| File name: | ba7c7cc0-3dde-5538-65bb-d71c88ea35c1.eml |
| Full analysis: | https://app.any.run/tasks/54e0e1b9-5c14-4993-9923-52ebcc505dc0 |
| Verdict: | Malicious activity |
| Analysis date: | June 21, 2025, 15:21:18 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Tags: | |
| Indicators: | |
| MIME: | text/plain |
| File info: | ASCII text, with very long lines (367), with CRLF line terminators |
| MD5: | 0D09CF9475BE18A4F31540148D42E3AE |
| SHA1: | 28B163DD18F23CBC8677D58F0DBA59AF2F665437 |
| SHA256: | 983F23BC943026F9A4F64C421F44611B6D43A9484F10298635E8BF6646B51CCF |
| SSDEEP: | 768:b1pBSIpHF8INQsLkhLa8Sv22p2Kd/tNvtllRETYmb4sp:b1vpHysYhLa8Sv22p2Kd/j7LYYi4sp |
MALICIOUS
No malicious indicators.SUSPICIOUS
Access to SharePoint Content
- msedge.exe (PID: 5284)
- msedge.exe (PID: 1660)
INFO
Email with attachments
- OUTLOOK.EXE (PID: 3832)
Manual execution by a user
- OpenWith.exe (PID: 7000)
- OpenWith.exe (PID: 4664)
- msedge.exe (PID: 5284)
- OpenWith.exe (PID: 5744)
- msedge.exe (PID: 1660)
- msedge.exe (PID: 7928)
- msedge.exe (PID: 7496)
- msedge.exe (PID: 7740)
- msedge.exe (PID: 7640)
- msedge.exe (PID: 6376)
- msedge.exe (PID: 7512)
- msedge.exe (PID: 6192)
- msedge.exe (PID: 4836)
- msedge.exe (PID: 7072)
- msedge.exe (PID: 6780)
- msedge.exe (PID: 7104)
Reads Microsoft Office registry keys
- OpenWith.exe (PID: 4664)
- OpenWith.exe (PID: 7000)
- OpenWith.exe (PID: 5744)
- OpenWith.exe (PID: 7664)
- OpenWith.exe (PID: 888)
- OpenWith.exe (PID: 7772)
Application launched itself
- msedge.exe (PID: 5284)
Checks supported languages
- identity_helper.exe (PID: 7304)
Reads the computer name
- identity_helper.exe (PID: 7304)
Reads Environment values
- identity_helper.exe (PID: 7304)
Launching a file from the Downloads directory
- msedge.exe (PID: 5284)
Reads the software policy settings
- slui.exe (PID: 7832)
Checks proxy server information
- slui.exe (PID: 7832)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
221
Monitored processes
83
Malicious processes
0
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 888 | C:\WINDOWS\system32\OpenWith.exe -Embedding | C:\Windows\System32\OpenWith.exe | — | svchost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Pick an app Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 1148 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2356,i,8182426761787225103,8599876250586095779,262144 --variations-seed-version --mojo-platform-channel-handle=2348 /prefetch:2 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Version: 133.0.3065.92 Modules
| |||||||||||||||
| 1660 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://netorgft17657867-my.sharepoint.com/:w:/r/personal/tuandinh_pacificamethyst_com/Documents/Hana Questions.docx?d=wf2de2a3b90104b94a97e93a638a7432f&e=4:80c7122c6c84481697c231785054c92e&web=1&openShare=true&fromShare=true&at=9" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | explorer.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Exit code: 0 Version: 133.0.3065.92 Modules
| |||||||||||||||
| 1720 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5316,i,8182426761787225103,8599876250586095779,262144 --variations-seed-version --mojo-platform-channel-handle=4344 /prefetch:1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 133.0.3065.92 Modules
| |||||||||||||||
| 1896 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2780,i,8182426761787225103,8599876250586095779,262144 --variations-seed-version --mojo-platform-channel-handle=2440 /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Version: 133.0.3065.92 Modules
| |||||||||||||||
| 2028 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=7912,i,8182426761787225103,8599876250586095779,262144 --variations-seed-version --mojo-platform-channel-handle=7172 /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 133.0.3065.92 Modules
| |||||||||||||||
| 2320 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3636,i,8182426761787225103,8599876250586095779,262144 --variations-seed-version --mojo-platform-channel-handle=3680 /prefetch:1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 133.0.3065.92 Modules
| |||||||||||||||
| 2380 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3624,i,8182426761787225103,8599876250586095779,262144 --variations-seed-version --mojo-platform-channel-handle=3648 /prefetch:1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Version: 133.0.3065.92 Modules
| |||||||||||||||
| 2580 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --always-read-main-dll --field-trial-handle=7124,i,8182426761787225103,8599876250586095779,262144 --variations-seed-version --mojo-platform-channel-handle=5604 /prefetch:1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 133.0.3065.92 Modules
| |||||||||||||||
| 2596 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=7300,i,8182426761787225103,8599876250586095779,262144 --variations-seed-version --mojo-platform-channel-handle=7192 /prefetch:1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 133.0.3065.92 Modules
| |||||||||||||||
Total events
30 709
Read events
30 215
Write events
426
Delete events
68
Modification events
| (PID) Process: | (3832) OUTLOOK.EXE | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling |
| Operation: | write | Name: | 6 |
Value: 01941A000000001000B24E9A3E06000000000000000600000000000000 | |||
| (PID) Process: | (3832) OUTLOOK.EXE | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData |
| Operation: | write | Name: | SessionId |
Value: 1580B87D-5381-40D2-BDB4-324A8B6763D4 | |||
| (PID) Process: | (3832) OUTLOOK.EXE | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics |
| Operation: | delete value | Name: | BootFailureCount |
Value: | |||
| (PID) Process: | (3832) OUTLOOK.EXE | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Preferences |
| Operation: | delete value | Name: | ChangeProfileOnRestart |
Value: | |||
| (PID) Process: | (3832) OUTLOOK.EXE | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 |
| Operation: | write | Name: | 00030429 |
Value: 09000000 | |||
| (PID) Process: | (3832) OUTLOOK.EXE | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData |
| Operation: | write | Name: | ProfileBeingOpened |
Value: Outlook | |||
| (PID) Process: | (3832) OUTLOOK.EXE | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 |
| Operation: | write | Name: | 00030397 |
Value: 60000000 | |||
| (PID) Process: | (3832) OUTLOOK.EXE | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData |
| Operation: | write | Name: | 1 |
Value: 4D736F3A3A436865636B73756D52656769737472793A3A446174617C75696E7436345F747C2D373536333338323333333939373439313738313B456373436F6E666967526573706F6E7365446174617C7B202256657222203A2022696E7433325F747C30222C2022436F6E6649647322203A20227374643A3A77737472696E677C502D522D313039383135382D312D352C502D522D37363735372D312D322C502D522D32363134362D352D31372C502D442D32393633352D312D312C502D442D32373038372D312D392C502D522D37393638382D312D332C502D582D313035363139362D322D332C502D522D313037353533392D342D362C502D522D313036353130332D342D352C502D522D313034303537342D342D382C502D522D313032313439312D342D342C502D522D313032303733302D322D31302C502D522D313031393539312D342D342C502D522D313030343536312D342D342C64686965643636303A3434383338312C502D582D39383531382D362D392C502D582D313036313437302D322D332C502D582D313032313936352D312D372C502D582D313032313936382D322D332C502D582D37333633392D312D352C502D522D313037383237352D342D372C502D522D313037363531382D342D362C502D522D313036393531352D342D362C502D522D313032353434342D342D352C502D522D33333737342D36342D3235302C626C6F636B6564677261706869637361646170746572353A3437353839392C66653635313636373A3336313635382C37326838623835393A3238343430302C38306562633336353A3236353636392C61696764693533333A3338303138352C502D522D35383634302D312D332C502D582D37343731382D312D392C502D522D313037343034382D362D372C502D522D33353039392D322D342C6175656E613732343A3537373735332C502D522D313038313433312D382D362C502D522D313035333437382D382D352C502D522D33343834332D342D362C502D582D37313237342D312D372C502D522D33333832322D31342D36362C502D522D34353438332D31362D35332C502D522D35303731372D31382D36302C502D522D38373538372D342D342C502D522D37353036392D312D332C502D522D37353030312D312D332C502D522D36383135322D31382D32312C502D522D35323331362D31382D33372C502D522D34393136322D31382D31332C502D522D34393136312D31382D31332C502D522D34303235332D362D31392C502D522D34303235342D362D31382C502D522D33353430312D362D372C502D522D33323130372D32322D32322C636C70726F3130353A3436363736322C502D582D3130393138392D312D352C502D582D313030333535362D312D352C502D522D35383236362D34382D33392C502D522D32343938302D382D34382C502D522D31383237392D322D36352C63753637333A3332353936392C63756973663436343A3434363635342C502D582D313033363930382D312D332C502D522D3131333931352D382D372C502D522D35323938322D31382D33342C502D522D35313134352D322D372C67356234623530373A3238363035352C502D582D313031323533332D312D352C502D522D313036393430352D342D382C502D522D313035303139342D33322D32312C502D522D34313034362D32322D38332C64696173793933323A3237333238302C502D582D313037373139382D322D352C502D582D313034383430382D322D352C502D582D38353335392D312D31332C502D582D38393031322D312D31312C502D522D313036313635312D382D362C502D522D313034323432302D342D332C502D522D313033363136342D342D372C502D522D3131333530382D382D362C502D522D39353631362D382D352C502D522D37393631362D312D332C502D522D37373632312D312D332C502D522D37373230342D312D332C502D522D37363130372D312D332C502D522D37343333342D312D332C502D522D37343433392D312D332C502D522D37333634322D312D332C502D522D36383933382D312D362C502D522D36323837352D322D342C502D522D36303537392D322D322C502D522D36303333332D312D332C502D522D35383130372D322D322C502D522D35353734332D312D332C502D522D35313935382D312D352C502D522D33383038352D31322D392C502D522D33353338392D31382D33382C75736570726570726F63743A3337333738382C7573657632656E64706F696E7474726561746D656E743A3333333939332C6E617469766577696E333272646C3A3138363734342C646F6373686F6D6570616765736561726368656E61626C65616767726567617465646D7275736561726368736F757263653A3137353733392C502D522D313033343136392D31302D372C502D582D313037383537362D322D332C502D582D313035393131312D312D332C502D582D38303734322D312D31312C502D582D39333738372D332D31312C502D582D313035363137372D322D332C502D582D37393936312D312D372C502D582D313033333335362D322D332C502D582D39393034342D312D332C502D582D39363134312D312D332C502D452D32383637372D322D332C502D522D35353132322D382D382C502D522D35303235352D31302D392C502D522D34353331342D31302D31362C37393332313738393A3335353439302C336A6768393438383A3337353232372C6578706F773334343A3337353535352C65787069766F746E6F6E64657374727563746976656175746F67726F75703A3338373137392C69393268333737303A3333363131342C657861766F3833333A3234393839332C736D617274726563616C632D74726561746D656E743A3433313131322C6D6F6465726E62726F777365726F617574686469616C6F673A3230383934332C65786973723434383A3230383933342C502D582D313234303832332D312D332C502D452D33383233312D43312D342C502D522D313234353636322D31352D342C502D522D3130383334322D31342D31372C502D522D39353232352D31342D31372C502D522D39343636312D31342D31332C502D522D39343536302D31342D31322C502D522D39343138392D31342D31332C502D522D39333838322D31342D32362C502D522D36313134372D4331372D322C502D522D35343732382D31362D32332C502D522D35343639382D31362D31362C502D522D35343635382D31382D31392C502D522D34303034392D322D32392C502D522D33383330362D4331372D332C502D522D33343031392D342D332C77696E333264657669636563616E6172793A3534313438332C77696E333264657669636563616E6172793A3534313438332C502D582D313035313539312D312D352C502D582D313030373237342D332D31372C502D582D313030373237352D31332D34352C502D582D38353839362D312D31392C502D582D39313739302D312D352C502D582D313031343433312D312D372C502D582D3131363131352D312D392C502D582D3130373539352D312D352C502D582D36313130322D332D31312C502D582D35313236322D312D31312C502D582D35323539312D312D31312C502D582D39383636352D312D392C502D582D39383635352D312D352C502D582D38343436342D312D352C502D582D35343335382D312D372C502D582D35333937352D332D392C502D582D36393138392D312D372C502D582D35363237342D312D392C502D582D36333133342D312D372C502D582D35383637382D312D352C502D582D35353833322D312D362C502D582D35363134372D312D352C502D582D35363135342D312D352C502D582D35343231322D312D352C502D522D313535343133302D342D352C502D522D313535343132372D342D352C502D522D313535343132322D342D362C502D522D313037343833392D382D352C502D522D313037343430372D382D352C502D522D313037343033302D382D342C502D522D313037323332362D382D362C502D522D313036323835322D382D392C502D522D313035333236392D382D352C502D522D39353038322D382D352C502D522D39333937302D382D342C502D522D36393036352D312D332C502D522D35393139332D312D332C502D522D34353630392D31342D362C502D522D34353139372D322D362C502D522D34303938302D31382D31362C502D522D33393032392D352D31382C502D522D33353136352D322D372C502D522D32393830392D312D372C502D522D32363936382D332D392C502D522D31383432352D382D36322C502D522D31383432362D352D33302C502D522D31383432342D342D33342C502D442D313130393930372D342D31322C686E6C6162656C3A3630333036372C686E656469746F72733A3531383233342C356D696E31306D696E5F31306D696E6772616365706572696F643A3531373738392C66696C69733436363A3733363730322C66696D6F633234383A3139333439312C62657474657262726561646372756D62733A3439303833362C6669616C6C3139383A3439383838372C66696261633936373A3630383537312C66697465733231373A3136313436382C66697265663334363A33343532352C66696D6F633538393A32383937392C6772617068617069666F726F64656E61626C6564726F6C6C6F75743A3339343135362C6F6E656472697665636F6E76657267656E6365656E6C69676874656E6564726F6C6C6F75743A3135393033382C66696F6D693239333A3131383038312C6669656E613934373A33303633352C66697374613430373A36313032372C6669656E613930333A36353934342C66696461763236353A35353033352C66696361633834313A34393636342C6669656E613431353A33383738302C6669656E613439303A33343138312C72656D6F74656D6F76656465766963653A34323530302C6669656E613237363A34313030342C6669656E613338313A34393939372C502D582D313032303335332D312D372C502D522D313233363533302D382D322C502D522D313037383537312D31382D382C502D522D313034363334302D31382D31352C502D522D313033343131382D31382D32302C502D522D313032363335342D31382D32312C502D522D36313730372D33362D32382C502D522D35333534352D342D352C502D522D34393733362D362D32322C502D522D33303038352D312D392C502D522D32353135372D382D31342C502D522D32343336332D362D31332C502D522D31393831342D312D36322C502D522D31393031322D312D35372C666C656E613231343A3532363832342C666C656E613231343A3532363832342C502D582D313032343434382D312D332C30356269353338323A3430333333312C502D582D313035363435362D322D31312C502D582D313031383536342D332D392C502D582D313032303539372D312D372C502D582D313030393332392D312D372C502D582D313031313434322D312D31312C502D582D313031393633322D312D332C502D582D313031353535342D312D352C502D582D313031303331342D312D352C502D582D3130383336342D312D332C502D582D37373734322D312D352C502D582D38363339352D312D352C502D582D38343332312D312D352C502D582D35303232302D312D332C502D582D34393733302D312D332C502D522D313034333838352D362D362C502D522D313031343435322D382D382C502D522D36343834312D32322D31352C502D522D36333130302D32382D31302C502D522D35323033382D32382D31382C502D522D34303939302D31322D31352C502D522D33323734342D31342D31352C502D522D33323734312D33322D31362C502D522D32383735312D322D32302C69693435373531323A3434393137382C6272616B696E67736B703A3338383633312C6772616C743139333A3431313231352C6772616C743232323A3334353534372C67726766783930363A3432333930352C67723233343A3433343331362C6772736B693435353A3537383535332C67723331323A3631333334312C67723337303A3538333038372C677264656C3334373A3132373632382C67727376673936303A3435323639302C67727573653434343A3132343039312C67727573653438383A3537303335382C677269636F3430363A31393737372C502D582D3130353838392D312D352C32346139333336353A3134373734372C502D522D35303432392D31382D382C502D522D33363533392D31302D352C502D522D32343038342D312D31362C502D582D313535393535332D312D332C502D582D313034393232352D312D332C502D582D313033333336302D312D352C502D582D313033333335352D312D332C502D582D313031313137332D312D352C502D522D313537363838342D31332D31342C502D522D313434353932342D382D362C502D522D313130313038312D382D352C502D522D313037373631302D382D352C502D522D313032363534322D382D342C502D522D313032313732352D31382D35302C502D522D35333432312D32382D31342C502D522D34303437352D32382D32382C502D522D33353938352D31342D32332C502D522D33323030342D322D352C37613961633834303A3736333637322C39373935633332303A3335393832302C32646262623537393A3238363232352C69383364613438393A3338383033382C69643539323A3238383731342C502D582D38383033352D312D352C6C616C616E3233313A3134303738312C502D582D313237363530392D312D352C502D582D313033393636392D312D392C502D582D313035363637392D312D362C502D582D313031323534332D342D32352C502D582D3130333738362D312D332C502D522D313238303432352D31332D31372C502D522D36313234382D31382D372C502D522D35313939352D31382D32382C502D522D33323433382D31352D35352C69306437363937303A3539383638392C31343530373439353A3430363034302C6C6F6F705F6761726F6C6C6F75743A3431303034392C65663635393538383A3430343732312C6C656973753732343A3631303738342C502D582D313034343531342D322D372C502D582D313036313732332D322D352C502D582D313037363235322D312D362C502D582D313034393634392D322D352C502D582D313034373731352D322D372C502D582D313031343139352D342D31392C502D582D313032363133312D322D352C502D582D313032373931332D312D31312C502D582D313031373734352D382D31342C502D582D38303736372D312D33372C502D582D3130383634332D322D372C502D582D313030393034382D312D392C502D582D39353630352D322D332C502D522D313035383637352D382D342C502D522D313033363537362D342D342C502D522D39383131302D342D352C502D522D37393936332D312D322C502D522D36303831362D31302D31392C502D522D35313736342D312D342C502D522D34323339322D322D342C502D522D33393037332D312D352C70697063687962726964743A3333363236352C326766396A3631383A3336323439302C396A6734633839333A3335373434342C34676839653230353A3438333737382C363135316A3631333A3434373631392C67643868383735353A3331373939302C6A6A3035303832373A3234353136322C61306537323236393A3332323039342C37673633363833323A3236383639382C65396268363531353A3234343439392C37366534673937353A3332343937392C6C693533303A3537313939352C67306864303232313A3435303335352C502D522D313132333337362D31302D31342C502D522D313030393835352D31322D31342C502D522D39383835362D31382D34382C502D522D313036313233392D382D362C502D522D34333438392D33302D31352C502D522D33383431302D31322D32332C502D582D313239313234362D322D332C502D582D313236343332372D312D392C502D582D313032313731342D322D352C502D582D313032373135362D312D372C502D582D313031323836352D312D352C502D582D313036313138302D322D372C502D582D313037313733392D312D332C502D582D313036363534362D312D31332C502D582D38393837382D312D352C502D582D313035303032352D312D31312C502D582D313035303636352D332D372C502D582D313034313735362D322D352C502D582D313032313432332D322D352C502D582D313031393538312D312D332C502D582D313030363137342D312D352C502D582D3131383230392D312D332C502D582D35313735392D312D332C502D522D313536353432382D322D332C502D522D313533343538302D382D322C502D522D313532363931352D382D332C502D522D313234393337302D342D352C502D522D313039343131352D342D342C502D522D313038393139322D362D352C502D522D313031373036362D342D352C502D522D3131373934312D342D342C502D522D35393533342D312D332C502D522D35343535372D312D332C63683337313137393A3630303339362C33326535613931333A3538333337322C64633031373739383A3533373631302C31323568373933353A3335313834372C6361726574706F736974696F6E6368616E6765643A3339343139362C38376A61613633343A3336383734362C3866316A663234323A3638313635382C62656C6F776F70656E646976696465723A3534323535372C6F6575696C3832303A3332363132342C726573706563746C6F6F707374796C653A3639313535392C6F65656E61626C656F73666964656E746974796D616E616765723A3434393931392C67623038643735323A3239323132322C65333931323438393A3338393436372C6F656D69633633393A3339373735332C6F65616C6C3834333A3337353838372C6F65666C753433343A3332313933392C6F656D61633335383A32303530322C726573706563746C6F6F707374796C653A3639313535392C502D522D37313336302D31382D31392C502D582D37363535352D312D332C6F6E6D61703336363A38313734302C502D442D313437363534302D312D332C502D442D313234383335302D332D332C502D442D313232303436342D392D352C502D442D313033303630312D332D332C502D442D313135373731372D312D332C502D442D313134393433362D312D332C502D442D313133313332392D362D372C502D442D313131303935362D342D332C502D442D313038343536352D332D332C502D442D313037333031342D352D332C502D442D313035393333322D322D342C502D442D313034323830332D322D342C502D442D313033373534312D372D362C502D442D313033333339312D322D342C502D442D313033313531322D312D332C502D442D313033313531302D312D332C502D442D313033313530392D312D332C502D442D313033313530382D312D332C502D442D313033313436302D312D332C502D442D313033313435362D322D342C502D442D313033313435352D312D332C502D442D313033313435342D312D332C502D442D313033313435332D312D332C502D442D313033313435322D312D332C502D442D313033313435312D312D332C502D442D313033313435302D312D332C502D442D313033313434392D312D332C502D442D313033313434382D312D332C502D442D313033313434372D312D332C502D442D313033313434362D312D332C502D442D313033313337332D312D332C502D442D313033313035302D342D332C502D442D313033313032322D312D332C502D442D313033313031382D312D332C502D442D313033313031322D312D332C502D442D313033303936342D312D332C502D442D313033303936332D312D | |||
| (PID) Process: | (3832) OUTLOOK.EXE | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData |
| Operation: | write | Name: | ChunkCount |
Value: uint64_t|0 | |||
| (PID) Process: | (3832) OUTLOOK.EXE | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData |
| Operation: | write | Name: | 1.1 |
Value: 332C502D442D313033303932362D312D332C502D442D313033303932332D322D332C502D442D313033303932322D322D332C502D442D313033303932302D322D332C502D442D313033303931382D322D332C502D442D313033303931362D322D332C502D442D313033303931342D322D332C502D442D313033303931322D322D332C502D442D313033303931302D322D332C502D442D313033303930382D322D332C502D442D313033303930362D322D332C502D442D313033303930342D322D332C502D442D313033303930322D322D332C502D442D313033303930302D322D332C502D442D313033303839382D322D332C502D442D313033303839362D322D332C502D442D313033303839332D322D332C502D442D313033303839312D322D332C502D442D313033303838392D322D332C502D442D313033303838372D322D332C502D442D313033303838352D322D332C502D442D313033303838332D322D332C502D442D313033303838312D322D332C502D442D313033303837392D322D332C502D442D313033303837372D322D332C502D442D313033303837362D322D332C502D442D313033303837352D322D332C502D442D313033303837332D332D332C502D442D313033303837322D322D332C502D442D313033303837312D322D332C502D442D313033303837302D322D332C502D442D313033303836392D322D332C502D442D313033303836382D322D332C502D442D313033303836372D322D332C502D442D313033303836362D322D332C502D442D313033303836352D322D332C502D442D313033303836342D322D332C502D442D313033303836322D322D332C502D442D313033303836302D322D332C502D442D313033303835382D322D332C502D442D313033303835362D322D332C502D442D313033303835342D322D332C502D442D313033303835322D322D332C502D442D313033303835302D322D332C502D442D313033303834382D322D332C502D442D313033303834372D322D332C502D442D313033303834362D322D332C502D442D313033303834342D322D332C502D442D313033303834322D322D332C502D442D313033303834312D322D332C502D442D313033303834302D322D332C502D442D313033303833382D322D332C502D442D313033303833362D322D332C502D442D313033303833342D322D332C502D442D313033303833322D322D332C502D442D313033303833302D322D332C502D442D313033303832382D322D332C502D442D313033303832362D322D332C502D442D313033303832342D322D332C502D442D313033303832322D322D332C502D442D313033303831392D322D332C502D442D313033303831362D322D332C502D442D313033303831322D322D332C502D442D313033303831312D322D332C502D442D313033303831302D322D332C502D442D313033303830382D322D332C502D442D313033303830362D322D332C502D442D313033303830332D322D332C502D442D313033303830312D322D332C502D442D313033303830302D322D332C502D442D313033303739392D322D332C502D442D313033303739382D322D332C502D442D313033303739372D322D332C502D442D313033303739362D322D332C502D442D313033303739352D322D332C502D442D313033303739342D322D332C502D442D313033303739332D322D332C502D442D313033303739322D322D332C502D442D313033303739312D322D332C502D442D313033303738392D322D332C502D442D313033303738372D322D332C502D442D313033303738362D322D332C502D442D313033303738352D322D332C502D442D313033303738332D322D332C502D442D313033303738312D322D332C502D442D313033303737392D322D332C502D442D313033303737372D322D332C502D442D313033303737352D322D332C502D442D313033303737332D322D332C502D442D313033303737312D322D332C502D442D313033303736392D322D332C502D442D313033303736372D322D332C502D442D313033303736352D322D332C502D442D313033303736332D322D332C502D442D313033303736312D322D332C502D442D313033303736302D322D332C502D442D313033303735392D322D332C502D442D313033303735382D322D332C502D442D313033303735372D322D332C502D442D313033303735362D322D332C502D442D313033303735352D322D332C502D442D313033303735332D322D332C502D442D313033303735312D322D332C502D442D313033303734392D322D332C502D442D313033303734372D322D332C502D442D313033303734352D322D332C502D442D313033303734332D322D332C502D442D313033303734302D332D332C502D442D313033303733382D322D332C502D442D313033303733372D322D332C502D442D313033303733362D322D332C502D442D313033303733342D322D332C502D442D313033303733322D322D332C502D442D313033303733302D322D332C502D442D313033303732382D322D332C502D442D313033303732362D322D332C502D442D313033303732342D322D332C502D442D313033303732322D322D332C502D442D313033303731392D322D332C502D442D313033303731372D322D332C502D442D313033303731352D322D332C502D442D313033303731332D322D332C502D442D313033303731322D322D332C502D442D313033303731312D322D332C502D442D313033303730392D322D332C502D442D313033303730382D322D332C502D442D313033303730372D322D332C502D442D313033303730362D322D332C502D442D313033303730352D322D332C502D442D313033303730342D322D332C502D442D313033303730332D322D332C502D442D313033303730322D322D332C502D442D313033303730312D322D332C502D442D313033303639392D322D332C502D442D313033303639372D322D332C502D442D313033303639362D322D332C502D442D313033303639352D322D332C502D442D313033303639332D322D332C502D442D313033303639312D322D332C502D442D313033303639302D322D332C502D442D313033303638392D322D332C502D442D313033303638372D322D332C502D442D313033303638352D322D332C502D442D313033303638332D322D332C502D442D313033303638312D322D332C502D442D313033303637392D322D332C502D442D313033303637372D322D332C502D442D313033303637352D322D332C502D442D313033303637332D322D332C502D442D313033303637312D322D332C502D442D313033303636392D322D332C502D442D313033303636382D322D332C502D442D313033303636352D322D332C502D442D313033303636342D322D332C502D442D313033303636332D322D332C502D442D313033303636312D322D332C502D442D313033303635392D322D332C502D442D313033303635362D312D332C502D442D313033303634392D312D332C502D442D313033303634322D31322D382C502D442D313033303633332D312D332C502D442D313033303632382D322D342C502D442D313033303539322D312D332C502D442D313033303534372D322D342C502D442D313033303534352D312D332C502D442D313033303534322D312D332C502D442D313033303438352D312D332C502D442D313032393530362D322D332C502D442D313032393530352D312D332C502D442D313032393434362D312D332C502D442D313032393434352D312D332C502D442D313032393434342D312D332C502D442D313032393434332D312D332C502D442D313032393434322D312D332C502D442D313032393434312D312D332C502D442D313032393434302D312D332C502D442D313032393433372D312D332C502D442D313032393433312D312D332C502D442D313032393433302D312D332C502D442D313032393432382D312D332C502D442D313032393432362D312D332C502D442D313032393432352D312D332C502D442D313032393432342D312D332C502D442D313032393432302D312D332C502D442D313032393431392D312D332C502D442D313032393431362D312D332C502D442D313032393431352D312D332C502D442D313032393431342D312D332C502D442D313032393431332D322D342C502D442D313032393431322D322D342C502D442D313032393431312D312D332C502D442D313032393430392D312D332C502D442D313032393430382D312D332C502D442D313032393430322D312D332C502D442D313032393430312D312D332C502D442D313032393430302D312D332C502D442D313032393339392D312D332C502D442D313032393339362D312D332C502D442D313032393339352D312D332C502D442D313032393339342D312D332C502D442D313032393339332D312D332C502D442D313032393339322D312D332C502D442D313032393339312D312D332C502D442D313032393339302D312D332C502D442D313032393338392D312D332C502D442D313032393338382D312D332C502D442D313032393338372D312D332C502D442D313032393338362D312D332C502D442D313032393338352D312D332C502D442D313032393338342D312D332C502D442D313032393338332D312D332C502D442D313032393338322D312D332C502D442D313032393338312D312D332C502D442D313032393338302D322D342C502D442D313032393337372D312D332C502D442D313032393337362D312D332C502D442D313032393337352D312D332C502D442D313032393337342D312D332C502D442D313032393337322D312D332C502D442D313032393337312D312D332C502D442D313032393337302D312D332C502D442D313032393336392D312D332C502D442D313032393336372D312D332C502D442D313032393336362D312D332C502D442D313032393336352D312D332C502D442D313032393336342D312D332C502D442D313032393336302D312D332C502D442D313032393335392D312D332C502D442D313032393335382D312D332C502D442D313032393335372D312D332C502D442D313032393335362D312D332C502D442D313032393335342D312D332C502D442D313032393335322D312D332C502D442D313032393335312D312D332C502D442D313032393335302D312D332C502D442D313032393334392D312D332C502D442D313032393334382D312D332C502D442D313032393334372D312D332C502D442D313032393334362D312D332C502D442D313032393334312D312D332C502D442D313032393333392D312D332C502D442D313032393333382D312D332C502D442D313032393333322D312D332C502D442D313032393333312D312D332C502D442D313032393333302D312D332C502D442D313032393332392D312D332C502D442D313032393332382D312D332C502D442D313032393332372D312D332C502D442D313032393332352D312D332C502D442D313032393332342D312D332C502D442D313032393332332D312D332C502D442D313032393332302D312D332C502D442D313032393331392D312D332C502D442D313032393331382D312D332C502D442D313032393331372D312D332C502D442D313032393331362D312D332C502D442D313032393331322D312D332C502D442D313032393331312D312D332C502D442D313032393331302D312D332C502D442D313032393330392D312D332C502D442D313032393330352D312D332C502D442D313032393330342D312D332C502D442D313032393330332D312D332C502D442D313032393330302D312D332C502D442D313032393239392D312D332C502D442D313032393239382D312D332C502D442D313032393239372D312D332C502D442D313032393239362D312D332C502D442D313032393239352D312D332C502D442D313032393239332D322D332C502D442D313032393238392D31362D342C502D442D313032393237362D312D332C502D442D313032393237352D312D332C502D442D313032393237322D312D332C502D442D313032393237302D312D332C502D442D313032393236372D362D342C502D442D313032393235302D312D332C502D442D313032393234332D312D332C502D442D313032393233382D312D332C502D442D313032393233372D312D332C502D442D313032393233342D312D332C502D442D313032393230352D312D332C502D442D313032393230332D312D332C502D442D313032393134382D332D342C502D442D313032393133372D312D332C502D442D313032393039372D322D332C502D442D313032393039362D322D332C502D442D313032393039332D322D332C502D442D313032393039322D322D332C502D442D313032393039312D322D332C502D442D313032393039302D322D332C502D442D313032393038362D312D332C502D442D313032393038302D382D352C502D442D313032393037382D312D332C502D442D313032393037372D312D332C502D442D313032393037352D372D342C502D442D313032393036352D312D332C502D442D313032383937342D312D332C502D442D313032383935362D332D342C502D442D313032383837342D312D332C502D442D3130343131332D342D362C502D442D3130333938352D332D352C502D582D313034333136302D312D31332C502D582D313033373736392D312D372C502D582D313035353134302D312D392C502D582D313032353538312D312D372C502D582D39393239342D312D31352C502D582D39353831382D312D372C502D582D313032363730362D322D352C502D582D36373436312D312D372C502D582D313030303935322D312D31332C502D582D313035353639322D332D33322C502D582D313034343238342D312D352C502D582D313031363834372D312D372C502D582D313033373837312D322D392C502D582D3131323435312D332D31372C502D582D313031393538372D312D372C502D582D313032363130342D322D372C502D582D313031363236302D312D352C502D582D313032333334322D312D352C502D582D313032303934342D312D372C502D582D313031363832382D312D372C502D582D313031353837322D312D352C502D582D313031303733352D312D352C502D582D313031303533372D312D332C502D582D39343034372D312D392C502D582D313030323635382D312D372C502D582D3130383132342D312D352C502D582D38333332362D312D352C502D582D38373237342D312D31372C502D582D39393430312D312D352C502D582D38393032322D312D372C502D582D38383139332D312D31352C502D522D313134303733382D382D31302C502D522D313039373033302D362D372C502D522D313038363231382D362D382C502D522D313038333231352D362D382C502D522D313037333138382D362D31302C502D522D313037323838372D362D31302C502D522D313033353939342D362D392C502D522D313036323838302D362D372C502D522D313036323234302D362D382C502D522D313034383338392D362D382C502D522D313034363235362D342D382C502D522D37323236322D362D31322C502D522D35353031342D32302D31322C502D522D35343832362D32302D33322C502D522D35323939302D32302D32352C502D522D34303431392D4331392D37322C502D522D33363435322D32302D34322C502D522D33353438322D31322D31302C502D522D33353234302D34342D38362C502D522D33333339392D31322D31302C502D522D31383636322D362D33382C64393467633535363A3439303438392C30373063323631393A3339353330322C72656D696E646572736175746F6469736D6973737465616368696E6763616C6C6F75743432303A3339373831302C30623632313636353A3435313930372C7365617263685F73756767657374696F6E735F626573746D617463683A3437313738312C6F75656E613330333A3430303333382C67313031693931343A3332363333372C6F756F70783539333A3332373234352C6F753533363A3332373935322C67313267383938343A3339353239302C35636362693937333A3530383838352C6D6F6E6172636873657474696E67733A3431343733302C6A373338693937333A3339393332342C61637469766974657265616374696F6E73736B696E746F6E653A3431313738372C6F756F70783438333A3430313037382C6A3661656A3431353A3430313039302C6F757361663734373A3332343333342C39643633383734303A3332363935362C6F756875626C6173746368616E636563616C6C6F75743A3337343638382C736561726368737570706F727477696E646F7773696E646578696E677468726F74746C696E673A3332343432332C6F753430353A3332373236322C6F756164643538333A3332333937312C6F757365743532313A3430353631382C6F75636F6D3235373A3338383138372C6F756167613938363A3332363935342C6469616770616E65776562766965773A3332363337322C6F757365613937333A3332333836322C6F757365613830353A3332343934332C696E737472756D656E746174696F6E616E64616E73776572733A3332363939362C6174746163686D656E74746967687473706163696E673A3431363032352C6F756F70783331393A3332363731392C502D582D313035323931302D312D332C502D582D313032303532392D312D332C502D522D313031363533392D382D352C502D522D38323437332D312D342C502D522D35363631382D312D332C31393167353730353A3433333136302C7065696E703639343A3234363834392C502D582D38323337372D312D332C502D522D33333639362D312D352C656E61626C65616C776179736F6E726566726573683A3231383034362C502D522D33393931322D312D322C502D522D35303338302D31382D31382C502D582D3131353136362D312D332C70753436393A3433343439332C502D582D313032373334312D322D352C502D582D313034383034362D312D332C502D582D313034353236392D312D352C502D582D313034313335352D312D352C502D582D313034353035392D312D332C502D582D313034343238362D312D352C502D582D313030303536392D362D31392C502D582D313033383038312D322D352C502D582D313031383131372D312D352C502D582D37303330322D312D372C502D582D313032313138372D312D332C502D582D313031353532362D312D352C502D582D3131373734302D312D332C502D582D37313237382D352D31372C502D522D313038383737372D382D352C502D522D313038313636382D382D342C502D522D313037353133352D382D352C502D522D313037343337322D342D352C502D522D313037343037372D342D352C502D522D313036343135392D382D382C502D522D313034303537392D32362D31372C502D522D313033383632392D382D352C502D522D36333333382D31382D31312C502D522D35383235312D31382D31322C502D522D33333733372D312D342C6A636765643937303A3336353634322C38663966623737313A3339363938322C38623061313234353A3435343833312C66393935643630373A3334363839312C36366568313330383A3334353931382C33666831623238333A3338333636362C68693536673538353A3336383031332C65303931363830323A3439303739312C6A757374696669636174696F6E6F746865727769746873656375726974797761726E696E673A3435313233342C73656175743933393A3539363937312C33363832333632363A3532363433392C736566673833383A3334363836392C677261706869637366696C74657265787472616C6F636B646F776E | |||
Executable files
10
Suspicious files
206
Text files
60
Unknown types
1
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 3832 | OUTLOOK.EXE | C:\Users\admin\Documents\Outlook Files\Outlook1.pst | — | |
MD5:— | SHA256:— | |||
| 5284 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF17df63.TMP | — | |
MD5:— | SHA256:— | |||
| 5284 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old | — | |
MD5:— | SHA256:— | |||
| 5284 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF17df73.TMP | — | |
MD5:— | SHA256:— | |||
| 5284 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old | — | |
MD5:— | SHA256:— | |||
| 5284 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF17df92.TMP | — | |
MD5:— | SHA256:— | |||
| 3832 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres | binary | |
MD5:FAFBD5EDB0E51D1BE168E3A59900E5E6 | SHA256:7BEB71B4B1E2C4C2D38D5B06B0A3C1E5A0A4E71BFDDE6B5A00706B2CE208B5E5 | |||
| 3832 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin | text | |
MD5:57F0FDE41CEC30C6FEB60E0CAB0341A4 | SHA256:103931FA57F648A3FC6DC8ADB17A630F6570E37EB6A4C387A7F750301A6B920B | |||
| 5284 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF17dfb1.TMP | — | |
MD5:— | SHA256:— | |||
| 5284 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old | — | |
MD5:— | SHA256:— | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
120
TCP/UDP connections
88
DNS requests
73
Threats
13
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
1268 | svchost.exe | GET | 200 | 184.25.50.8:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
5944 | MoUsoCoreWorker.exe | GET | 200 | 184.25.50.8:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
1268 | svchost.exe | GET | 200 | 95.101.149.131:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
5528 | RUXIMICS.exe | GET | 200 | 95.101.149.131:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
5944 | MoUsoCoreWorker.exe | GET | 200 | 95.101.149.131:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
— | — | GET | 200 | 23.50.131.87:443 | https://omex.cdn.office.net/addinclassifier/officesharedentities | unknown | text | 314 Kb | whitelisted |
— | — | GET | 200 | 52.123.243.75:443 | https://ecs.office.com/config/v2/Office/outlook/16.0.16026.20146/Production/CC?&Clientid=%7bD61AB268-C26A-439D-BB15-2A0DEDFCA6A3%7d&Application=outlook&Platform=win32&Version=16.0.16026.20146&MsoVersion=16.0.16026.20002&SDX=fa000000002.2.0.1907.31003&SDX=fa000000005.1.0.1909.30011&SDX=fa000000006.1.0.1909.13002&SDX=fa000000008.1.0.1908.16006&SDX=fa000000009.1.0.1908.6002&SDX=fa000000016.1.0.1810.13001&SDX=fa000000029.1.0.1906.25001&SDX=fa000000033.1.0.1908.24001&SDX=wa104381125.1.0.1810.9001&ProcessName=outlook.exe&Audience=Production&Build=ship&Architecture=x64&Language=en-US&SubscriptionLicense=false&PerpetualLicense=2019&LicenseCategory=6&LicenseSKU=Professional2019Retail&OsVersion=10.0&OsBuild=19045&Channel=CC&InstallType=C2R&SessionId=%7b1580B87D-5381-40D2-BDB4-324A8B6763D4%7d&LabMachine=false | unknown | binary | 388 Kb | whitelisted |
— | — | GET | 200 | 52.111.231.8:443 | https://messaging.lifecycle.office.com/getcustommessage16?app=6&ui=en-US&src=BizBar&messagetype=BizBar&hwid=04111-083-043729&ver=16.0.16026&lc=en-US&platform=10%3A0%3A19045%3A2%3A0%3A0%3A256%3A1%3A&productid=%7B1717C1E0-47D3-4899-A6D3-1022DB7415E0%7D%3A00411-10830-43729-AA720%3AOffice%2019%2C%20Office19Professional2019R_Retail%20edition&clientsessionid=%7B1580B87D-5381-40D2-BDB4-324A8B6763D4%7D&datapropertybag=%7B%22Audience%22%3A%22Production%22%2C%22AudienceGroup%22%3A%22Production%22%2C%22AudienceChannel%22%3A%22CC%22%2C%22Flight%22%3A%22ofsh6c2b1tla1a31%2Cofcrui4yvdulbf31%2Cofhpex3jznepoo31%2Cofpioygfqmufst31%22%7D | unknown | text | 542 b | whitelisted |
— | — | POST | 200 | 104.208.16.89:443 | https://self.events.data.microsoft.com/OneCollector/1.0/ | unknown | — | — | whitelisted |
— | — | GET | 200 | 13.107.42.16:443 | https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=EdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=51&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1741678270&lafgdate=0 | unknown | binary | 1.47 Kb | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
5944 | MoUsoCoreWorker.exe | 20.73.194.208:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
5528 | RUXIMICS.exe | 20.73.194.208:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
1268 | svchost.exe | 20.73.194.208:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
1268 | svchost.exe | 184.25.50.8:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
5944 | MoUsoCoreWorker.exe | 184.25.50.8:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
1268 | svchost.exe | 95.101.149.131:80 | www.microsoft.com | Akamai International B.V. | NL | whitelisted |
5528 | RUXIMICS.exe | 95.101.149.131:80 | www.microsoft.com | Akamai International B.V. | NL | whitelisted |
5944 | MoUsoCoreWorker.exe | 95.101.149.131:80 | www.microsoft.com | Akamai International B.V. | NL | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
google.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
ecs.office.com |
| whitelisted |
omex.cdn.office.net |
| whitelisted |
messaging.lifecycle.office.com |
| whitelisted |
self.events.data.microsoft.com |
| whitelisted |
edge.microsoft.com |
| whitelisted |
config.edge.skype.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
6960 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Request to SharePoint public/private file sharing TLS SNI (.sharepoint .com) |
6960 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Request to SharePoint public/private file sharing DNS (.sharepoint .com) |
6960 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Request to SharePoint public/private file sharing DNS (.sharepoint .com) |
6960 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Request to SharePoint public/private file sharing TLS SNI (.sharepoint .com) |
6960 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Request to SharePoint public/private file sharing TLS SNI (.sharepoint .com) |
6960 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Request to Azure content delivery network (aadcdn .msauth .net) |
6960 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Request to Azure content delivery network (aadcdn .msauth .net) |
6960 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Request to Azure content delivery network (aadcdn .msauth .net) |
6960 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Request to Azure content delivery network (aadcdn .msauth .net) |
6960 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Request to Azure content delivery network (aadcdn .msauth .net) |