analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

message (32).eml

Full analysis: https://app.any.run/tasks/d28d1815-ea78-4bb3-a462-9c28175544ae
Verdict: Malicious activity
Analysis date: August 12, 2022, 16:27:52
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: message/rfc822
File info: RFC 822 mail, ASCII text, with very long lines, with CRLF line terminators
MD5:

EF21F3FA6F64FC478A76E0CF8A1F7E2D

SHA1:

B1A64FB66770B5E10D661933EE94699ED7AF6B6F

SHA256:

86A89A85B23C8D43C2535030CCF6CD3B276FA463BC7AEC639B1080198A09F09F

SSDEEP:

3072:pzcM6W8I4WM8TcV8nSW1Tw/4DN5ICoAG8k8q1u:pzcM6ANTm4DzoJ84u

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads the computer name

      • OUTLOOK.EXE (PID: 2492)
    • Checks supported languages

      • OUTLOOK.EXE (PID: 2492)
    • Searches for installed software

      • OUTLOOK.EXE (PID: 2492)
    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 3412)
    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 2920)
  • INFO

    • Checks supported languages

      • iexplore.exe (PID: 3192)
      • iexplore.exe (PID: 3412)
      • chrome.exe (PID: 2624)
      • chrome.exe (PID: 2920)
      • chrome.exe (PID: 3624)
      • chrome.exe (PID: 1116)
      • chrome.exe (PID: 408)
      • chrome.exe (PID: 2556)
      • chrome.exe (PID: 492)
      • chrome.exe (PID: 1504)
      • chrome.exe (PID: 1640)
      • chrome.exe (PID: 492)
      • chrome.exe (PID: 3112)
      • chrome.exe (PID: 3792)
      • chrome.exe (PID: 2164)
      • chrome.exe (PID: 1096)
      • chrome.exe (PID: 2960)
      • chrome.exe (PID: 2200)
      • chrome.exe (PID: 3760)
      • chrome.exe (PID: 3852)
      • chrome.exe (PID: 3560)
      • chrome.exe (PID: 868)
      • chrome.exe (PID: 2140)
      • chrome.exe (PID: 1896)
      • chrome.exe (PID: 3540)
      • chrome.exe (PID: 2576)
      • chrome.exe (PID: 832)
      • chrome.exe (PID: 2824)
      • chrome.exe (PID: 3020)
      • chrome.exe (PID: 2596)
      • chrome.exe (PID: 3856)
    • Reads the computer name

      • iexplore.exe (PID: 3192)
      • iexplore.exe (PID: 3412)
      • chrome.exe (PID: 2920)
      • chrome.exe (PID: 492)
      • chrome.exe (PID: 1116)
      • chrome.exe (PID: 3112)
      • chrome.exe (PID: 2164)
      • chrome.exe (PID: 2140)
      • chrome.exe (PID: 3560)
      • chrome.exe (PID: 3856)
      • chrome.exe (PID: 2824)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 3412)
      • OUTLOOK.EXE (PID: 2492)
      • chrome.exe (PID: 1116)
    • Application launched itself

      • iexplore.exe (PID: 3192)
      • chrome.exe (PID: 2920)
    • Changes internet zones settings

      • iexplore.exe (PID: 3192)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 3412)
      • OUTLOOK.EXE (PID: 2492)
    • Reads the date of Windows installation

      • iexplore.exe (PID: 3192)
      • chrome.exe (PID: 2140)
    • Manual execution by user

      • chrome.exe (PID: 2920)
    • Reads Microsoft Office registry keys

      • OUTLOOK.EXE (PID: 2492)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.eml | E-Mail message (Var. 5) (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
72
Monitored processes
32
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start outlook.exe iexplore.exe no specs iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2492"C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE" /eml "C:\Users\admin\AppData\Local\Temp\message (32).eml"C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Outlook
Version:
14.0.6025.1000
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\microsoft office\office14\outlook.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
3192"C:\Program Files\Internet Explorer\iexplore.exe" https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.dropbox.com%2Fscl%2Ffi%2Fwg2u64p9gg53bcda16gzd%2FYou-have-been-invited-you-to-view-the-folder-%25E2%2580%259CPO48993_49110%2522.paper%3Fdl%3D0%26rlkey%3Drls1740uy7srqs62ao8k12usp&data=05%7C01%7Cabigail.vanek%40assaabloy.com%7Ca9d0992d46dd4690db7a08da7c7aa88c%7Cf0bdc1c951484f86ac40edd976e1814c%7C0%7C0%7C637959163500127851%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=3tmBFSe%2FdSVuMMPRNEZXXEZBVIS79HEA6iqXhE6X9m8%3D&reserved=0C:\Program Files\Internet Explorer\iexplore.exeOUTLOOK.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
3412"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3192 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2920"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
Explorer.EXE
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
2624"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x67e7d988,0x67e7d998,0x67e7d9a4C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
492"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1048,104165422170791372,14699532845036413438,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1060 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
1116"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1048,104165422170791372,14699532845036413438,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1332 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
408"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1048,104165422170791372,14699532845036413438,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1324 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
3624"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1048,104165422170791372,14699532845036413438,131072 --enable-features=PasswordImport --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1944 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
2556"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1048,104165422170791372,14699532845036413438,131072 --enable-features=PasswordImport --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2260 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
Total events
52 142
Read events
41 678
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
307
Text files
150
Unknown types
31

Dropped files

PID
Process
Filename
Type
2492OUTLOOK.EXEC:\Users\admin\AppData\Local\Temp\CVR96B2.tmp.cvr
MD5:
SHA256:
2492OUTLOOK.EXEC:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
MD5:
SHA256:
2492OUTLOOK.EXEC:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotmpgc
MD5:D4E3BF3FF55530938916D7CE697CE74A
SHA256:4C41811434ED67D07C5575F237120274C2C3FB6C3FAD294C699DE9ED6151192B
2492OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Office\ONetConfig\54946941a2b45a5ba7f3e1b905b42959.sigbinary
MD5:58A30D31C44D0FB4633E9CFD606F2A32
SHA256:F61DA6FE167371A0ABC34E9D055307C554F71EC99F64616E92D695CC4278BCBF
3412iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:3CE73B916393B48E15F2932D177F3EDC
SHA256:B4AA9022B04590FB3AF3EFDE7F04241032E126DEF035D1950241B30178705C23
2492OUTLOOK.EXEC:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.logtext
MD5:2FE939A5CA7EF22FECD6A69763646BB1
SHA256:BFD81D3173BC5D15E14E7AAA2A44B0CD17D10B5756F8020E4BFC9F68924F9961
2492OUTLOOK.EXEC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63binary
MD5:A1CE7FE596E197065F065A9143161920
SHA256:8CE37CBC531086F996E5CE980EFB0050BA43B4464730EAE1C1948E082EC039A7
2492OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\config14[1].xmlxml
MD5:C891341CA855EE7BA218B96A5F6662A7
SHA256:F0A921C567E17E4832B5B48DDC39390128AF5FB3B8F6D0467A5C6C5E179E0B5B
2492OUTLOOK.EXEC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63der
MD5:EE87BB11E233C12009CC11725035DBDC
SHA256:D82930A5B051B3C3F1639C24E83BDDF41D5AA66E467A0944D1AC3D59AE6330C5
2492OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_AvailabilityOptions_2_3547183CBB8D6448BFB1DE56D043019D.datxml
MD5:EEAA832C12F20DE6AAAA9C7B77626E72
SHA256:C4C9A90F2C961D9EE79CF08FBEE647ED7DE0202288E876C7BAAD00F4CA29CA16
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
70
DNS requests
42
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3412
iexplore.exe
GET
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAGewca9P1l7sgwzOOVR2Hc%3D
US
whitelisted
2492
OUTLOOK.EXE
GET
200
52.109.88.191:80
http://office14client.microsoft.com/config14?UILCID=1033&CLCID=1033&ILCID=1033&HelpLCID=1033&App={CFF13DD8-6EF2-49EB-B265-E3BFC6501C1D}&build=14.0.6023
NL
xml
1.96 Kb
whitelisted
880
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3
US
whitelisted
2492
OUTLOOK.EXE
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
880
svchost.exe
GET
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3
US
whitelisted
3412
iexplore.exe
GET
200
2.16.186.25:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?20bb938ea531ee1b
unknown
compressed
4.70 Kb
whitelisted
3412
iexplore.exe
GET
200
2.16.186.25:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?ba65308a1e87f10c
unknown
compressed
4.70 Kb
whitelisted
2492
OUTLOOK.EXE
GET
200
2.16.186.33:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d472ee1844071eb9
unknown
compressed
4.70 Kb
whitelisted
1116
chrome.exe
GET
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
US
crx
242 Kb
whitelisted
1116
chrome.exe
GET
404
74.208.236.135:80
http://o365atp.com/favicon.ico
US
html
569 b
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2492
OUTLOOK.EXE
64.4.26.155:80
config.messenger.msn.com
Microsoft Corporation
US
whitelisted
2492
OUTLOOK.EXE
52.109.88.191:80
office14client.microsoft.com
Microsoft Corporation
NL
whitelisted
1116
chrome.exe
216.58.212.132:443
www.google.com
Google Inc.
US
whitelisted
2492
OUTLOOK.EXE
2.16.186.33:80
ctldl.windowsupdate.com
Akamai International B.V.
whitelisted
2492
OUTLOOK.EXE
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
1116
chrome.exe
142.250.185.78:443
clients2.google.com
Google Inc.
US
whitelisted
1116
chrome.exe
142.250.185.163:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
3412
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3412
iexplore.exe
2.16.186.25:80
ctldl.windowsupdate.com
Akamai International B.V.
whitelisted
2492
OUTLOOK.EXE
52.109.124.67:443
rr.office.microsoft.com
Microsoft Corporation
SG
suspicious

DNS requests

Domain
IP
Reputation
config.messenger.msn.com
  • 64.4.26.155
whitelisted
office14client.microsoft.com
  • 52.109.88.191
whitelisted
rr.office.microsoft.com
  • 52.109.124.67
whitelisted
nam02.safelinks.protection.outlook.com
  • 104.47.56.28
  • 104.47.51.28
whitelisted
ctldl.windowsupdate.com
  • 2.16.186.25
  • 2.16.186.33
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
clientservices.googleapis.com
  • 142.250.185.163
whitelisted
accounts.google.com
  • 172.217.23.109
shared
clients2.google.com
  • 142.250.185.78
whitelisted
www.google.com
  • 216.58.212.132
whitelisted

Threats

PID
Process
Class
Message
1116
chrome.exe
Potential Corporate Privacy Violation
ET POLICY Dropbox.com Offsite File Backup in Use
1116
chrome.exe
Potential Corporate Privacy Violation
ET POLICY Dropbox.com Offsite File Backup in Use
No debug info