| File name: | osn.exe |
| Full analysis: | https://app.any.run/tasks/e4549453-f768-4718-a4a1-a7b3a9a91716 |
| Verdict: | Malicious activity |
| Analysis date: | January 31, 2026, 14:18:52 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Tags: | |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32+ executable (GUI) x86-64, for MS Windows, 6 sections |
| MD5: | F6136830DB5C1FE80F837278969E9FE8 |
| SHA1: | B41118301F295DA2DA51595B21242BF0CE20F400 |
| SHA256: | 5BF2EF528B306332F6550CD87ED823595B642143231A53AB193F897317E31D9C |
| SSDEEP: | 98304:9w7dret35rEasAF7B80AUEtIPzOYo8kWkiZHVmtFRICMIS4tltupHA0Ot5+GdVqj:OLvJfx/c |
MALICIOUS
XORed URL has been found (YARA)
- osn.exe (PID: 7604)
SUSPICIOUS
Starts CMD.EXE for commands execution
- osn.exe (PID: 7604)
INFO
Starts MODE.COM to configure console settings
- mode.com (PID: 7712)
Checks supported languages
- mode.com (PID: 7712)
- identity_helper.exe (PID: 3212)
- osn.exe (PID: 7604)
Reads the computer name
- osn.exe (PID: 7604)
- identity_helper.exe (PID: 3212)
Application launched itself
- msedge.exe (PID: 8892)
- msedge.exe (PID: 5308)
Reads Environment values
- identity_helper.exe (PID: 3212)
Drops script file
- msedge.exe (PID: 7648)
- msedge.exe (PID: 8892)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win64 Executable (generic) (76.4) |
|---|---|---|
| .exe | | | Win32 Executable (generic) (12.4) |
| .exe | | | Generic Win/DOS Executable (5.5) |
| .exe | | | DOS Executable Generic (5.5) |
EXIF
EXE
| MachineType: | AMD AMD64 |
|---|---|
| TimeStamp: | 2017:07:13 06:22:54+00:00 |
| ImageFileCharacteristics: | Executable, Large address aware |
| PEType: | PE32+ |
| LinkerVersion: | 14.5 |
| CodeSize: | 1409536 |
| InitializedDataSize: | 500736 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x154cfc |
| OSVersion: | 6 |
| ImageVersion: | - |
| SubsystemVersion: | 6 |
| Subsystem: | Windows GUI |
Total processes
174
Monitored processes
28
Malicious processes
1
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 684 | "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6240,i,8511489301665666145,646935238021968121,262144 --variations-seed-version --mojo-platform-channel-handle=6268 /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: PWA Identity Proxy Host Exit code: 3221226029 Version: 133.0.3065.92 Modules
| |||||||||||||||
| 1388 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5604,i,8511489301665666145,646935238021968121,262144 --variations-seed-version --mojo-platform-channel-handle=5600 /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Version: 133.0.3065.92 Modules
| |||||||||||||||
| 1824 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6560,i,8511489301665666145,646935238021968121,262144 --variations-seed-version --mojo-platform-channel-handle=6644 /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 133.0.3065.92 Modules
| |||||||||||||||
| 1872 | C:\WINDOWS\system32\cmd.exe /c color f0 | C:\Windows\System32\cmd.exe | — | osn.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 3036 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2776,i,8511489301665666145,646935238021968121,262144 --variations-seed-version --mojo-platform-channel-handle=2716 /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Version: 133.0.3065.92 Modules
| |||||||||||||||
| 3212 | "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6240,i,8511489301665666145,646935238021968121,262144 --variations-seed-version --mojo-platform-channel-handle=6268 /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: PWA Identity Proxy Host Exit code: 0 Version: 133.0.3065.92 Modules
| |||||||||||||||
| 4724 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3616,i,8511489301665666145,646935238021968121,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Version: 133.0.3065.92 Modules
| |||||||||||||||
| 5308 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://nitr0.club/shop | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Exit code: 0 Version: 133.0.3065.92 Modules
| |||||||||||||||
| 5780 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=3796,i,8511489301665666145,646935238021968121,262144 --variations-seed-version --mojo-platform-channel-handle=3916 /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 133.0.3065.92 Modules
| |||||||||||||||
| 5872 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-quic --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=6728,i,8511489301665666145,646935238021968121,262144 --variations-seed-version --mojo-platform-channel-handle=6788 /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Exit code: 0 Version: 133.0.3065.92 Modules
| |||||||||||||||
Total events
1 083
Read events
1 079
Write events
4
Delete events
0
Modification events
| (PID) Process: | (6992) cmd.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer |
| Operation: | write | Name: | SlowContextMenuEntries |
Value: 6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000 | |||
| (PID) Process: | (6992) cmd.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (6992) cmd.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (6992) cmd.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
Executable files
0
Suspicious files
16
Text files
221
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 8892 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF1e873f.TMP | — | |
MD5:— | SHA256:— | |||
| 8892 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old | — | |
MD5:— | SHA256:— | |||
| 8892 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF1e874e.TMP | — | |
MD5:— | SHA256:— | |||
| 8892 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF1e874e.TMP | — | |
MD5:— | SHA256:— | |||
| 8892 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old | — | |
MD5:— | SHA256:— | |||
| 8892 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old | — | |
MD5:— | SHA256:— | |||
| 8892 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF1e875e.TMP | — | |
MD5:— | SHA256:— | |||
| 8892 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old | — | |
MD5:— | SHA256:— | |||
| 8892 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF1e877d.TMP | — | |
MD5:— | SHA256:— | |||
| 8892 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old | — | |
MD5:— | SHA256:— | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
53
TCP/UDP connections
59
DNS requests
48
Threats
1
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
5180 | svchost.exe | GET | 304 | 20.73.194.208:443 | https://settings-win.data.microsoft.com/settings/v3.0/WSD/UpdateHealthTools?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3626&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=SedimentPack&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2 | US | — | — | whitelisted |
7604 | osn.exe | GET | 200 | 67.217.63.103:81 | http://67.217.63.103:81/c6d01c30e4d0/api/time | US | text | 80 b | unknown |
7604 | osn.exe | GET | 200 | 67.217.63.103:81 | http://67.217.63.103:81/c6d01c30e4d0/api/config/26b799fa | US | text | 2.37 Kb | unknown |
7604 | osn.exe | GET | 200 | 67.217.63.103:81 | http://67.217.63.103:81/c6d01c30e4d0/api/time | US | text | 80 b | unknown |
804 | lsass.exe | GET | 200 | 104.18.21.213:80 | http://e8.c.lencr.org/21.crl | US | binary | 59.7 Kb | unknown |
7604 | osn.exe | GET | 200 | 192.0.77.3:443 | https://64.media.tumblr.com/282db3e6af5a7e4a2a052065a7976c82/0eb9aa7ea46413ad-e5/s500x750/c210031420524c5200bb643ff409652a519f6e67.gif | US | image | 128 Kb | unknown |
7604 | osn.exe | POST | 200 | 67.217.63.103:81 | http://67.217.63.103:81/c6d01c30e4d0/api/auth | US | text | 10 b | unknown |
5180 | svchost.exe | GET | 200 | 23.216.77.6:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | NL | binary | 825 b | whitelisted |
7604 | osn.exe | GET | 200 | 67.217.63.103:81 | http://67.217.63.103:81/c6d01c30e4d0/api/config/26b799fa?config={"GIF_speed":1.0,"a_pos":0,"a_tab":[0,0,0],"accent_tint":true,"active_text":[0.03999999910593033,0.03999999910593033,0.03999999910593033],"aimassist_combat":false,"aimassist_key":0,"aimassist_toggle":true,"alpha":0.20000000298023224,"antibot":false,"auto_360_interval":0,"auto_360_key":0,"auto_360_left":50,"auto_360_right":50,"auto_360_speed":9.999999747378752e-05,"b_pos":0,"b_tab":[0,0,0],"border_col":[0.125,0.125,0.125],"break_blocks":false,"break_blocks_legit":false,"button_alpha":0.6499999761581421,"button_sel":[0,0,1,0],"c_pos":0,"c_tab":[0,0,0],"cache_target":false,"click_time":250,"clicker_key":0,"clicker_toggle":true,"combine":false,"crouch_button":16,"d_pos":0,"d_tab":[0,0,0],"disabled_text":[0.1599999964237213,0.1599999964237213,0.1599999964237213],"down_button":83,"dpi_awareness":true,"forward_button":87,"fov_low_cpu":true,"height":1.0,"height_offset":0.0,"hide_key":0,"hitbox_controlled":false,"hitbox_key":0,"hitbox_toggle":false,"hitbox_width":0.6000000238418579,"horizontal_aimassist":false,"hue":0.6499999761581421,"hue_shift":true,"hue_speed":12.0,"huebar":true,"huebar_header":true,"huebar_scale":1.25,"huebar_thickness":3,"image_URL":"https://64.media.tumblr.com/282db3e6af5a7e4a2a052065a7976c82/0eb9aa7ea46413ad-e5/s500x750/c210031420524c5200bb643ff409652a519f6e67.gif","image_pos.x":0.0,"image_pos.y":0.0,"imgui_size":[602.0,429.0],"imgui_size_DEF":[602.0,429.0],"input_velo":true,"intuitive_mode":false,"lcps":[0,0],"left_button":65,"linear":1.0,"menu_check_left":true,"menu_check_right":false,"no_backwards":false,"oderso_reach_limit":2.9000000953674316,"oderso_reach_modifier":1.0,"percentage":true,"primary_bg":[0.07000000029802322,0.07000000029802322,0.07000000029802322],"primary_text":[0.9399999976158142,0.9399999976158142,0.9399999976158142],"priming":false,"randomize":false,"rcps":[0,0],"reach":3.0,"reach_combat":false,"reach_key":0,"reach_toggle":true,"resist":0,"reversed_mouse_input":false,"right_button":68,"rounding":2.5,"sat":0.800000011920929,"scale_image":true,"scale_size":1.0,"scroll_pos":0.0,"secondary_bg":[0.10000000149011612,0.10000000149011612,0.10000000149011612],"set_round":true,"smooth":10.0,"sprint":false,"sprint_button":17,"sprint_key":0,"target_check":false,"threshold_distance":5.0,"threshold_fov[0]":0.4000000059604645,"threshold_fov[1]":0.0,"timer":1.0,"timer_combat":false,"timer_key":0,"timer_toggle":true,"track_a":[false,false,false],"track_b":[false,false,false],"track_c":[false,false,false],"track_d":[false,false,false],"triggerbot":false,"tuner":1000,"val":1.0,"velocity_combat":false,"velocity_key":0,"velocity_toggle":true,"vertical_aimassist":false,"wall_check":false,"window_lock":true,"zoom_key":0,"zoom_speed":5.0} | US | text | 2 b | unknown |
5180 | svchost.exe | GET | 200 | 20.73.194.208:443 | https://settings-win.data.microsoft.com/settings/v3.0/WSD/WaaSAssessment?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&ring=Retail&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=10.0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=WaaSAssessment&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&ServicingBranch=CB&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&HonorWUfBDeferrals=0&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2 | US | text | 5.66 Kb | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | Not routed | — | whitelisted |
5180 | svchost.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
7236 | RUXIMICS.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
6768 | MoUsoCoreWorker.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
7604 | osn.exe | 67.217.63.103:81 | nitr0.club | IS-AS-1 | US | unknown |
4 | System | 192.168.100.255:138 | — | Not routed | — | whitelisted |
7604 | osn.exe | 192.0.77.3:443 | 64.media.tumblr.com | AUTOMATTIC | US | suspicious |
804 | lsass.exe | 104.18.21.213:80 | e8.c.lencr.org | CLOUDFLARENET | US | whitelisted |
5180 | svchost.exe | 20.73.194.208:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
5180 | svchost.exe | 23.216.77.6:80 | crl.microsoft.com | AKAMAI-ASN1 | NL | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
self.events.data.microsoft.com |
| whitelisted |
64.media.tumblr.com |
| unknown |
e8.c.lencr.org |
| whitelisted |
crl.microsoft.com |
| whitelisted |
edge.microsoft.com |
| whitelisted |
config.edge.skype.com |
| whitelisted |
nitr0.club |
| unknown |
api.edgeoffer.microsoft.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
5180 | svchost.exe | Unknown Traffic | ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW) |