analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

phish_alert_sp2_2.0.0.0 PC James.eml

Full analysis: https://app.any.run/tasks/db8a69fc-afa0-47d4-9e6c-4ed3b8b3769e
Verdict: Malicious activity
Analysis date: January 14, 2022, 20:08:49
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: message/rfc822
File info: RFC 822 mail, ASCII text, with very long lines, with CRLF line terminators
MD5:

8F3E86CD1B0877380BD3D3EE998E6240

SHA1:

3A975047DCB9B2C9271F9D831B63E7C21827E0A2

SHA256:

538642E023B6D09DC2049735BE2A0A938B4C1AE07C176C10AAF18E8CC70795A0

SSDEEP:

384:XLu37jkxa6hKmEbW2I76sherSYwdBZqy+6l:XQjkxwmEbXJsYBw8r2

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Checks supported languages

      • OUTLOOK.EXE (PID: 1536)
      • notepad++.exe (PID: 3564)
    • Reads the computer name

      • OUTLOOK.EXE (PID: 1536)
    • Searches for installed software

      • OUTLOOK.EXE (PID: 1536)
    • Starts Internet Explorer

      • rundll32.exe (PID: 3864)
    • Uses RUNDLL32.EXE to load library

      • OUTLOOK.EXE (PID: 1536)
    • Creates files in the user directory

      • OUTLOOK.EXE (PID: 1536)
    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 3892)
      • iexplore.exe (PID: 3664)
    • Executed via COM

      • OUTLOOK.EXE (PID: 2856)
  • INFO

    • Reads the computer name

      • rundll32.exe (PID: 3864)
      • iexplore.exe (PID: 3956)
      • iexplore.exe (PID: 3892)
      • firefox.exe (PID: 516)
      • firefox.exe (PID: 2928)
      • firefox.exe (PID: 2456)
      • firefox.exe (PID: 3552)
      • firefox.exe (PID: 3900)
      • explorer.exe (PID: 2168)
      • iexplore.exe (PID: 3664)
      • firefox.exe (PID: 2960)
    • Checks supported languages

      • rundll32.exe (PID: 3864)
      • iexplore.exe (PID: 3956)
      • iexplore.exe (PID: 3892)
      • OUTLOOK.EXE (PID: 2856)
      • firefox.exe (PID: 516)
      • firefox.exe (PID: 2928)
      • firefox.exe (PID: 2456)
      • firefox.exe (PID: 3408)
      • firefox.exe (PID: 3900)
      • firefox.exe (PID: 3552)
      • explorer.exe (PID: 2168)
      • rundll32.exe (PID: 1632)
      • iexplore.exe (PID: 3664)
      • firefox.exe (PID: 2960)
    • Changes internet zones settings

      • iexplore.exe (PID: 3956)
    • Application launched itself

      • iexplore.exe (PID: 3956)
      • firefox.exe (PID: 3408)
      • firefox.exe (PID: 516)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 3892)
      • iexplore.exe (PID: 3956)
      • iexplore.exe (PID: 3664)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 3892)
      • iexplore.exe (PID: 3956)
      • iexplore.exe (PID: 3664)
    • Reads Microsoft Office registry keys

      • OUTLOOK.EXE (PID: 2856)
      • OUTLOOK.EXE (PID: 1536)
    • Manual execution by user

      • firefox.exe (PID: 3408)
      • explorer.exe (PID: 2168)
      • rundll32.exe (PID: 1632)
      • notepad++.exe (PID: 3564)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3892)
      • iexplore.exe (PID: 3664)
    • Reads CPU info

      • firefox.exe (PID: 516)
    • Creates files in the program directory

      • firefox.exe (PID: 516)
    • Creates files in the user directory

      • firefox.exe (PID: 516)
      • iexplore.exe (PID: 3956)
      • iexplore.exe (PID: 3892)
      • iexplore.exe (PID: 3664)
    • Reads the date of Windows installation

      • firefox.exe (PID: 516)
    • Changes settings of System certificates

      • iexplore.exe (PID: 3956)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3956)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.eml | E-Mail message (Var. 5) (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
60
Monitored processes
16
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start outlook.exe rundll32.exe no specs iexplore.exe iexplore.exe outlook.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs explorer.exe no specs rundll32.exe no specs iexplore.exe notepad++.exe firefox.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1536"C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE" /eml "C:\Users\admin\AppData\Local\Temp\phish_alert_sp2_2.0.0.0 PC James.eml"C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Outlook
Version:
14.0.6025.1000
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\microsoft office\office14\outlook.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3864"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\XGHDDIH3\Scan 11-2022.ShtmlC:\Windows\system32\rundll32.exeOUTLOOK.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
3956"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?LinkId=57426&Ext=ShtmlC:\Program Files\Internet Explorer\iexplore.exe
rundll32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3892"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3956 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2856"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" -EmbeddingC:\Program Files\Microsoft Office\Office14\OUTLOOK.EXEsvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Outlook
Exit code:
0
Version:
14.0.6025.1000
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\microsoft office\office14\outlook.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3408"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\firefox.exeExplorer.EXE
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
83.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
516"C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
83.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
2456"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="516.0.1747332802\1497908578" -parentBuildID 20201112153044 -prefsHandle 1128 -prefMapHandle 1120 -prefsLen 1 -prefMapSize 238726 -appdir "C:\Program Files\Mozilla Firefox\browser" - 516 "\\.\pipe\gecko-crash-server-pipe.516" 1212 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
83.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
2928"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="516.6.1567191283\1210935437" -childID 1 -isForBrowser -prefsHandle 2912 -prefMapHandle 2908 -prefsLen 181 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 516 "\\.\pipe\gecko-crash-server-pipe.516" 2924 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
83.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
3552"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="516.13.1737006784\36889785" -childID 2 -isForBrowser -prefsHandle 1796 -prefMapHandle 1832 -prefsLen 6644 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 516 "\\.\pipe\gecko-crash-server-pipe.516" 1864 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
83.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
Total events
39 701
Read events
38 779
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
114
Text files
163
Unknown types
29

Dropped files

PID
Process
Filename
Type
1536OUTLOOK.EXEC:\Users\admin\AppData\Local\Temp\CVRE581.tmp.cvr
MD5:
SHA256:
1536OUTLOOK.EXEC:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
MD5:
SHA256:
3956iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63der
MD5:AC68ACF50745357D4EA92B214D9E7132
SHA256:AE3F7FDE380D2D90571A61378E52B1BC284B4C4C6A1E099F6F022395EBED6154
1536OUTLOOK.EXEC:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.logtext
MD5:B5618FA9195B864997924AA8A9FB8915
SHA256:1297D3C322ED9676942BB5590C3C8E9FAB027B3DDEC1778A0BA2CBDA9DE456AC
1536OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\XGHDDIH3\Scan 11-2022.Shtmlhtml
MD5:C31843C9BE513AE78775F1E5F4195332
SHA256:E693BDAD0404675B88651EA099992CAA14B6838852F54A7D98ECAA13622D4DE2
3956iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:9EE5B7DF84FE2528F1D7007FA447AEA5
SHA256:DCCBC491562FFBCD7AFE284F89B30E8C8436D258BA1CED4CC9586B8C18127144
1536OUTLOOK.EXEC:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotmpgc
MD5:3CFB6718EEBE58A648471694DF8623F1
SHA256:91CF476E52C92960F71B348A9E67B12142FE3F72A4356781BB60CE776E4D534C
1536OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_AvailabilityOptions_2_96754E707A121A49BB49E3B184F9F2B3.datxml
MD5:EEAA832C12F20DE6AAAA9C7B77626E72
SHA256:C4C9A90F2C961D9EE79CF08FBEE647ED7DE0202288E876C7BAAD00F4CA29CA16
1536OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\XGHDDIH3\Scan 11-2022 (2).Shtmlhtml
MD5:C31843C9BE513AE78775F1E5F4195332
SHA256:E693BDAD0404675B88651EA099992CAA14B6838852F54A7D98ECAA13622D4DE2
3956iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63binary
MD5:58390417D29EF1C54BDAA16DF1245CDF
SHA256:B9D15629CE07C412B90EA7AA56E4F6C1023697857EE75C92E3584F0B1C090868
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
16
TCP/UDP connections
70
DNS requests
103
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1536
OUTLOOK.EXE
GET
64.4.26.155:80
http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig
US
whitelisted
3956
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
516
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt
US
text
8 b
whitelisted
3892
iexplore.exe
GET
301
2.16.186.51:80
http://shell.windows.com/fileassoc/fileassoc.asp?Ext=Shtml
unknown
whitelisted
516
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
3956
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?5432b21b0ee97f60
US
compressed
4.70 Kb
whitelisted
516
firefox.exe
POST
200
142.250.184.227:80
http://ocsp.pki.goog/gts1c3
US
der
471 b
whitelisted
516
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt
US
text
8 b
whitelisted
3956
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
516
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3956
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
1536
OUTLOOK.EXE
64.4.26.155:80
config.messenger.msn.com
Microsoft Corporation
US
whitelisted
516
firefox.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3956
iexplore.exe
13.107.21.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
3956
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
Highwinds Network Group, Inc.
US
whitelisted
516
firefox.exe
34.107.221.82:80
detectportal.firefox.com
US
whitelisted
3892
iexplore.exe
104.92.93.19:443
go.microsoft.com
Akamai Technologies, Inc.
NL
unknown
516
firefox.exe
18.66.139.31:443
firefox.settings.services.mozilla.com
Massachusetts Institute of Technology
US
suspicious
3956
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
516
firefox.exe
35.163.137.0:443
location.services.mozilla.com
Amazon.com, Inc.
US
unknown

DNS requests

Domain
IP
Reputation
config.messenger.msn.com
  • 64.4.26.155
whitelisted
go.microsoft.com
  • 104.92.93.19
  • 2.19.36.223
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 13.107.21.200
  • 204.79.197.200
whitelisted
ctldl.windowsupdate.com
  • 209.197.3.8
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted

Threats

PID
Process
Class
Message
516
firefox.exe
Potentially Bad Traffic
ET INFO Terse Request for .txt - Likely Hostile
516
firefox.exe
Potentially Bad Traffic
ET INFO Terse Request for .txt - Likely Hostile
516
firefox.exe
Potentially Bad Traffic
ET INFO Terse Request for .txt - Likely Hostile
516
firefox.exe
Potentially Bad Traffic
ET INFO Terse Request for .txt - Likely Hostile
3892
iexplore.exe
Generic Protocol Command Decode
SURICATA HTTP unable to match response to request
Process
Message
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\SciLexer.dll
notepad++.exe
VerifyLibrary: certificate revocation checking is disabled
notepad++.exe
ED255D9151912E40DF048A56288E969A8D0DAFA3
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\updater\gup.exe
notepad++.exe
VerifyLibrary: certificate revocation checking is disabled
notepad++.exe
ED255D9151912E40DF048A56288E969A8D0DAFA3
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\plugins\Config\nppPluginList.dll
notepad++.exe
VerifyLibrary: certificate revocation checking is disabled
notepad++.exe
ED255D9151912E40DF048A56288E969A8D0DAFA3
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\updater\gup.exe