File name:

1682360557-1625ab24bf0cc40001-yr3sSN.eml

Full analysis: https://app.any.run/tasks/5e4bce09-d140-4e45-944b-0b4947d2f355
Verdict: Malicious activity
Analysis date: April 26, 2023, 22:25:18
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: text/plain
File info: ASCII text, with very long lines, with CRLF line terminators
MD5:

12CB08F3A2E2C6D8CA13CAD44878CFDB

SHA1:

D1BCA1A16561D01D4D0DCBE5ED79907D42C08D6A

SHA256:

47F2A9AEAD275E205B0A713DB95939F6AF0CC7D68F4D1650CCFCD078C168CC07

SSDEEP:

192:VhBz4n67uwBtSCIQVihWPBFosf4yLiq7ofKiPTPQ4Ky8ADpIQSw6Q2Z:b5HuwBt3oWZZfbeuofKidIv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Unusual execution from MS Office

      • OUTLOOK.EXE (PID: 6324)

    • Application was injected by another process

      • msedge.exe (PID: 7988)

    • Runs injected code in another process

      • SystemSettings.exe (PID: 6100)

  • SUSPICIOUS

    • Executes as Windows Service

      • elevation_service.exe (PID: 7460)
      • elevation_service.exe (PID: 3748)

    • Executable content was dropped or overwritten

      • elevation_service.exe (PID: 3748)

    • Reads settings of System Certificates

      • ChromeRecovery.exe (PID: 7836)
      • SystemSettings.exe (PID: 6100)

  • INFO

    • Reads product name

      • OUTLOOK.EXE (PID: 6324)

    • Checks supported languages

      • ai.exe (PID: 6228)
      • identity_helper.exe (PID: 1260)
      • elevation_service.exe (PID: 7460)
      • elevation_service.exe (PID: 3748)
      • ChromeRecovery.exe (PID: 7836)
      • SystemSettings.exe (PID: 6100)

    • Reads Microsoft Office registry keys

      • ai.exe (PID: 6228)

    • The process checks LSA protection

      • ai.exe (PID: 6228)
      • slui.exe (PID: 3980)
      • identity_helper.exe (PID: 1260)
      • elevation_service.exe (PID: 7460)
      • elevation_service.exe (PID: 3748)
      • ChromeRecovery.exe (PID: 7836)
      • SystemSettings.exe (PID: 6100)

    • Manual execution by a user

      • chrome.exe (PID: 6392)

    • Application launched itself

      • chrome.exe (PID: 6392)
      • msedge.exe (PID: 6432)
      • chrmstp.exe (PID: 7880)
      • chrmstp.exe (PID: 7604)

    • The process uses the downloaded file

      • OUTLOOK.EXE (PID: 6324)
      • chrome.exe (PID: 7500)
      • chrome.exe (PID: 3380)
      • chrome.exe (PID: 7288)
      • chrome.exe (PID: 1728)
      • chrome.exe (PID: 1444)

    • Reads the computer name

      • elevation_service.exe (PID: 7460)
      • ai.exe (PID: 6228)
      • identity_helper.exe (PID: 1260)
      • ChromeRecovery.exe (PID: 7836)
      • elevation_service.exe (PID: 3748)
      • SystemSettings.exe (PID: 6100)

    • Checks proxy server information

      • slui.exe (PID: 3980)

    • Reads the software policy settings

      • slui.exe (PID: 3980)

    • Create files in a temporary directory

      • chrome.exe (PID: 6392)
      • msedge.exe (PID: 6432)

    • Creates files in the program directory

      • elevation_service.exe (PID: 3748)

    • Process checks computer location settings

      • SystemSettings.exe (PID: 6100)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 6824)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.eml | E-Mail message (Var. 3) (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
247
Monitored processes
95
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start inject outlook.exe ai.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs elevation_service.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrmstp.exe no specs chrmstp.exe no specs chrmstp.exe no specs chrmstp.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe no specs chrome.exe no specs msedge.exe no specs chrome.exe no specs elevation_service.exe chromerecovery.exe no specs systemsettings.exe no specs filecoauth.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs msedge.exe no specs chrome.exe no specs msedge.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
188"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3512 --field-trial-handle=1872,i,13730186961534441280,12143492753837809134,131072 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
540"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 --field-trial-handle=1872,i,13730186961534441280,12143492753837809134,131072 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files (x86)\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
716"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=5988 --field-trial-handle=1932,i,11199055603070791984,1691863515237707043,131072 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
112.0.5615.50
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\112.0.5615.50\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1260"C:\Program Files (x86)\Microsoft\Edge\Application\111.0.1661.62\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 --field-trial-handle=1872,i,13730186961534441280,12143492753837809134,131072 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\111.0.1661.62\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files (x86)\microsoft\edge\application\111.0.1661.62\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\program files (x86)\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
1444"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1720 --field-trial-handle=1932,i,11199055603070791984,1691863515237707043,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
112.0.5615.50
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files\google\chrome\application\112.0.5615.50\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1504"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=6204 --field-trial-handle=1872,i,13730186961534441280,12143492753837809134,131072 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
111.0.1661.62
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\111.0.1661.62\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
1728"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3220 --field-trial-handle=1932,i,11199055603070791984,1691863515237707043,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
112.0.5615.50
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files\google\chrome\application\112.0.5615.50\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1784"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5108 --field-trial-handle=1932,i,11199055603070791984,1691863515237707043,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
112.0.5615.50
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files\google\chrome\application\112.0.5615.50\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1916"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3436 --field-trial-handle=1932,i,11199055603070791984,1691863515237707043,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
112.0.5615.50
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files\google\chrome\application\112.0.5615.50\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2364"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5200 --field-trial-handle=1932,i,11199055603070791984,1691863515237707043,131072 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
112.0.5615.50
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files\google\chrome\application\112.0.5615.50\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
68 758
Read events
67 890
Write events
524
Delete events
344

Modification events

(PID) Process:(6324) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:en-US
Value:
1
(PID) Process:(6324) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:de-de
Value:
1
(PID) Process:(6324) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:fr-fr
Value:
1
(PID) Process:(6324) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:es-es
Value:
1
(PID) Process:(6324) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:it-it
Value:
1
(PID) Process:(6324) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:ja-jp
Value:
1
(PID) Process:(6324) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:ko-kr
Value:
1
(PID) Process:(6324) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:pt-br
Value:
1
(PID) Process:(6324) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:ru-ru
Value:
1
(PID) Process:(6324) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:tr-tr
Value:
1
Executable files
21
Suspicious files
1 235
Text files
631
Unknown types
21

Dropped files

PID
Process
Filename
Type
6324OUTLOOK.EXEC:\Users\admin\Documents\Outlook Files\Outlook1.pst
MD5:
SHA256:
6324OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbresbinary
MD5:3C29FCD34D3581F851CC824313C09EFF
SHA256:A4544D624E0A74670D82DD01E2FE871F641EB70BB5AEB135A029AA723C32D12A
6324OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bintext
MD5:CC90D669144261B198DEAD45AA266572
SHA256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
6324OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_ContactPrefs_2_EA6A044B84E21B459C04F4510725041C.datxml
MD5:8BD87194AD4E92165AD51FEB25271160
SHA256:6C1B1E6B7A1F5A9499A3F7C66939B933D89EFD7BFF818255F57CD182C7474650
6324OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bintext
MD5:291F6EC6481943CC43481D525FCF41BF
SHA256:260C431F18E5A440E667786315C8498F23D459D081432A340CFA2F2D0E9CEF81
6324OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbresbinary
MD5:12459A1B71B0134A19DD20AD2B338CD5
SHA256:6B81C285049869DD1E01A9D040F55FB15F3399B1677C4245C5181861132A8014
6324OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\ZG6E2WIZ\Ultimo Aviso. Regularizar impuestos. (3.85 KB).msg:Zone.Identifiertext
MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
SHA256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
6324OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\ZG6E2WIZ\Ultimo Aviso. Regularizar impuestos. (3.85 KB).msgbinary
MD5:A2F2EE37DCA2CB5F5EDCDF45C807C0CC
SHA256:F4F3D162ED81961EC7D4ED6941AA128B347AC7C2094DE86A045A1478063D485F
6324OUTLOOK.EXEC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868binary
MD5:11B0AC16F1A1FC92653088B3DDF449B2
SHA256:B045132EA885AF07A0D638ACAB62E8F819775B1BA55EBC8F30BA03527DB3ABB8
6324OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journalbinary
MD5:83BCB5DB9011D6AE06C13B457CE716E9
SHA256:87DDB9DDDCC473717E76B2FE72FB9099742F7BFB5AAF3D63C1B870F3FEE33F41
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
83
TCP/UDP connections
148
DNS requests
148
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7768
svchost.exe
HEAD
200
23.48.23.7:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d6dac2cd-b55a-4a7d-aeb4-1cff97bb9dd4?P1=1683102445&P2=404&P3=2&P4=CTofZo4eGLaJSvKcRPlvVoA9QQABvfkDePZn0LkSm3tanzqhxHj%2fG6tCc%2fHOz9teQVtWpIJZ%2fz%2bYW9S6xWVhzw%3d%3d
US
whitelisted
7768
svchost.exe
GET
206
23.48.23.7:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d6dac2cd-b55a-4a7d-aeb4-1cff97bb9dd4?P1=1683102445&P2=404&P3=2&P4=CTofZo4eGLaJSvKcRPlvVoA9QQABvfkDePZn0LkSm3tanzqhxHj%2fG6tCc%2fHOz9teQVtWpIJZ%2fz%2bYW9S6xWVhzw%3d%3d
US
binary
1.09 Kb
whitelisted
6324
OUTLOOK.EXE
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAqvpsXKY8RRQeo74ffHUxc%3D
US
der
471 b
whitelisted
7768
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3
US
whitelisted
7768
svchost.exe
GET
206
23.48.23.7:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d6dac2cd-b55a-4a7d-aeb4-1cff97bb9dd4?P1=1683102445&P2=404&P3=2&P4=CTofZo4eGLaJSvKcRPlvVoA9QQABvfkDePZn0LkSm3tanzqhxHj%2fG6tCc%2fHOz9teQVtWpIJZ%2fz%2bYW9S6xWVhzw%3d%3d
US
binary
1.68 Kb
whitelisted
6324
OUTLOOK.EXE
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D
US
der
471 b
whitelisted
7768
svchost.exe
GET
206
23.48.23.7:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d6dac2cd-b55a-4a7d-aeb4-1cff97bb9dd4?P1=1683102445&P2=404&P3=2&P4=CTofZo4eGLaJSvKcRPlvVoA9QQABvfkDePZn0LkSm3tanzqhxHj%2fG6tCc%2fHOz9teQVtWpIJZ%2fz%2bYW9S6xWVhzw%3d%3d
US
binary
40.5 Kb
whitelisted
7768
svchost.exe
GET
206
23.48.23.7:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d6dac2cd-b55a-4a7d-aeb4-1cff97bb9dd4?P1=1683102445&P2=404&P3=2&P4=CTofZo4eGLaJSvKcRPlvVoA9QQABvfkDePZn0LkSm3tanzqhxHj%2fG6tCc%2fHOz9teQVtWpIJZ%2fz%2bYW9S6xWVhzw%3d%3d
US
binary
17.0 Kb
whitelisted
4736
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
7768
svchost.exe
GET
206
23.48.23.7:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d6dac2cd-b55a-4a7d-aeb4-1cff97bb9dd4?P1=1683102445&P2=404&P3=2&P4=CTofZo4eGLaJSvKcRPlvVoA9QQABvfkDePZn0LkSm3tanzqhxHj%2fG6tCc%2fHOz9teQVtWpIJZ%2fz%2bYW9S6xWVhzw%3d%3d
US
binary
173 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5756
svchost.exe
20.190.159.75:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6324
OUTLOOK.EXE
52.109.124.153:443
officeclient.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
SG
suspicious
7004
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6324
OUTLOOK.EXE
52.113.194.132:443
ecs.office.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
suspicious
6324
OUTLOOK.EXE
20.73.59.29:443
nleditor.osi.office.net
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6324
OUTLOOK.EXE
52.111.243.8:443
messaging.lifecycle.office.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
suspicious
6324
OUTLOOK.EXE
51.105.71.136:443
self.events.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
GB
suspicious
6324
OUTLOOK.EXE
20.16.167.54:443
nleditor.osi.office.net
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1872
SIHClient.exe
40.68.123.157:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6712
slui.exe
13.77.207.86:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
suspicious

DNS requests

Domain
IP
Reputation
officeclient.microsoft.com
  • 52.109.124.153
whitelisted
ecs.office.com
  • 52.113.194.132
whitelisted
roaming.officeapps.live.com
  • 52.109.76.225
whitelisted
omex.cdn.office.net
  • 23.48.23.42
  • 23.48.23.30
whitelisted
messaging.lifecycle.office.com
  • 52.111.243.8
whitelisted
nleditor.osi.office.net
  • 20.16.167.54
  • 20.73.59.29
  • 20.126.21.36
  • 20.229.111.167
whitelisted
self.events.data.microsoft.com
  • 51.105.71.136
  • 104.46.162.226
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.124.78.146
whitelisted
slscr.update.microsoft.com
  • 40.68.123.157
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
1682360557-1625ab24bf0cc40001-yr3sSN.eml