File name: | downloadEdge.aspx |
Full analysis: | https://app.any.run/tasks/c638bc55-4814-4ab6-b750-de2b8d2193d1 |
Verdict: | Malicious activity |
Analysis date: | December 02, 2019, 20:32:21 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5: | 1D065827894AF28CA6D740A8604C99F5 |
SHA1: | 46C8A37890E984226C590AD3857EDFE1FF433858 |
SHA256: | 3F0CF2E08607F9D77BC9C043729E14FAD6D5D4676F2746D848AA9AC6F326E385 |
SSDEEP: | 49152:Z6+ONgzWvqBtqSKgPQNkQmO0RrePFbe+Utczjjcym7IChVOV:Z6RgSvq+SJ8POrCFb7acXjcym7IuV2 |
.exe | | | Win32 Executable (generic) (52.9) |
---|---|---|
.exe | | | Generic Win/DOS Executable (23.5) |
.exe | | | DOS Executable Generic (23.5) |
LanguageId: | en |
---|---|
UpstreamVersion: | 1.3.99.0 |
ProductVersion: | 1.3.117.15 |
ProductName: | Microsoft Edge Update |
OriginalFileName: | MicrosoftEdgeUpdateSetup.exe |
LegalCopyright: | Copyright Microsoft Corporation |
InternalName: | Microsoft Edge Update Setup |
FileVersion: | 1.3.117.15 |
FileDescription: | Microsoft Edge Update Setup |
CompanyName: | Microsoft Corporation |
CharacterSet: | Unicode |
LanguageCode: | English (U.S.) |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Windows NT 32-bit |
FileFlags: | (none) |
FileFlagsMask: | 0x003f |
ProductVersionNumber: | 1.3.117.15 |
FileVersionNumber: | 1.3.117.15 |
Subsystem: | Windows GUI |
SubsystemVersion: | 5.1 |
ImageVersion: | - |
OSVersion: | 5.1 |
EntryPoint: | 0x5751 |
UninitializedDataSize: | - |
InitializedDataSize: | 1664512 |
CodeSize: | 95744 |
LinkerVersion: | 14.16 |
PEType: | PE32 |
TimeStamp: | 2019:11:12 03:24:41+01:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 12-Nov-2019 02:24:41 |
Detected languages: |
|
Debug artifacts: |
|
CompanyName: | Microsoft Corporation |
FileDescription: | Microsoft Edge Update Setup |
FileVersion: | 1.3.117.15 |
InternalName: | Microsoft Edge Update Setup |
LegalCopyright: | Copyright Microsoft Corporation |
OriginalFilename: | MicrosoftEdgeUpdateSetup.exe |
ProductName: | Microsoft Edge Update |
ProductVersion: | 1.3.117.15 |
UpstreamVersion: | 1.3.99.0 |
LanguageId: | en |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x00000118 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 5 |
Time date stamp: | 12-Nov-2019 02:24:41 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x0001744F | 0x00017600 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.66831 |
.rdata | 0x00019000 | 0x00007568 | 0x00007600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.24882 |
.data | 0x00021000 | 0x00001400 | 0x00000A00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.24743 |
.rsrc | 0x00023000 | 0x0018D108 | 0x0018D200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 7.9846 |
.reloc | 0x001B1000 | 0x00001270 | 0x00001400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.34218 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 5.20417 | 1166 | Latin 1 / Western European | UNKNOWN | RT_MANIFEST |
2 | 4.13669 | 1384 | Latin 1 / Western European | English - United States | RT_ICON |
3 | 3.91985 | 744 | Latin 1 / Western European | English - United States | RT_ICON |
4 | 4.83772 | 2216 | Latin 1 / Western European | English - United States | RT_ICON |
5 | 3.68656 | 1640 | Latin 1 / Western European | English - United States | RT_ICON |
6 | 4.50268 | 3752 | Latin 1 / Western European | English - United States | RT_ICON |
101 | 2.86669 | 90 | Latin 1 / Western European | English - United States | RT_GROUP_ICON |
102 | 7.99989 | 1578310 | Latin 1 / Western European | UNKNOWN | B |
1223 | 3.73035 | 380 | Latin 1 / Western European | UNKNOWN | RT_STRING |
ADVAPI32.dll |
KERNEL32.dll |
SHELL32.dll |
SHLWAPI.dll |
USER32.dll |
VERSION.dll |
ole32.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2204 | "C:\Users\admin\Desktop\downloadEdge.aspx.exe" | C:\Users\admin\Desktop\downloadEdge.aspx.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Update Setup Exit code: 0 Version: 1.3.117.15 | ||||
332 | C:\Users\admin\AppData\Local\Temp\EUA718.tmp\MicrosoftEdgeUpdate.exe /installsource taggedmi /install "appguid={65C35B14-6C1D-4122-AC46-7148CC9D6497}&appname=Microsoft%20Edge%20Canary&needsadmin=false&usagestats=0&lang=en" | C:\Users\admin\AppData\Local\Temp\EUA718.tmp\MicrosoftEdgeUpdate.exe | downloadEdge.aspx.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Update Exit code: 0 Version: 1.3.117.15 | ||||
2620 | "C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver | C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | — | MicrosoftEdgeUpdate.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Update Exit code: 0 Version: 1.3.117.15 | ||||
2452 | "C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xMTcuMTUiIHNoZWxsX3ZlcnNpb249IjEuMy4xMTcuMTUiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7Q0NGRDVBMEQtNzg0RC00OTUxLUEwMEItRkY5NTVEQTlFQTNGfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezFENTk5QUZGLUU3RTMtNEU3Ri1CRjhBLTI3ODRGN0Y5NTU4OX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iMyIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4ODYiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjExNy4xNSIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjE4MTMiLz48L2FwcD48L3JlcXVlc3Q- | C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | MicrosoftEdgeUpdate.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Update Exit code: 0 Version: 1.3.117.15 | ||||
2692 | "C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={65C35B14-6C1D-4122-AC46-7148CC9D6497}&appname=Microsoft%20Edge%20Canary&needsadmin=false&usagestats=0&lang=en" /installsource taggedmi /sessionid "{CCFD5A0D-784D-4951-A00B-FF955DA9EA3F}" | C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | — | MicrosoftEdgeUpdate.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Update Exit code: 0 Version: 1.3.117.15 | ||||
2284 | "C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" -Embedding | C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | svchost.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Update Exit code: 0 Version: 1.3.117.15 | ||||
944 | "C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{64F552F1-554C-408D-B0EB-B0266340947C}\MicrosoftEdge_X86_80.0.351.0.exe" --msedge-sxs --verbose-logging --do-not-launch-msedge | C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{64F552F1-554C-408D-B0EB-B0266340947C}\MicrosoftEdge_X86_80.0.351.0.exe | MicrosoftEdgeUpdate.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Installer Exit code: 0 Version: 80.0.351.0 | ||||
3540 | "C:\Users\admin\AppData\Local\Temp\CR_E68F6.tmp\setup.exe" --install-archive="C:\Users\admin\AppData\Local\Temp\CR_E68F6.tmp\MSEDGE.PACKED.7Z" --msedge-sxs --verbose-logging --do-not-launch-msedge | C:\Users\admin\AppData\Local\Temp\CR_E68F6.tmp\setup.exe | MicrosoftEdge_X86_80.0.351.0.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Installer Exit code: 0 Version: 80.0.351.0 | ||||
3944 | C:\Users\admin\AppData\Local\Temp\CR_E68F6.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge SxS\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel=canary --annotation=chromium-version=80.0.3975.0 --annotation=exe=C:\Users\admin\AppData\Local\Temp\CR_E68F6.tmp\setup.exe --annotation=plat=Win32 --annotation=prod=Edge --annotation=ver=80.0.351.0 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x14da920,0x14da930,0x14da93c | C:\Users\admin\AppData\Local\Temp\CR_E68F6.tmp\setup.exe | — | setup.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Installer Exit code: 0 Version: 80.0.351.0 | ||||
3144 | "C:\Users\admin\AppData\Local\Microsoft\Edge SxS\Application\msedge.exe" | C:\Users\admin\AppData\Local\Microsoft\Edge SxS\Application\msedge.exe | MicrosoftEdgeUpdate.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Exit code: 3221225547 Version: 80.0.351.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2204 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA718.tmp\MicrosoftEdgeUpdateOnDemand.exe | executable | |
MD5:5F447A5C5CC3F861F8D680B58A9C18D9 | SHA256:6B07496E21331F2CE59C4139F7CD6CAB158C84C176DDDB05C79BC797FCDB4E80 | |||
2204 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA718.tmp\MicrosoftEdgeUpdate.exe | — | |
MD5:52A3903F10AED2D499E18ED25C061579 | SHA256:700E67636D3B7D1882D17BE38DF83726FD47535C4A995AFD449F033D1EBB423B | |||
2204 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA718.tmp\MicrosoftEdgeUpdateBroker.exe | executable | |
MD5:91AB6CD1BB54C3BABCE8EB64683DA136 | SHA256:BB548B3B6D8E6F989DD38AFA1D7B8BA4F2A8670344A7B88D2071FD8B9805DF37 | |||
2204 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA718.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe | executable | |
MD5:C77C0515EB6FD8E7EE8F47FDBA00EED9 | SHA256:B53F2F505AFF5090792143CB8FAD39F904108E4AD1E2F7DF764CD58230DDB947 | |||
2204 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA718.tmp\msedgeupdateres_bn.dll | executable | |
MD5:3A417F83AB64F5F8E5E29A16B2CDA4DC | SHA256:1179B602D48D14D0A93F8E222435E88EB3EB36269D9BEA316CA8A31DFA0B6ED1 | |||
2204 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA718.tmp\psuser.dll | executable | |
MD5:BCAFA4E700E55DD2519D4B073F99EEF3 | SHA256:1C9F5FB7EA50C10B61897824A87B402F67687D6F9B659489817B4AED2AC20CBE | |||
2204 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA718.tmp\psmachine_arm64.dll | executable | |
MD5:2701F2BBFF8EC278BD3BE39CD6D30CF8 | SHA256:3FADC71E31C97107F2A18E09E44F88A9B76D8FFB53CA0E9299701FF899921FFF | |||
2204 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA718.tmp\msedgeupdateres_cs.dll | executable | |
MD5:C31389F3C74C1F479CC8FBA11505ABEC | SHA256:5CF59ECBE1E94AF556CFCDA8AFC8469C8E572F0678D28F964426149BAABB0976 | |||
2204 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA718.tmp\msedgeupdateres_bg.dll | executable | |
MD5:72D262B04F8F224A5A9F72A62779F22D | SHA256:C3E812D4EC42A044C0639EB82F4FD2E15817D93F3952E76B1FED27CC32EFF8EB | |||
2204 | downloadEdge.aspx.exe | C:\Users\admin\AppData\Local\Temp\EUA718.tmp\psmachine_64.dll | executable | |
MD5:AE1C59A9FF12D5A3C99A39736BB73930 | SHA256:41F55A9B1E837231BA8B5F387268CB6EAEF63EB4FDA66F172A73406164E9EFDC |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
— | — | HEAD | 200 | 2.16.186.75:80 | http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/a2f645e3-bf00-48f3-8201-cae194365ffd?P1=1575405169&P2=402&P3=2&P4=IJxHUXQER48cC%2bP4maSLjsvQfoOEa97j4FZdPQQU5H95pHipRbPDXjXsisyp1Lo%2fuT4DOpUvsW311u6hw%2fQBCA%3d%3d | unknown | — | — | whitelisted |
2956 | msedge.exe | GET | 200 | 74.125.155.172:80 | http://r6---sn-p5qs7n7l.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMGE4QUFXWXVoTjZIYmd5UGkxTnFncUIzQQ/8019.1202.0.0_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mip=85.203.20.94&mm=28&mn=sn-p5qs7n7l&ms=nvh&mt=1575318741&mv=m&mvi=5&pl=25&shardbypass=yes | US | crx | 1.23 Mb | whitelisted |
— | — | GET | — | 2.16.186.75:80 | http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/a2f645e3-bf00-48f3-8201-cae194365ffd?P1=1575405169&P2=402&P3=2&P4=IJxHUXQER48cC%2bP4maSLjsvQfoOEa97j4FZdPQQU5H95pHipRbPDXjXsisyp1Lo%2fuT4DOpUvsW311u6hw%2fQBCA%3d%3d | unknown | — | — | whitelisted |
2956 | msedge.exe | GET | 302 | 172.217.22.46:80 | http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMGE4QUFXWXVoTjZIYmd5UGkxTnFncUIzQQ/8019.1202.0.0_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx | US | html | 514 b | whitelisted |
3144 | msedge.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D | US | der | 1.47 Kb | whitelisted |
— | — | HEAD | 200 | 152.199.19.161:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/cb3cf8cb-f320-4ec6-ab9c-e4e0231d27b4?P1=1575376033&P2=402&P3=2&P4=KIYOUUbn6WyCuHvGn3MCZ07wsEeofY%2bFbU0mJ2ek8T2tAeRJU7rJY6ADNLWVaJtLegMGk3fhiIs5HD3KGfU%2fqw%3d%3d | US | — | — | whitelisted |
— | — | GET | 206 | 152.199.19.161:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/cb3cf8cb-f320-4ec6-ab9c-e4e0231d27b4?P1=1575376033&P2=402&P3=2&P4=KIYOUUbn6WyCuHvGn3MCZ07wsEeofY%2bFbU0mJ2ek8T2tAeRJU7rJY6ADNLWVaJtLegMGk3fhiIs5HD3KGfU%2fqw%3d%3d | US | binary | 6.93 Kb | whitelisted |
2956 | msedge.exe | GET | 200 | 91.199.212.52:80 | http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt | GB | der | 1.37 Kb | whitelisted |
— | — | GET | 206 | 152.199.19.161:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/3f2cd59e-65b9-4fb4-8fbe-05bbffa7b669?P1=1575374229&P2=402&P3=2&P4=OKhR1efJnZ1t2Ijwwl3QZWSliN8zRs9l5yoVpHy8K%2b6R6pL4TKjzFPOkDpSKuesrwM06RrKuQWhKCLNGev0mHg%3d%3d | US | binary | 8.89 Kb | whitelisted |
— | — | HEAD | 200 | 152.199.19.161:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/3f2cd59e-65b9-4fb4-8fbe-05bbffa7b669?P1=1575374229&P2=402&P3=2&P4=OKhR1efJnZ1t2Ijwwl3QZWSliN8zRs9l5yoVpHy8K%2b6R6pL4TKjzFPOkDpSKuesrwM06RrKuQWhKCLNGev0mHg%3d%3d | US | binary | 818 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2284 | MicrosoftEdgeUpdate.exe | 40.67.252.175:443 | msedge.api.cdp.microsoft.com | Microsoft Corporation | IE | unknown |
3144 | msedge.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3144 | msedge.exe | 52.114.132.21:443 | self.events.data.microsoft.com | Microsoft Corporation | US | unknown |
2452 | MicrosoftEdgeUpdate.exe | 52.114.75.150:443 | self.events.data.microsoft.com | Microsoft Corporation | NL | unknown |
3000 | MicrosoftEdgeUpdate.exe | 52.114.132.21:443 | self.events.data.microsoft.com | Microsoft Corporation | US | unknown |
2956 | msedge.exe | 172.217.21.238:443 | clients2.google.com | Google Inc. | US | whitelisted |
3144 | msedge.exe | 137.135.251.63:443 | nav.smartscreen.microsoft.com | Microsoft Corporation | IE | unknown |
3144 | msedge.exe | 65.52.226.14:443 | nav.smartscreen.microsoft.com | Microsoft Corporation | IE | unknown |
3144 | msedge.exe | 104.18.24.243:80 | ocsp.msocsp.com | Cloudflare Inc | US | shared |
— | — | 2.16.186.75:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | Akamai International B.V. | — | whitelisted |
Domain | IP | Reputation |
---|---|---|
self.events.data.microsoft.com |
| whitelisted |
msedge.api.cdp.microsoft.com |
| whitelisted |
msedge.f.tlu.dl.delivery.mp.microsoft.com |
| whitelisted |
nav.smartscreen.microsoft.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
ocsp.msocsp.com |
| whitelisted |
europe.smartscreen-prod.microsoft.com |
| whitelisted |
clients2.google.com |
| whitelisted |
redirector.gvt1.com |
| whitelisted |
r6---sn-p5qs7n7l.gvt1.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |
2956 | msedge.exe | Generic Protocol Command Decode | SURICATA TLS handshake invalid length |
2956 | msedge.exe | Generic Protocol Command Decode | SURICATA TLS handshake invalid length |
2956 | msedge.exe | Generic Protocol Command Decode | SURICATA TLS handshake invalid length |
2956 | msedge.exe | Generic Protocol Command Decode | SURICATA TLS handshake invalid length |
2956 | msedge.exe | Generic Protocol Command Decode | SURICATA TLS handshake invalid length |
2956 | msedge.exe | Generic Protocol Command Decode | SURICATA TLS handshake invalid length |