URL: | https://linkprotect.cudasvc.com/url?a=https%3a%2f%2furl.us.m.mimecastprotect.com%2fr%2fdjvuL7mYUbLSjWrnnlMRak7HYIVt7LW7QsholS5SlvrqYU17B4sptqDUK2SgHv7jDfwvov53gTs6-iDuRNFhCxW0-TYMmpUXVVLl083BaG1jmRayCo3p7vcoOj8e-lMPCOKBKICagIlYUWaL3g-Cypx5I_gTCVbP0qj6BfQhfawg1TNMvuucXQzheEm0sMCiOTPqpw-_DgysY8geDQVcWTroqaFafxY9omu3A0pNIFv62I71hgPcBvFZA6ipGNGsuaWIIBpGfcaDPaQ2K-PJ9yWWSajFssru-rGh0dUe3qhYvbFnToxVtVjUJ8ZDtmhOKaKjlMa06RrW0BWfPKH10XWe1gmj8kEJxJXgzBC7W5afT-5-KWvvXYWt9HXvkJONTgTspEAvrSVr-xPesX6CaOWopCxl55BGJZOskVLVYBTQ4scuczogFZjNf8IuHe9zjxhQoshIScZA1eiuh0VotFMXT7smCFdJAEXePmi3Wu74TUA7VAwtJ503UilFutTD3OZOXrXAKlsO8Wz0AbpyM0Zphp0qsCDu0WSzrZqF3eVgjBIPHOcE680jm0lBVwJXHOEYDyyUuyDhGTk__Khs5k3MjBE8Yogi0N2CoyEYHITF33ckjg5FdKAmX2I6F7WgFed8Bwy2gThf2fKufSLevxAibFs9-cYsTLFVVfgvmLqtfBe6HbNm_VrdLhKFvahHQz_UnLLkgMA_QSq6WFwq0O6uIppgoTUnTrWkHIEWxlR9fqRCF4S2TBTaIeuW_RN00vCnSwIM30BPEYdExRmBzSxk1jPR9ouKyTE5GTE9armIkeyDNdxY256w27TNTuTD8pUXDqwtB2x9BARHhXyl3R9heI7FbXeb4_QrHvOVM3khGUzcj1nPRJL1g9W-mC0kpK6-gSDx-tjgBBMJqG-JTW-W14ON3IojsLA3H965NTuIqcJWDh4mLU8lBIAubuXj4G3KTLZba9yMECapb3YIlN6Nxji7PL-x7K4SrSPmiwti_CKd9Jl0clY-OD0P9vxKhwELkCfSYHcHFiraWUAf6OcM31GqYnEoq7sQvGc5VAe2Vug8ibEzeuvxEyNxiHRTbhw1driD8Vo2PPKZWD2Cj0w_ou8_vTZwHDcsrRghXhTw7vMiFhHl12WEd2GnkJvRn_StyNyqGyFlW_vLIFFrGCKoAHjeX_q-sWUimsCrYbTvbVRioD0GXmpMXDqUBVw0DhB1ySCAZxg7T2RgLN8DtlOBvpY825e2zpLTYW9PA-976jzNmjUKHJUJKKToDV5jfKZGWdLEHE35Sj-lGn8sc48bYRlG7u8iMTUn3IUM9zUYPTDma_Mo5dtTjKMjmmdyNhb-1z6w8Uj8VuhOkZj68F38rksxr7o7QUeIJ0cxANVevU1x-X1208l61tSFrqt0a6P1AG4VoAYBBHp6EdPzVFJGvePezUWKTFPPZWT828unMzOfAV04DxzYP36ANk69mw71MGCvILEdFxYz2A7kcah_i9-Zmbf4Kkw_QpNjYz7UHq-TKeJ5XdZBDnT4CZ9U00lDqjwxegD3q9c_A7S5pEcmtnuHtTsWDxYINERQSPsCb00-mH_Twc8nSn53pDjpkL37NyCkygzAqpQuLtvygKL83qUMvcwimFiy9iRX1ON3dc7xsiOV12mjItRXbMcA6y2A8zYl-4m81UqZwcstwNfqFCSN1YxibfldEWM-TxddViKUUqDgmSQe8l7FUCQAWT2ROrvES9hGiVZxSuHRdux5eEfyrwodyNdpMiWtiMjumEPjMadjuViIQ8XQrH__l8yt7Z-APZGaTt7o-II6JxIX_mt9EWmf81uo2r9l8UYk7mBoe9V9fyb2Tk6frMb1Lfm016xjshRHwR2qOMDUYfr4VwF3BQeYhYh19j3ZbDjGZf3_i_CIEjhl1braRj9jnpU_c_lT_8IVNQ6adiktEviSzELzx6NipTTbmbZjSvfXhb3FuYntqAHNXM4x9acRc8qRo5_n-OaVXe7KSGWTERjK-LQcsSl9wLZyRTS8s26vP-s3urztAYJaZGuz2z-EvkQzWZ_EPb44_4lcN9Z2SWwnD2dd98pv5PdMJdr37kWvGKz1EfHxBjHuOgOLRpsQ8nJBrCo7PVL0jUth2V1b-rGoM3X-E1pleex7mPJcnDVZQSnE6vyAhV6ebdBFhvczag3Nd4dX6wxlWjMBTpqFy-ppGdryXUoOjpcdhJHyVtPrGr2lBOttsA8trXF9Kk8VNoJi7LYsxhqAAcA67px_tjmQ1UF33mLM46kPG3NQsTP4oYODvSMWIEWsTMUR7znvbwKCtjNBUluJKJk0LyxPMjk6q2s011KGYLhj7qdX9y2H2MdHUvzRCGDOSkW9fBhv1tXSbmQ8PK_Ul8qsJBqqX5mCauLKTvYEU-VV9z6xMeUAXVsofZie5n1gAh_tONLPonI6WFiWXldDev6sX-ePfxYAkg1FiuYF4lDprbBVDajD1syI3fcKmXyL4OtoDU5soRXs15xG4mBI9rxwCx6qUcHDDhsA3yGcIoUwCo0h3jd94POUkjXUHnQPxI21YU1OlseHRc_4i-5oGwNil7HGSFa05x6XjgyMxE1dJrBksMG3EMkPm5JDXV6F_01Id4zemaoZgzooEh_7fv1E4Zv3mE1qdYUsorfnHlmQs7ASpv9l3gGSRkrARskqTZ4x_y5oew6kflzRIj7-a8xMPESmp4Ss4ysUv0BYOs7qyz50af3NUaft_ZHoHG2omhT0-m5SUZLO8eFxJgYR9B0LCmtaUlxE_zhrf65vPvj09uu_9ooIQn0SOUz2XzNOSUcB1SfIUxSHGuQHxx1mdUOV-kWq8gjzkXPH7o5rqzHT440EE1bZFO2-dB69WZuGRGhCwR8-6fUNe9sHEcfVFJZMRfCDRJpyBddQR3k1d8xLEdt69UQ8jzdsPhXcIwHXohaHCZWkpb_nU1LGnWmoNTXTf2ObuXuNkoJVECqkDMWrTJpoVasChvrWli5pAPEY5soALmEjeoGMIF6Hz-pmEREulECXlldG9gpC2XP0Y4VyOKzA4A2j3sPDWBZC62iJqmJf5AIRgEqUQ75KriJKCgRA-j7HsVGUyukVsrYpzyQeagJuEe96BbYbFIPdEpzxack4vbeBgqvtnggnsxgF6vrUASb9x4Hiw1JdCBLx7bQU__qfy4q_mQ4OCFse4Xn7fNOq-1FmaOKDr0qjVUnKBCh9lQzt3rRixmtEMdnhubhUSEzxHkmdwIh8BkYJOkx2w62wwFirwUPMCVPy94lVPWLW-uHrOleEAaa20xNsBKGYcAs4GmCVU8dKkztp32GnfJf1ydkOAPm6oUBJzWgwMrd6ebt1C1kdJCeSxdSXCaG8aSdYOu1iQDa7TNMP4FuPQvkUrx90mAYbmuDzb856LqJN-dk7k8yv2iuQf1yml0Dy0YXCH3HVt_J0Nvjqr1WjpDG4OcBQSYf_5dDSLS4TBwsFEt8CRAVf3fSScBMvf12-OPaEFL9B2ZE7N76zHl8f5c4nHhkqDBzwGJ0px8X3HVRFS8J5DaMRwDBlloXGiTUd-r0ms57AGjDPw0rxEixXmFze18TpWk0zceCxayfhK6rk-Jt1IFOY8Hirr6zmmatyXGOR9qgY9WFjNTUY71f06Fy5uFStzAtypUxhRb-qodzz05uTmDcyB4I7MAKvEHNI_QPxkG2VkZTY02PaVAB75TS9i2yr0AGoQwGwSxuOPBeNjO9xBZwJT80rqoHp457sjFwvk9sXTQNlkE2riskMYltJuy7NHur3-6adW7QSBeBpOpK8D3lwb_bC4mqTO95om6yDs-lZznTHl6Aez5IlXeRKpRxt0Zv5MGUttISwU72GosppeZ8qjEwuwbtj4t-hsdSOMNkvt_ZdxCwGVRt6yjK09IYiGhUdJd8nybTtrFnb7khWVflBalY2f3qGnBrbQWTopeL9anXmEe3I1yFnpcfk5xmu4sVg0QFFcr8oZO67xLIktFogmRtIOl-xn7-BtuzITk6B1eBCv5q3s5aMdiZDXO0v0giI3YF0LV9yxkvoqJsPu3xhvvvoqrHX1Qc-nuZ5g2WBbCfSvLRjCi7Ig5sVYNrI9C091UFB1OTyJuVShC_ORmikKLXzdjq9GeQqNt8wQ5I3ucg-NqlxhR1hTkdz-eUu42tA6eCQivymiE8aEEzASdk6BL_jNnksjLRhIdaMZXZAeaLWaRIEevaL788X1E3KMC74O6JTzxXPbqLh5swqgjtRQoGbzeosjQgZ1lciwso249Ti1Gesgqc8_Dhj4f2rM8flFSk_zuGTj0HgImdgTrvkvqsRovKGVQC_Gh1LJTy6jJCGo2heH5-_d6ljCqSo0D8OT4GQmjWzniqkisLVAZqfrnfHz2gtOJQIMw5dR6yi1x39xqAtXg-5bRN5uVmz86Oj6Il0fNRVgSs3URoyTeIZdkVBjiN3qW_nF32rOxV09OQGiF_LD9lvWs2yU39EG7pwRJL0aY1rOBqNWwvnJMsHGWNAF-fd7mZsgakkfGUSuN1-LPgK6UgsBx2_it92NnPZzS7gNNrZTx_09DpaxN1QBKhkRDmNV10HEtS_Nzo&c=E,1,irTh2YpVF8i9o4lJpLfZrVLhu82kfCJAWITv4QABV6b7mbSQSkUuHimVpVZLdGv1Do7G9nEJXmPhfVq7jh9Uoa0Fk1fOcLgmGx1ZbAOn2E_b7z7zrWgibg,,&typo=1 |
Full analysis: | https://app.any.run/tasks/bd3f52c7-73ab-4203-962c-7d95c2b50196 |
Verdict: | Malicious activity |
Analysis date: | April 15, 2025, 18:13:53 |
OS: | Windows 10 Professional (build: 19044, 64 bit) |
Tags: | |
Indicators: | |
MD5: | 8CE775B617BFB67932AB671FFCEE2D22 |
SHA1: | 5830B82096642226C5EFA097CDE4144F3043968F |
SHA256: | 77471D61304A178A06E0234ED0227CAD10058906DE3D7C3C067B692AF9A0E801 |
SSDEEP: | 96:+/WpdZCKbkMD7EXkQfalYmN6RDTebB+/hk8jvdzBhR/lAAQb8Wa2OXPB:+8CKbV7EwNQq4JFBjeA69Op |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1040 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5684 --field-trial-handle=2340,i,17522358863576620294,1778083384937028428,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
1188 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4400 --field-trial-handle=2340,i,17522358863576620294,1778083384937028428,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
1228 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5216 --field-trial-handle=2340,i,17522358863576620294,1778083384937028428,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
1660 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3596 --field-trial-handle=2340,i,17522358863576620294,1778083384937028428,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
1760 | "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6400 --field-trial-handle=2340,i,17522358863576620294,1778083384937028428,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: PWA Identity Proxy Host Exit code: 3221226029 Version: 122.0.2365.59 Modules
| |||||||||||||||
2108 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --no-appcompat-clear --mojo-platform-channel-handle=3680 --field-trial-handle=2340,i,17522358863576620294,1778083384937028428,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Version: 122.0.2365.59 Modules
| |||||||||||||||
4000 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6648 --field-trial-handle=2340,i,17522358863576620294,1778083384937028428,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
4120 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5404 --field-trial-handle=2340,i,17522358863576620294,1778083384937028428,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
4244 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5504 --field-trial-handle=2340,i,17522358863576620294,1778083384937028428,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
4652 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6780 --field-trial-handle=2340,i,17522358863576620294,1778083384937028428,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
|
(PID) Process: | (5256) msedge.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon |
Operation: | write | Name: | failed_count |
Value: 0 | |||
(PID) Process: | (5256) msedge.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon |
Operation: | write | Name: | state |
Value: 2 | |||
(PID) Process: | (5256) msedge.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon |
Operation: | write | Name: | state |
Value: 1 | |||
(PID) Process: | (5256) msedge.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics |
Operation: | write | Name: | user_experience_metrics.stability.exited_cleanly |
Value: 0 | |||
(PID) Process: | (5256) msedge.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault |
Operation: | write | Name: | S-1-5-21-1693682860-607145093-2874071422-1001 |
Value: 64AB826A6B912F00 | |||
(PID) Process: | (5256) msedge.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328322 |
Operation: | write | Name: | WindowTabManagerFileMappingId |
Value: {BCA366EF-1EC5-4991-8C81-BA101C602A2D} | |||
(PID) Process: | (5256) msedge.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328322 |
Operation: | write | Name: | WindowTabManagerFileMappingId |
Value: {C1505864-3270-4B92-B152-4ECDD6612FB0} | |||
(PID) Process: | (5256) msedge.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault |
Operation: | write | Name: | S-1-5-21-1693682860-607145093-2874071422-1001 |
Value: 767A8B6A6B912F00 | |||
(PID) Process: | (5256) msedge.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328322 |
Operation: | write | Name: | WindowTabManagerFileMappingId |
Value: {7C6C10E5-C840-4D63-99C3-6B399C6812C3} | |||
(PID) Process: | (5256) msedge.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328322 |
Operation: | write | Name: | WindowTabManagerFileMappingId |
Value: {3E83AE59-3439-48C8-A45E-1D16460E0739} |
PID | Process | Filename | Type | |
---|---|---|---|---|
5256 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF10bb24.TMP | — | |
MD5:— | SHA256:— | |||
5256 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old | — | |
MD5:— | SHA256:— | |||
5256 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF10bb24.TMP | — | |
MD5:— | SHA256:— | |||
5256 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old | — | |
MD5:— | SHA256:— | |||
5256 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF10bb34.TMP | — | |
MD5:— | SHA256:— | |||
5256 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old | — | |
MD5:— | SHA256:— | |||
5256 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF10bb34.TMP | — | |
MD5:— | SHA256:— | |||
5256 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF10bb34.TMP | — | |
MD5:— | SHA256:— | |||
5256 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old | — | |
MD5:— | SHA256:— | |||
5256 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
— | — | GET | 200 | 2.19.11.120:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
6544 | svchost.exe | GET | 200 | 2.17.190.73:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
4652 | SIHClient.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
4652 | SIHClient.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
— | — | 2.19.11.120:80 | crl.microsoft.com | Elisa Oyj | NL | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
5256 | msedge.exe | 239.255.255.250:1900 | — | — | — | whitelisted |
7344 | msedge.exe | 13.107.42.16:443 | config.edge.skype.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
7344 | msedge.exe | 13.107.246.45:443 | edge-mobile-static.azureedge.net | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
7344 | msedge.exe | 150.171.27.11:443 | edge.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
7344 | msedge.exe | 13.107.6.158:443 | business.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
7344 | msedge.exe | 3.76.92.228:443 | linkprotect.cudasvc.com | AMAZON-02 | DE | whitelisted |
Domain | IP | Reputation |
---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
config.edge.skype.com |
| whitelisted |
edge.microsoft.com |
| whitelisted |
edge-mobile-static.azureedge.net |
| whitelisted |
linkprotect.cudasvc.com |
| whitelisted |
business.bing.com |
| whitelisted |
bzib.nelreports.net |
| whitelisted |
url.us.m.mimecastprotect.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Possible Social Engineering Attempted | PHISHING [ANY.RUN] Suspected Phishing Domain (doghouse .com .tr) |
— | — | Possible Social Engineering Attempted | PHISHING [ANY.RUN] Suspected Phishing Domain (doghouse .com .tr) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com) |