File name:

6 Undeliverables Quarantine Sync Error for HKatunguri@osi-systems.com.msg

Full analysis: https://app.any.run/tasks/4a42a56b-9842-4b1e-9688-6be80cdcfc61
Verdict: Malicious activity
Analysis date: September 23, 2024, 08:34:59
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
phishing
Indicators:
MIME: application/vnd.ms-outlook
File info: CDFV2 Microsoft Outlook Message
MD5:

4DC3341A1B346CECC783CF6A742D69DE

SHA1:

7CD4BD680AAF0B9FC697B41449F8F1D5D774AAD0

SHA256:

8AC74912D3F942F3AD93A214A64AF79E43C90CA656BFB44BF16A9CA5EA164ED5

SSDEEP:

768:mINm1wwVIrw6D/oF098itayEOWsKNWsK6PII7NrjKLb86wR9oFfyh9PDrWSki:mbH3ybWFW87ewAfy

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 2096)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • firefox.exe (PID: 6804)
      • msedge.exe (PID: 8032)
      • firefox.exe (PID: 6588)
      • msedge.exe (PID: 6764)

    • The process uses the downloaded file

      • OUTLOOK.EXE (PID: 5244)

    • Manual execution by a user

      • firefox.exe (PID: 6804)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msg | Outlook Message (58.9)
.oft | Outlook Form Template (34.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
194
Monitored processes
60
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start outlook.exe ai.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs #PHISHING msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2096"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2596 --field-trial-handle=2440,i,14370198057489521799,17748185545755135616,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2852"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2928 -childID 1 -isForBrowser -prefsHandle 2920 -prefMapHandle 2916 -prefsLen 30953 -prefMapSize 244343 -jsInitHandle 1520 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3fd5185-74da-4ce4-888d-05bb7413a158} 6588 "\\.\pipe\gecko-crash-server-pipe.6588" 1fb9c76a150 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
2988"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4680 -childID 2 -isForBrowser -prefsHandle 4676 -prefMapHandle 4672 -prefsLen 36263 -prefMapSize 244343 -jsInitHandle 1520 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f23eeac-aa44-49f3-b71e-194b885b1010} 6588 "\\.\pipe\gecko-crash-server-pipe.6588" 1fb9df40a10 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
4040"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2776 --field-trial-handle=2440,i,14370198057489521799,17748185545755135616,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4060"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x2ec,0x2f0,0x2f4,0x2e8,0x2fc,0x7fffcc285fd8,0x7fffcc285fe4,0x7fffcc285ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4076"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2328 --field-trial-handle=2348,i,1379649186084576921,15368125274101450293,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
5244"C:\Program Files\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\admin\AppData\Local\Temp\6 Undeliverables Quarantine Sync Error for HKatunguri@osi-systems.com.msg"C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Outlook
Exit code:
0
Version:
16.0.16026.20146
Modules
Images
c:\program files\microsoft office\root\office16\outlook.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\program files\microsoft office\root\office16\vcruntime140_1.dll
5592"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2728 --field-trial-handle=2348,i,1379649186084576921,15368125274101450293,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
6148"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4844 -parentBuildID 20240213221259 -sandboxingKind 0 -prefsHandle 5212 -prefMapHandle 5204 -prefsLen 34713 -prefMapSize 244343 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2324fae-0f0f-4112-b260-4f3e5c6533ed} 6588 "\\.\pipe\gecko-crash-server-pipe.6588" 1fb9fe30510 utilityC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
6200"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5736 -childID 4 -isForBrowser -prefsHandle 5532 -prefMapHandle 5728 -prefsLen 31161 -prefMapSize 244343 -jsInitHandle 1520 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1eb8af84-cce8-4262-b1a0-d4a632a6bade} 6588 "\\.\pipe\gecko-crash-server-pipe.6588" 1fba1387310 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
Total events
23 388
Read events
22 941
Write events
379
Delete events
68

Modification events

(PID) Process:(5244) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
Operation:writeName:6
Value:
01941A000000001000B24E9A3E06000000000000000600000000000000
(PID) Process:(5244) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5244
Operation:writeName:0
Value:
0B0E10A15BCA3364C654419A8CACAF8D32A4BA230046CBD88583B8B2C3ED016A04102400449A7D64B29D01008500A907556E6B6E6F776EC906022222CA0DC2190000C91003783634C511FC28D2120B6F00750074006C006F006F006B002E00650078006500C51620C517808004C91808323231322D44656300
(PID) Process:(5244) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
Operation:delete valueName:BootCommand
Value:
(PID) Process:(5244) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
Operation:delete valueName:BootFailureCount
Value:
(PID) Process:(5244) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:delete keyName:(default)
Value:
(PID) Process:(5244) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:writeName:CantBootResolution
Value:
BootSuccess
(PID) Process:(5244) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:writeName:ProfileBeingOpened
Value:
Outlook
(PID) Process:(5244) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:writeName:SessionId
Value:
C3D8E96E-C1AF-4750-8D52-F4E28119C131
(PID) Process:(5244) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:writeName:BootDiagnosticsLogFile
Value:
C:\Users\admin\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16026_20146-20240718T1116060318-1644.etl
(PID) Process:(5244) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
Operation:delete valueName:ProfileBeingOpened
Value:
Executable files
16
Suspicious files
737
Text files
201
Unknown types
5

Dropped files

PID
Process
Filename
Type
5244OUTLOOK.EXEC:\Users\admin\Documents\Outlook Files\Outlook1.pst
MD5:
SHA256:
5244OUTLOOK.EXEC:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotmbinary
MD5:947F6219E7AD034460533B28006088E9
SHA256:1DDF26099E1F496B988DF978D200F9F17D75DB6A42FDCB64B1FF51450325F5EE
5244OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbresbinary
MD5:C3820CC6E2335062215A84E4BAFB6787
SHA256:B4F8A4DB915ACC9FCCF5A1283A63795DC085CA8B128FC2EF1DA777C067CB4D00
5244OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bintext
MD5:CC90D669144261B198DEAD45AA266572
SHA256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
5244OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\EA6E8C56-F0C2-4611-8965-B5F9E6ACE853xml
MD5:64E858F97E0D372221D1D1069D132700
SHA256:2A738AD60FF0302D64D968AF9989A76819EE75B2F10515A5B24A1D70AFC8971D
5244OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbresbinary
MD5:B041F35132ABA50A7CA963862EDBC44A
SHA256:8A909B0321B6A8358D3A52C48AEB135B9F38D831E9046267BA56CA2FE876A9D3
5244OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bintext
MD5:5C8EECDCA38E931877D4E117EBD12A28
SHA256:A28F5DEFA412F92EDAF446860E23E6C6CD4C214DF57BD124D04426C3C7611A47
5244OUTLOOK.EXEC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9binary
MD5:C23D3F77E20349814107281C17DC7589
SHA256:90C7B00E6AB0E1C005CDE9AFDC5D1D4D4958B65E1A77104394EAB630806EA1A6
5244OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttfbinary
MD5:4296A064B917926682E7EED650D4A745
SHA256:E04E41C74D6C78213BA1588BACEE64B42C0EDECE85224C474A714F39960D8083
5244OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_TableViewPreviewPrefs_2_3820E1D7DE55A44E8A7D8537CEA48977.datxml
MD5:0E092DB99AEE99FDFF9B5B222C732CFD
SHA256:D1614AD99ADED9F6F5C1BE7FE7FFA5124BD04A526580DA3818EA8A954E852AA6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
37
TCP/UDP connections
155
DNS requests
228
Threats
9

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2120
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1920
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7000
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
5244
OUTLOOK.EXE
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
5244
OUTLOOK.EXE
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
7000
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6588
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
6588
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
6588
firefox.exe
POST
200
23.32.238.82:80
http://r10.o.lencr.org/
unknown
unknown
6588
firefox.exe
POST
200
142.250.74.195:80
http://o.pki.goog/s/wr3/XjA
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3888
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
6900
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6392
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2120
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5244
OUTLOOK.EXE
52.109.32.97:443
officeclient.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
GB
whitelisted
5244
OUTLOOK.EXE
52.113.194.132:443
ecs.office.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5244
OUTLOOK.EXE
23.218.208.109:443
fs.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 4.231.128.59
  • 40.127.240.158
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
google.com
  • 216.58.206.78
whitelisted
officeclient.microsoft.com
  • 52.109.32.97
whitelisted
ecs.office.com
  • 52.113.194.132
whitelisted
fs.microsoft.com
  • 23.218.208.109
whitelisted
roaming.officeapps.live.com
  • 52.109.76.243
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
omex.cdn.office.net
  • 23.48.23.30
  • 23.48.23.18
whitelisted
messaging.lifecycle.office.com
  • 52.111.229.36
whitelisted

Threats

PID
Process
Class
Message
2096
msedge.exe
Misc activity
ET INFO Microsoft Attack Simulation Training Domain in DNS Lookup (attemplate .com)
2096
msedge.exe
Misc activity
ET INFO Microsoft Attack Simulation Training Domain in DNS Lookup (attemplate .com)
2096
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Request to Azure content delivery network (aadcdn .msauth .net)
2096
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Request to Azure content delivery network (aadcdn .msauth .net)
2096
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Domain chain identified as Phishing (aadzone)
Misc activity
SUSPICIOUS [ANY.RUN] Tracking Service (.popin .cc)
Potentially Bad Traffic
ET DNS Query for .cc TLD
Potentially Bad Traffic
ET DNS Query for .cc TLD
Misc activity
SUSPICIOUS [ANY.RUN] Tracking Service (.popin .cc)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
6 Undeliverables Quarantine Sync Error for HKatunguri@osi-systems.com.msg