File name:

attachments (7).zip

Full analysis: https://app.any.run/tasks/ccd7ec95-d4c5-4c32-90e6-901b7bead50d
Verdict: Malicious activity
Analysis date: September 25, 2023, 21:06:16
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

5A3017F675BBD71D7CB3C548563044AC

SHA1:

A135929994AAF8620E80E26F8280A5BB84487BF2

SHA256:

8491238D9E4EDB0EDE3A70BEB2616584377E11A000E16C8727097A5C3AA68377

SSDEEP:

768:HIlG4/vf2oFQI8xGsJdWRKSQ1YkUaQoPKx7:ov/vfNFQusTKVp

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • WinRAR.exe (PID: 1000)

  • INFO

    • Reads the machine GUID from the registry

      • wmpnscfg.exe (PID: 1796)

    • Checks supported languages

      • wmpnscfg.exe (PID: 1796)

    • Reads the computer name

      • wmpnscfg.exe (PID: 1796)

    • Manual execution by a user

      • msedge.exe (PID: 2068)

    • Application launched itself

      • msedge.exe (PID: 2068)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: image010451.png
ZipUncompressedSize: -
ZipCompressedSize: -
ZipCRC: 0x00000000
ZipModifyDate: 2023:09:25 14:50:22
ZipCompression: Deflated
ZipBitFlag: 0x0808
ZipRequiredVersion: 20
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
69
Monitored processes
32
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs outlook.exe outlook.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
708"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=3928 --field-trial-handle=1384,i,437904789987286606,10738448443835394426,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
968"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2072 --field-trial-handle=1384,i,437904789987286606,10738448443835394426,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1000"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\attachments (7).zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
1348"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1612 --field-trial-handle=1384,i,437904789987286606,10738448443835394426,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1572"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2588 --field-trial-handle=1384,i,437904789987286606,10738448443835394426,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\windows\system32\kernel32.dll
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\rpcrt4.dll
1680"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" -EmbeddingC:\Program Files\Microsoft Office\Office14\OUTLOOK.EXEsvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Outlook
Exit code:
0
Version:
14.0.6025.1000
Modules
Images
c:\program files\microsoft office\office14\outlook.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
1796"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\gdi32.dll
1992"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2868 --field-trial-handle=1384,i,437904789987286606,10738448443835394426,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2004"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1368 --field-trial-handle=1384,i,437904789987286606,10738448443835394426,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\cryptbase.dll
2068"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --profile-directory=DefaultC:\Program Files\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
9 991
Read events
9 548
Write events
415
Delete events
28

Modification events

(PID) Process:(1796) wmpnscfg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{93B7E201-5A87-4AB6-9ABE-0188D5675321}\{22CDD4C4-5C63-4184-BFD2-D7ECEB201D3E}
Operation:delete keyName:(default)
Value:
(PID) Process:(1796) wmpnscfg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{93B7E201-5A87-4AB6-9ABE-0188D5675321}
Operation:delete keyName:(default)
Value:
(PID) Process:(1796) wmpnscfg.exeKey:HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health\{CDA93001-5CE5-44C6-B5C9-CD6744545F42}
Operation:delete keyName:(default)
Value:
(PID) Process:(1000) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1000) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(1000) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(1000) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(1000) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1000) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1000) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
64
Suspicious files
1 305
Text files
151
Unknown types
1

Dropped files

PID
Process
Filename
Type
2996OUTLOOK.EXEC:\Users\admin\AppData\Local\Temp\CVR9707.tmp.cvr
MD5:
SHA256:
2996OUTLOOK.EXEC:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
MD5:
SHA256:
1680OUTLOOK.EXEC:\Users\admin\AppData\Local\Temp\CVRB55C.tmp.cvr
MD5:
SHA256:
2996OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Outlook\mapisvc.inftext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
2996OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_RssRule_2_625323FD95D4EA41958D799D57AE7D94.datxml
MD5:D8B37ED0410FB241C283F72B76987F18
SHA256:31E68049F6B7F21511E70CD7F2D95B9CF1354CF54603E8F47C1FC40F40B7A114
2996OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A092EAB8-7C5E-4751-B688-337C053B1099}\{1C306CB1-771E-4B4B-A902-86E897877F5B}.pngimage
MD5:4C61C12EDBC453D7AE184976E95258E1
SHA256:296526F9A716C1AA91BA5D6F69F0EB92FDF79C2CB2CFCF0CEB22B7CCBC27035F
2996OUTLOOK.EXEC:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotmbinary
MD5:7677282D27A3211FBA3D897E5E2CECB5
SHA256:05940228CFE0D6E4F5C7B87214134B0F2F125E50CA79E1C9A704693FC62AE21B
2996OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_WorkHours_1_F3C42B8A67E0A84BA4959F0D1A6C93CE.datxml
MD5:807EF0FC900FEB3DA82927990083D6E7
SHA256:4411E7DC978011222764943081500FFF0E43CBF7CCD44264BD1AB6306CA68913
2996OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_AvailabilityOptions_2_65B0128D1DD21241867991E51B356586.datxml
MD5:EEAA832C12F20DE6AAAA9C7B77626E72
SHA256:C4C9A90F2C961D9EE79CF08FBEE647ED7DE0202288E876C7BAAD00F4CA29CA16
2996OUTLOOK.EXEC:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.logtext
MD5:616C13213A07AEDAB8774A2AFB94F120
SHA256:C9776876B7DDE1B0F597C2C775C39E321F8E8BDAD3358E1EDA073BFABFE07C36
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
29
TCP/UDP connections
64
DNS requests
84
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2996
OUTLOOK.EXE
GET
64.4.26.155:80
http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig
unknown
unknown
868
svchost.exe
HEAD
200
67.27.159.126:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/12ed7c6f-b741-47d7-afa5-30f752dc978b?P1=1696235456&P2=404&P3=2&P4=iEWzgIKF6S8B%2b2QI4vAeGDFTy6PbXeBdfbSf9pXhKMChSYoTzuVQIZEEMCL0fL0EE2vR3wnS43Myy8JxnUb31Q%3d%3d
unknown
unknown
2660
msedge.exe
GET
301
67.205.153.123:80
http://mailheader.org/
unknown
html
311 b
unknown
868
svchost.exe
GET
200
67.27.159.126:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/b22f5f18-f7ea-4290-929d-b13c03908334?P1=1696235300&P2=404&P3=2&P4=OFzF7fg9mYRoeEZbymigiDN8x3jcWPx%2bf19piUwiQUJvY5xXqE3ws%2bdpG0UCE9G7cYshMqNjnbg34%2bhWi6pnXQ%3d%3d
unknown
binary
1.32 Kb
unknown
868
svchost.exe
GET
206
67.27.159.126:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/12ed7c6f-b741-47d7-afa5-30f752dc978b?P1=1696235456&P2=404&P3=2&P4=iEWzgIKF6S8B%2b2QI4vAeGDFTy6PbXeBdfbSf9pXhKMChSYoTzuVQIZEEMCL0fL0EE2vR3wnS43Myy8JxnUb31Q%3d%3d
unknown
binary
16.6 Kb
unknown
868
svchost.exe
HEAD
200
67.27.159.126:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/b22f5f18-f7ea-4290-929d-b13c03908334?P1=1696235300&P2=404&P3=2&P4=OFzF7fg9mYRoeEZbymigiDN8x3jcWPx%2bf19piUwiQUJvY5xXqE3ws%2bdpG0UCE9G7cYshMqNjnbg34%2bhWi6pnXQ%3d%3d
unknown
binary
7.87 Kb
unknown
868
svchost.exe
GET
200
67.27.159.126:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2e8a592b-0ad4-414c-b996-21bd8749e2fd?P1=1696235456&P2=404&P3=2&P4=DSiKp7idbK7t5u9jnaP3tLqkuhf25L%2bcuBlTDvL11KhG1lV6RNTDCbPj9v7pR%2fn36M8m2UEw9Hu4yIvCe2Y4Bg%3d%3d
unknown
binary
7.87 Kb
unknown
868
svchost.exe
GET
206
67.27.159.126:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d9a961cd-afbe-4cd8-8aee-c21eaf7d7c04?P1=1696235455&P2=404&P3=2&P4=boiPUjn3YRUFcaHtR95Qk86kLWsEGhqhDc3KuYl7Prrct5TiT3bWWJOnVMk7wo%2ftGL7GdtfTH8hkZuWp9Sk0TQ%3d%3d
unknown
binary
147 Kb
unknown
868
svchost.exe
GET
206
67.27.159.126:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/12ed7c6f-b741-47d7-afa5-30f752dc978b?P1=1696235456&P2=404&P3=2&P4=iEWzgIKF6S8B%2b2QI4vAeGDFTy6PbXeBdfbSf9pXhKMChSYoTzuVQIZEEMCL0fL0EE2vR3wnS43Myy8JxnUb31Q%3d%3d
unknown
binary
18.3 Kb
unknown
868
svchost.exe
HEAD
200
67.27.159.126:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/873489b1-33b2-480a-baa2-641b9e09edcd?P1=1696235300&P2=404&P3=2&P4=kVFDJszzDkE7bB5vekF%2fjqFYejSzJhxsm3bh0lFb2zG2NVWDbxgXImU%2fQZ%2flMaDrFgd36JfJGy6eYrN4CwKDXg%3d%3d
unknown
binary
21.8 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
3284
svchost.exe
239.255.255.250:1900
whitelisted
2996
OUTLOOK.EXE
64.4.26.155:80
config.messenger.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2660
msedge.exe
204.79.197.203:443
ntp.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2068
msedge.exe
239.255.255.250:1900
whitelisted
2660
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2660
msedge.exe
13.107.21.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2660
msedge.exe
23.36.163.109:443
assets.msn.com
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
config.messenger.msn.com
  • 64.4.26.155
whitelisted
ntp.msn.com
  • 204.79.197.203
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
assets.msn.com
  • 23.36.163.109
  • 23.36.163.97
whitelisted
browser.events.data.msn.com
  • 20.189.173.3
whitelisted
img-s-msn-com.akamaized.net
  • 184.24.77.155
  • 184.24.77.156
whitelisted
sb.scorecardresearch.com
  • 13.32.110.18
  • 13.32.110.8
  • 13.32.110.104
  • 13.32.110.123
shared
th.bing.com
  • 104.126.37.161
  • 104.126.37.153
  • 104.126.37.137
  • 104.126.37.178
  • 104.126.37.128
  • 104.126.37.179
  • 104.126.37.139
  • 104.126.37.170
  • 104.126.37.130
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
  • 92.123.104.19
  • 92.123.104.31
  • 92.123.104.40
  • 92.123.104.32
  • 92.123.104.7
  • 92.123.104.59
  • 92.123.104.47
  • 92.123.104.28
  • 92.123.104.64
  • 104.126.37.123
  • 104.126.37.161
  • 104.126.37.153
  • 104.126.37.155
  • 104.126.37.145
  • 104.126.37.162
  • 104.126.37.177
  • 104.126.37.163
  • 104.126.37.137
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
attachments (7).zip