScenarioToTrack="Scenario:{FB9843BB-0D8A-4347-A227-C759C3FC9103}@INSTALL"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Office Click-to-Run Client
Version:
16.0.11328.20068
Total events
1 755
Read events
1 303
Write events
0
Delete events
0

Modification events

No data
Executable files
181
Suspicious files
29
Text files
26
Unknown types
10

Dropped files

PID
Process
Filename
Type
3556WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb3556.7517\Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe
MD5:
SHA256:
3164Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exeC:\Users\admin\AppData\Local\Temp\CabF67C.tmp
MD5:
SHA256:
3164Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exeC:\Users\admin\AppData\Local\Temp\TarF67D.tmp
MD5:
SHA256:
3164Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exeC:\Users\admin\AppData\Local\Temp\OfficeC2R1855EA7C-7D03-4051-83D0-20CEFE88A9D6OfficeC2R6C356B89-9D37-4838-811D-03D7DFB12F67\v32.hash
MD5:
SHA256:
3164Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exeC:\Users\admin\AppData\Local\Temp\OfficeC2R1855EA7C-7D03-4051-83D0-20CEFE88A9D6OfficeC2R6C356B89-9D37-4838-811D-03D7DFB12F67\VersionDescriptor.xml
MD5:
SHA256:
3164Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exeC:\Users\admin\AppData\Local\Temp\OfficeC2R1855EA7C-7D03-4051-83D0-20CEFE88A9D6\v32.hash
MD5:
SHA256:
3164Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exeC:\Users\admin\AppData\Local\Temp\OfficeC2R1855EA7C-7D03-4051-83D0-20CEFE88A9D6\VersionDescriptor.xml
MD5:
SHA256:
2836powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\TUK7YAGLEDF2F70H4ZFF.temp
MD5:
SHA256:
2836powershell.exeC:\Users\admin\AppData\Local\Temp\Centennial.Detection.IsCentennialOfficeInstalled.scratch
MD5:
SHA256:
3164Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exeC:\Users\admin\AppData\Local\Temp\OfficeC2RA2ADB74C-2A70-4BD0-B907-FEF8A7FF81A5\i321033.cab
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
48
TCP/UDP connections
29
DNS requests
18
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3164
Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe
HEAD
301
23.5.102.128:80
http://officecdn.microsoft.com/PR/64256afe-f5d9-4f86-8936-8840a6a4f5be/Office/Data/v32_16.0.11328.20070.cab
NL
whitelisted
3164
Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe
GET
301
23.5.102.128:80
http://officecdn.microsoft.com/PR/64256afe-f5d9-4f86-8936-8840a6a4f5be/Office/Data/v32_16.0.11328.20070.cab
NL
whitelisted
3164
Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe
HEAD
301
23.5.102.128:80
http://officecdn.microsoft.com/PR/64256afe-f5d9-4f86-8936-8840a6a4f5be/Office/Data/v32_16.0.11328.20070.cab
NL
whitelisted
3164
Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe
HEAD
200
2.16.186.83:80
http://officecdn.microsoft.com.edgesuite.net/PR/64256afe-f5d9-4f86-8936-8840a6a4f5be/Office/Data/v32_16.0.11328.20070.cab
unknown
whitelisted
3164
Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe
HEAD
200
2.16.186.83:80
http://officecdn.microsoft.com.edgesuite.net/PR/64256afe-f5d9-4f86-8936-8840a6a4f5be/Office/Data/v32_16.0.11328.20070.cab
unknown
whitelisted
3164
Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe
GET
200
2.16.186.83:80
http://officecdn.microsoft.com.edgesuite.net/PR/64256afe-f5d9-4f86-8936-8840a6a4f5be/Office/Data/v32_16.0.11328.20070.cab
unknown
compressed
16.8 Kb
whitelisted
3164
Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe
GET
200
2.16.186.120:80
http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
unknown
der
781 b
whitelisted
3164
Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe
GET
301
23.5.102.128:80
http://officecdn.microsoft.com/PR/64256afe-f5d9-4f86-8936-8840a6a4f5be/Office/Data/16.0.11328.20070/i321033.cab
NL
whitelisted
3164
Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe
GET
200
2.16.186.120:80
http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl
unknown
der
555 b
whitelisted
3164
Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe
GET
301
23.5.102.128:80
http://officecdn.microsoft.com/PR/64256afe-f5d9-4f86-8936-8840a6a4f5be/Office/Data/16.0.11328.20070/i320.cab
NL
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2332
Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe
13.107.3.128:443
config.edge.skype.com
Microsoft Corporation
US
whitelisted
2332
Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe
52.232.69.150:443
client-office365-tas.msedge.net
Microsoft Corporation
NL
whitelisted
3164
Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe
23.5.102.128:80
officecdn.microsoft.com
Akamai Technologies, Inc.
NL
whitelisted
3164
Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe
52.109.88.44:443
mrodevicemgr.officeapps.live.com
Microsoft Corporation
NL
whitelisted
3752
OfficeClickToRun.exe
13.107.3.128:443
config.edge.skype.com
Microsoft Corporation
US
whitelisted
2960
OfficeClickToRun.exe
52.232.69.150:443
client-office365-tas.msedge.net
Microsoft Corporation
NL
whitelisted
3752
OfficeClickToRun.exe
52.232.69.150:443
client-office365-tas.msedge.net
Microsoft Corporation
NL
whitelisted
3164
Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe
2.16.186.83:80
officecdn.microsoft.com.edgesuite.net
Akamai International B.V.
whitelisted
3164
Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.exe
2.16.186.120:80
crl.microsoft.com
Akamai International B.V.
whitelisted
2960
OfficeClickToRun.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted

DNS requests

Domain
IP
Reputation
config.edge.skype.com
  • 13.107.3.128
whitelisted
client-office365-tas.msedge.net
  • 52.232.69.150
whitelisted
mrodevicemgr.officeapps.live.com
  • 52.109.88.44
whitelisted
officecdn.microsoft.com
  • 23.5.102.128
  • 23.210.248.85
whitelisted
officecdn.microsoft.com.edgesuite.net
  • 2.16.186.83
  • 2.16.186.90
  • 2.16.186.59
whitelisted
crl.microsoft.com
  • 2.16.186.120
  • 2.16.186.74
whitelisted
self.events.data.microsoft.com
  • 52.114.74.45
  • 52.114.32.6
whitelisted
www.microsoft.com
  • 92.122.253.175
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted

Threats

No threats detected
Process
Message
OfficeClickToRun.exe
2019-02-19 09:05:15.743 T#2772 <E> [AriaSDK] HTTP request WI-1 failed after 365 ms, events were rejected by the server (403) and will be all dropped
OfficeClickToRun.exe
2019-02-19 09:05:23.211 T#3312 <E> [AriaSDK] HTTP request WI-1 failed after 5767 ms, events were rejected by the server (403) and will be all dropped
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Setup.Def.en-us_O365BusinessRetail_099fad3a-fc81-4eb4-af48-f29f647fe997_TX_PR_Platform_def_b_16_.zip