File name:

phish_alert_sp2_2.0.0.0.eml

Full analysis: https://app.any.run/tasks/bea3b45b-3cb4-4629-8ef0-c4f39ba3bbe5
Verdict: Malicious activity
Analysis date: May 16, 2025, 21:12:21
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
susp-attachments
attachments
attc-html
phishing
Indicators:
MIME: message/rfc822
File info: RFC 822 mail, ASCII text, with CRLF line terminators
MD5:

22A413C2309EB921CD3CC61A1E892FD5

SHA1:

E332C66D55A434C716536F203DA443019767F8F8

SHA256:

66B7BF37C1F67EDBBF33ABDE0506615A9A5183A3909C05A796A93F20CA236B0E

SSDEEP:

3072:RFjpwzmKZQQedEn4jddkn4KzrpuZGVLK0TI2st8N4iAX1OirJ85ZTzNDdYrzlakB:isK4xoxzAGVLKC2C/ABrJ8IrzlLdj1

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 7632)

  • SUSPICIOUS

    • Email with suspicious attachment

      • OUTLOOK.EXE (PID: 4756)

  • INFO

    • Reads Environment values

      • identity_helper.exe (PID: 1280)

    • Email with attachments

      • OUTLOOK.EXE (PID: 4756)

    • Checks supported languages

      • identity_helper.exe (PID: 1280)

    • Application launched itself

      • msedge.exe (PID: 7392)

    • Reads the computer name

      • identity_helper.exe (PID: 1280)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.eml | E-Mail message (Var. 5) (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
157
Monitored processes
26
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start outlook.exe sppextcomobj.exe no specs slui.exe no specs ai.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs #PHISHING msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
632"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5132 --field-trial-handle=2408,i,5089071669761729586,4563135874422323836,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1184"C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exe" "7EC62654-7B92-46A9-B09A-71EB50D7559C" "2AA9572E-9F96-48DD-96F3-BEE39A3D6B60" "4756"C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exeOUTLOOK.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Artificial Intelligence (AI) Host for the Microsoft® Windows® Operating System and Platform x64.
Version:
0.12.2.0
Modules
Images
c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\ai.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\common files\microsoft shared\clicktorun\appvisvsubsystems64.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\program files\common files\microsoft shared\clicktorun\c2r64.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ole32.dll
1280"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5912 --field-trial-handle=2408,i,5089071669761729586,4563135874422323836,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
4008"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5912 --field-trial-handle=2408,i,5089071669761729586,4563135874422323836,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
4756"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml C:\Users\admin\AppData\Local\Temp\phish_alert_sp2_2.0.0.0.emlC:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Outlook
Version:
16.0.16026.20146
Modules
Images
c:\program files\microsoft office\root\office16\outlook.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\advapi32.dll
c:\program files\common files\microsoft shared\clicktorun\appvisvsubsystems64.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
4892"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5964 --field-trial-handle=2408,i,5089071669761729586,4563135874422323836,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5960"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exeSppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
6512"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5220 --field-trial-handle=2408,i,5089071669761729586,4563135874422323836,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6592"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5740 --field-trial-handle=2408,i,5089071669761729586,4563135874422323836,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6728C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
Total events
13 727
Read events
12 589
Write events
1 018
Delete events
120

Modification events

(PID) Process:(4756) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Preferences
Operation:delete valueName:ChangeProfileOnRestart
Value:
(PID) Process:(4756) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046
Operation:writeName:00030429
Value:
09000000
(PID) Process:(4756) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
Operation:writeName:ProfileBeingOpened
Value:
Outlook
(PID) Process:(4756) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046
Operation:writeName:00030397
Value:
60000000
(PID) Process:(4756) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Experiment\outlook
Operation:writeName:BuildNumber
Value:
16.0.16026
(PID) Process:(4756) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
Operation:writeName:Expires
Value:
int64_t|0
(PID) Process:(4756) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
Operation:delete valueName:ConfigIds
Value:
(PID) Process:(4756) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook
Operation:delete valueName:ETag
Value:
(PID) Process:(4756) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
Operation:writeName:1
Value:
4D736F3A3A436865636B73756D52656769737472793A3A446174617C75696E7436345F747C2D3631393139353733303033353835363936313B456373436F6E666967526573706F6E7365446174617C7B202256657222203A2022696E7433325F747C30222C2022436F6E6649647322203A20227374643A3A77737472696E677C502D522D313039383135382D312D352C502D522D37363735372D312D322C502D522D32363134362D352D31372C502D442D32393633352D312D312C502D442D32373038372D312D392C502D522D37393638382D312D332C502D582D313035363139362D322D332C502D522D313037353533392D342D362C502D522D313036353130332D342D352C502D522D313034303537342D342D382C502D522D313032313439312D342D342C502D522D313032303733302D322D31302C502D522D313031393539312D342D342C502D522D313030343536312D342D342C64686965643636303A3434383338312C502D582D39383531382D362D392C502D582D313036313437302D322D332C502D582D313032313936352D312D372C502D582D313032313936382D322D332C502D582D37333633392D312D352C502D522D313037383237352D342D372C502D522D313037363531382D342D362C502D522D313036393531352D342D362C502D522D313032353434342D342D352C502D522D33333737342D36342D3235302C626C6F636B6564677261706869637361646170746572353A3437353839392C66653635313636373A3336313635382C37326838623835393A3238343430302C38306562633336353A3236353636392C61696764693533333A3338303138352C502D522D35383634302D312D332C502D582D37343731382D312D392C502D522D313037343034382D362D372C502D522D33353039392D322D342C6175656E613732343A3537373735332C502D522D313038313433312D382D362C502D522D313035333437382D382D352C502D522D33343834332D342D362C502D582D37313237342D312D372C502D522D33333832322D31342D36362C502D522D34353438332D31362D35332C502D522D35303731372D31382D36302C502D522D38373538372D342D342C502D522D37353036392D312D332C502D522D37353030312D312D332C502D522D36383135322D31382D32312C502D522D35323331362D31382D33372C502D522D34393136322D31382D31332C502D522D34393136312D31382D31332C502D522D34303235332D362D31392C502D522D34303235342D362D31382C502D522D33353430312D362D372C502D522D33323130372D32322D32322C636C70726F3130353A3436363736322C502D582D3130393138392D312D352C502D582D313030333535362D312D352C502D522D35383236362D34382D33392C502D522D32343938302D382D34382C502D522D31383237392D322D36352C63753637333A3332353936392C63756973663436343A3434363635342C502D582D313033363930382D312D332C502D522D3131333931352D382D372C502D522D35323938322D31382D33342C502D522D35313134352D322D372C67356234623530373A3238363035352C502D582D313031323533332D312D352C502D522D313036393430352D342D382C502D522D313035303139342D33322D32312C502D522D34313034362D32322D38312C64696173793933323A3237333238302C502D582D313037373139382D322D352C502D582D313034383430382D322D352C502D582D38353335392D312D31332C502D582D38393031322D312D31312C502D522D313036313635312D382D362C502D522D313034323432302D342D332C502D522D313033363136342D342D372C502D522D3131333530382D382D362C502D522D39353631362D382D352C502D522D37393631362D312D332C502D522D37373632312D312D332C502D522D37373230342D312D332C502D522D37363130372D312D332C502D522D37343333342D312D332C502D522D37343433392D312D332C502D522D37333634322D312D332C502D522D36383933382D312D362C502D522D36323837352D322D342C502D522D36303537392D322D322C502D522D36303333332D312D332C502D522D35383130372D322D322C502D522D35353734332D312D332C502D522D35313935382D312D352C502D522D33383038352D31322D392C502D522D33353338392D31382D33382C75736570726570726F63743A3337333738382C7573657632656E64706F696E7474726561746D656E743A3333333939332C6E617469766577696E333272646C3A3138363734342C646F6373686F6D6570616765736561726368656E61626C65616767726567617465646D7275736561726368736F757263653A3137353733392C502D522D313033343136392D31302D372C502D582D313037383537362D322D332C502D582D313035393131312D312D332C502D582D38303734322D312D31312C502D582D39333738372D332D31312C502D582D313035363137372D322D332C502D582D37393936312D312D372C502D582D313033333335362D322D332C502D582D39393034342D312D332C502D582D39363134312D312D332C502D452D32383637372D322D332C502D522D35353132322D382D382C502D522D35303235352D31302D392C502D522D34353331342D31302D31362C37393332313738393A3335353439302C336A6768393438383A3337353232372C6578706F773334343A3337353535352C65787069766F746E6F6E64657374727563746976656175746F67726F75703A3338373137392C69393268333737303A3333363131342C657861766F3833333A3234393839332C736D617274726563616C632D74726561746D656E743A3433313131322C6D6F6465726E62726F777365726F617574686469616C6F673A3230383934332C65786973723434383A3230383933342C502D582D313234303832332D312D332C502D452D33383233312D43312D342C502D522D313234353636322D31352D342C502D522D3130383334322D31342D31372C502D522D39353232352D31342D31372C502D522D39343636312D31342D31332C502D522D39343536302D31342D31322C502D522D39343138392D31342D31332C502D522D39333838322D31342D32362C502D522D36313134372D4331372D322C502D522D35343732382D31362D32332C502D522D35343639382D31362D31362C502D522D35343635382D31382D31392C502D522D34303034392D322D32392C502D522D33383330362D4331372D332C502D522D33343031392D342D332C77696E333264657669636563616E6172793A3534313438332C77696E333264657669636563616E6172793A3534313438332C502D582D313035313539312D312D352C502D582D313030373237342D332D31372C502D582D313030373237352D31332D34352C502D582D38353839362D312D31392C502D582D39313739302D312D352C502D582D313031343433312D312D372C502D582D3131363131352D312D392C502D582D3130373539352D312D352C502D582D36313130322D332D31312C502D582D35313236322D312D31312C502D582D35323539312D312D31312C502D582D39383636352D312D392C502D582D39383635352D312D352C502D582D38343436342D312D352C502D582D35343335382D312D372C502D582D35333937352D332D392C502D582D36393138392D312D372C502D582D35363237342D312D392C502D582D36333133342D312D372C502D582D35383637382D312D352C502D582D35353833322D312D362C502D582D35363134372D312D352C502D582D35363135342D312D352C502D582D35343231322D312D352C502D522D313535343133302D342D352C502D522D313535343132372D342D352C502D522D313535343132322D342D362C502D522D313037343833392D382D352C502D522D313037343430372D382D352C502D522D313037343033302D382D342C502D522D313037323332362D382D362C502D522D313036323835322D382D392C502D522D313035333236392D382D352C502D522D39353038322D382D352C502D522D39333937302D382D342C502D522D36393036352D312D332C502D522D35393139332D312D332C502D522D34353630392D31342D362C502D522D34353139372D322D362C502D522D34303938302D31382D31362C502D522D33393032392D352D31382C502D522D33353136352D322D372C502D522D32393830392D312D372C502D522D32363936382D332D392C502D522D31383432352D382D36322C502D522D31383432362D352D33302C502D522D31383432342D342D33342C502D442D313130393930372D342D31322C686E6C6162656C3A3630333036372C686E656469746F72733A3531383233342C356D696E31306D696E5F31306D696E6772616365706572696F643A3531373738392C66696C69733436363A3733363730322C66696D6F633234383A3139333439312C62657474657262726561646372756D62733A3439303833362C6669616C6C3139383A3439383838372C66696261633936373A3630383537312C66697465733231373A3136313436382C66697265663334363A33343532352C66696D6F633538393A32383937392C6772617068617069666F726F64656E61626C6564726F6C6C6F75743A3339343135362C6F6E656472697665636F6E76657267656E6365656E6C69676874656E6564726F6C6C6F75743A3135393033382C66696F6D693239333A3131383038312C6669656E613934373A33303633352C66697374613430373A36313032372C6669656E613930333A36353934342C66696461763236353A35353033352C66696361633834313A34393636342C6669656E613431353A33383738302C6669656E613439303A33343138312C72656D6F74656D6F76656465766963653A34323530302C6669656E613237363A34313030342C6669656E613338313A34393939372C502D582D313032303335332D312D372C502D522D313233363533302D382D322C502D522D313037383537312D31382D382C502D522D313034363334302D31382D31352C502D522D313033343131382D31382D32302C502D522D313032363335342D31382D32312C502D522D36313730372D33362D32382C502D522D35333534352D342D352C502D522D34393733362D362D32322C502D522D33303038352D312D392C502D522D32353135372D382D31342C502D522D32343336332D362D31332C502D522D31393831342D312D36322C502D522D31393031322D312D35372C666C656E613231343A3532363832342C666C656E613231343A3532363832342C502D582D313032343434382D312D332C30356269353338323A3430333333312C502D582D313035363435362D322D31312C502D582D313031383536342D332D392C502D582D313032303539372D312D372C502D582D313030393332392D312D372C502D582D313031313434322D312D31312C502D582D313031393633322D312D332C502D582D313031353535342D312D352C502D582D313031303331342D312D352C502D582D3130383336342D312D332C502D582D37373734322D312D352C502D582D38363339352D312D352C502D582D38343332312D312D352C502D582D35303232302D312D332C502D582D34393733302D312D332C502D522D313034333838352D362D362C502D522D313031343435322D382D382C502D522D36343834312D32322D31352C502D522D36333130302D32382D31302C502D522D35323033382D32382D31382C502D522D34303939302D31322D31352C502D522D33323734342D31342D31352C502D522D33323734312D33322D31362C502D522D32383735312D322D32302C69693435373531323A3434393137382C6272616B696E67736B703A3338383633312C6772616C743139333A3431313231352C6772616C743232323A3334353534372C67726766783930363A3432333930352C67723233343A3433343331362C6772736B693435353A3537383535332C67723331323A3631333334312C67723337303A3538333038372C677264656C3334373A3132373632382C67727376673936303A3435323639302C67727573653434343A3132343039312C67727573653438383A3537303335382C677269636F3430363A31393737372C502D582D3130353838392D312D352C32346139333336353A3134373734372C502D522D35303432392D31382D382C502D522D33363533392D31302D352C502D522D32343038342D312D31362C502D582D313535393535332D312D332C502D582D313034393232352D312D332C502D582D313033333336302D312D352C502D582D313033333335352D312D332C502D582D313031313137332D312D352C502D522D313537363838342D31332D31342C502D522D313434353932342D382D362C502D522D313130313038312D382D352C502D522D313037373631302D382D352C502D522D313032363534322D382D342C502D522D313032313732352D31382D35302C502D522D35333432312D32382D31342C502D522D34303437352D32382D32382C502D522D33353938352D31342D32332C502D522D33323030342D322D352C37613961633834303A3736333637322C39373935633332303A3335393832302C32646262623537393A3238363232352C69383364613438393A3338383033382C69643539323A3238383731342C502D582D38383033352D312D352C6C616C616E3233313A3134303738312C502D582D313237363530392D312D352C502D582D313033393636392D312D392C502D582D313035363637392D312D362C502D582D313031323534332D342D32352C502D582D3130333738362D312D332C502D522D313238303432352D31332D31372C502D522D36313234382D31382D372C502D522D35313939352D31382D32382C502D522D33323433382D31352D35352C69306437363937303A3539383638392C31343530373439353A3430363034302C6C6F6F705F6761726F6C6C6F75743A3431303034392C65663635393538383A3430343732312C6C656973753732343A3631303738342C502D582D313034343531342D322D372C502D582D313036313732332D322D352C502D582D313037363235322D312D362C502D582D313034393634392D322D352C502D582D313034373731352D322D372C502D582D313031343139352D342D31392C502D582D313032363133312D322D352C502D582D313032373931332D312D31312C502D582D313031373734352D382D31342C502D582D3130383634332D322D372C502D582D39353630352D322D332C502D522D313035383637352D382D342C502D522D313033363537362D342D342C502D522D39383131302D342D352C502D522D37393936332D312D322C502D522D36303831362D31302D31392C502D522D35313736342D312D342C502D522D34323339322D322D342C502D522D33393037332D312D352C70697063687962726964743A3333363236352C326766396A3631383A3336323439302C396A6734633839333A3335373434342C34676839653230353A3438333737382C363135316A3631333A3434373631392C67643868383735353A3331373939302C6A6A3035303832373A3234353136322C61306537323236393A3332323039342C37673633363833323A3236383639382C37366534673937353A3332343937392C67306864303232313A3435303335352C502D522D313132333337362D31302D31342C502D522D313030393835352D31322D31342C502D522D39383835362D31382D34382C502D522D313036313233392D382D362C502D522D34333438392D33302D31352C502D522D33383431302D31322D32332C502D582D313239313234362D322D332C502D582D313236343332372D312D392C502D582D313032313731342D322D352C502D582D313032373135362D312D372C502D582D313031323836352D312D352C502D582D313036313138302D322D372C502D582D313037313733392D312D332C502D582D313036363534362D312D31332C502D582D38393837382D312D352C502D582D313035303032352D312D31312C502D582D313035303636352D332D372C502D582D313034313735362D322D352C502D582D313032313432332D322D352C502D582D313031393538312D312D332C502D582D313030363137342D312D352C502D582D3131383230392D312D332C502D582D35313735392D312D332C502D522D313536353432382D322D332C502D522D313533343538302D382D322C502D522D313532363931352D382D332C502D522D313234393337302D342D352C502D522D313039343131352D342D342C502D522D313038393139322D362D352C502D522D313031373036362D342D352C502D522D3131373934312D342D342C502D522D35393533342D312D332C502D522D35343535372D312D332C63683337313137393A3630303339362C33326535613931333A3538333337322C64633031373739383A3533373631302C31323568373933353A3335313834372C6361726574706F736974696F6E6368616E6765643A3339343139362C38376A61613633343A3336383734362C3866316A663234323A3638313635382C62656C6F776F70656E646976696465723A3534323535372C6F6575696C3832303A3332363132342C726573706563746C6F6F707374796C653A3639313535392C6F65656E61626C656F73666964656E746974796D616E616765723A3434393931392C67623038643735323A3239323132322C65333931323438393A3338393436372C6F656D69633633393A3339373735332C6F65616C6C3834333A3337353838372C6F65666C753433343A3332313933392C6F656D61633335383A32303530322C726573706563746C6F6F707374796C653A3639313535392C502D522D37313336302D31382D31392C502D582D37363535352D312D332C6F6E6D61703336363A38313734302C502D442D313437363534302D312D332C502D442D313234383335302D332D332C502D442D313232303436342D392D352C502D442D313033303630312D332D332C502D442D313135373731372D312D332C502D442D313134393433362D312D332C502D442D313133313332392D362D372C502D442D313131303935362D342D332C502D442D313038343536352D332D332C502D442D313037333031342D352D332C502D442D313035393333322D322D342C502D442D313034323830332D322D342C502D442D313033373534312D372D362C502D442D313033333339312D322D342C502D442D313033313531322D312D332C502D442D313033313531302D312D332C502D442D313033313530392D312D332C502D442D313033313530382D312D332C502D442D313033313436302D312D332C502D442D313033313435362D322D342C502D442D313033313435352D312D332C502D442D313033313435342D312D332C502D442D313033313435332D312D332C502D442D313033313435322D312D332C502D442D313033313435312D312D332C502D442D313033313435302D312D332C502D442D313033313434392D312D332C502D442D313033313434382D312D332C502D442D313033313434372D312D332C502D442D313033313434362D312D332C502D442D313033313337332D312D332C502D442D313033313035302D342D332C502D442D313033313032322D312D332C502D442D313033313031382D312D332C502D442D313033313031322D312D332C502D442D313033303936342D312D332C502D442D313033303936332D312D332C502D442D313033303932362D312D332C502D442D313033303932332D322D332C502D442D313033303932322D322D332C502D442D31303330393230
(PID) Process:(4756) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
Operation:writeName:ChunkCount
Value:
uint64_t|0
Executable files
5
Suspicious files
58
Text files
35
Unknown types
0

Dropped files

PID
Process
Filename
Type
4756OUTLOOK.EXEC:\Users\admin\Documents\Outlook Files\Outlook1.pst
MD5:
SHA256:
4756OUTLOOK.EXEC:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotmbinary
MD5:F9C5C7B4EF5728A27BC1700E43B419B5
SHA256:EE3A37BE070AB533E634CAA5768FA29FFFEC97A93BC18C966B37D8C5D7BCB2EF
4756OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_TableViewPreviewPrefs_2_543AB4E4ED505742B1BD8C2011022EB7.datxml
MD5:0E092DB99AEE99FDFF9B5B222C732CFD
SHA256:D1614AD99ADED9F6F5C1BE7FE7FFA5124BD04A526580DA3818EA8A954E852AA6
4756OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbresbinary
MD5:9A3CE63EA267B2FACC1A1EEF7C7061F2
SHA256:46108D1D18DD47C7947B450A7B4E7C958A09E776F98051B3423FFFE79E534A42
4756OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bintext
MD5:CC90D669144261B198DEAD45AA266572
SHA256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
4756OUTLOOK.EXEC:\Users\admin\AppData\Local\Temp\olkC47B.tmptext
MD5:AF57D323AD5C53BB2A98899745B021C7
SHA256:FBF4230CFBF7585A441B67BB5F7808EE970A8A62EBA61DD91AA2A351432FFFC1
4756OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\4MR9YPPF\Play_Audio_vm_2026661117-(Kimberlyh)MMS045.htmlbinary
MD5:594A6A96B0F2488B266ADF82487D924F
SHA256:DFC452027C508AE7646F0C3DCE2798CBF8C814E85F213E75B7BEEDE2ED8E26D2
4756OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\4MR9YPPF\Play_Audio_vm_2026661117-(Kimberlyh)MMS045.html:Zone.Identifiertext
MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
SHA256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
7392msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF10fbc7.TMP
MD5:
SHA256:
7392msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
58
DNS requests
59
Threats
23

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.48.23.177:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4756
OUTLOOK.EXE
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
4756
OUTLOOK.EXE
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
5384
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5384
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
23.48.23.177:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5496
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
4756
OUTLOOK.EXE
52.123.129.14:443
ecs.office.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
20.190.160.5:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 23.48.23.177
  • 23.48.23.191
  • 23.48.23.180
  • 23.48.23.188
  • 23.48.23.173
  • 23.48.23.185
  • 23.48.23.171
  • 23.48.23.176
  • 23.48.23.174
whitelisted
www.microsoft.com
  • 184.30.21.171
  • 95.101.149.131
whitelisted
google.com
  • 142.250.185.110
whitelisted
ecs.office.com
  • 52.123.129.14
  • 52.123.128.14
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
login.live.com
  • 20.190.160.5
  • 20.190.160.65
  • 20.190.160.22
  • 40.126.32.138
  • 20.190.160.130
  • 40.126.32.136
  • 20.190.160.14
  • 20.190.160.66
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
roaming.officeapps.live.com
  • 52.109.89.19
whitelisted
omex.cdn.office.net
  • 23.50.131.87
  • 23.50.131.86
whitelisted
messaging.lifecycle.office.com
  • 52.111.236.4
whitelisted

Threats

PID
Process
Class
Message
7632
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
7632
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] BootstrapCDN (maxcdn .bootstrapcdn .com)
7632
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
7632
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] BootstrapCDN (maxcdn .bootstrapcdn .com)
7632
msedge.exe
Misc activity
ET INFO Tencent Cloud Storage Domain in DNS Lookup (myqcloud .com)
7632
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] BootstrapCDN (stackpath .bootstrapcdn .com)
7632
msedge.exe
Misc activity
ET INFO Tencent Cloud Storage Domain in DNS Lookup (myqcloud .com)
7632
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
7632
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Domain chain identified as Phishing (myqcloudflare)
7632
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Domain chain identified as Phishing (myqcloudflare)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
phish_alert_sp2_2.0.0.0.eml