File name:

Elio.elgemayel-In Services.Agreement-YAMPA 832957.docx

Full analysis: https://app.any.run/tasks/9d88a1f8-a2f9-455b-9725-6b4fcc9f96b9
Verdict: Malicious activity
Analysis date: October 06, 2024, 06:39:21
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
phishing
Indicators:
MIME: application/octet-stream
File info: data
MD5:

8A1B166F0AB8CD9255685FBD17083A5E

SHA1:

0BB0FEC27B624316611D186B45BE87FDDE0C175B

SHA256:

9D4A8EC8300D42361DAA324E6400CE20DC8EE2424B268FF04A4EBCCA7739A55F

SSDEEP:

384:lYNXDUvvtdkAa2p91ZuaG7swNBi9/72nPvZ2hp9LAnNZC:lY1gNDp3eDNE/6ZYpxAy

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 6844)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • msedge.exe (PID: 2212)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
171
Monitored processes
36
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winword.exe ai.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs #PHISHING msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
132"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4244 --field-trial-handle=2400,i,11996636458299229006,5540218880797661748,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2212"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://u46509964.ct.sendgrid.net/ls/click?upn=u001.16O0hg1-2FLz1kpPxGHUZbqbKQgZ1gbNa6PykoehLtI1id-2FPS9aeDz15eBIvH8RtYR6xXMhO83ET3eSzh706ON8a0T3A4VThnvmhYHviMacTmk2sOePR7F7HFWw0rEYE0gUidzSJOvqxXirs9sZfmXMmvyTyiXgYAj1XFP3VeFfMFjysnaZRAyHDSlUcosGkXjDPhiGor7cOdZAgC5siWiCQ-3D-3DFl8x_uB0c-2B-2B6B-2FPilo6WDmgG90XCAzdIHgcfyayexoIwtGX1-2FgeMmAnK-2FTIMy-2BjdzfQ6TsGFjGNMnAQ-2BreLtDaAA4LREzmUS-2BzxjAEE078VTsw66tiVRrt46nGq8jzeP1Yqix3XQtXUwDLfvBmfmMWtWld0j6MLbp7YPlG91-2BRD2kzFlDdxOe8x888JgTZbiDntT7bru-2BNd8Gs0VoWelK81Cp1IUv96f7YequOBm8ZLUYkNLypzYFzn-2BQDvt3-2F-2BlhqoicdQsastOjaKRyWAjP9W8-2Fr3JCz-2FQPROBzz7gozI9pEkK31pKEdZxGOy5hDaMWZmDEBmI8kOMdmUzznQjjch6WyaLGIngw-2BwhjQ3f2hjmHXDuToc2FtH6Tun6aAnZgEHbhy9LXaaM4ekMZmJoxUhcR8Fmbm1pWADU6hbF3HnLAa3o4pHa8v-2BvoJXwC57-2BZXr1PNvmASo-2B8rmaJwvm73D2KIehIJ43UlTGpeT6Dp4jEqLba6vv-2F8OoKwmFU72RE2j9w4Xu0GLnKaWqk0H4EMZOIbEl2iOJwMyh-2BY5Vu7LJeIV7rTATcHulbLFgvien0xZYPpdkXNwqMHRmgNQ9wnq5QAF0DXt6AQWbyWhiAd1zuUHBjjhpohMNhBGYFteAmMaDHP-2FmA-2B3BG-2BXAqIFcFnfn715Js48Y9qgZuIXgfNxW3jK4zqnruNThwCEeKqLKC2SAD-2FCSuVRnCc0oo1httze3p6zljPjrcCGBdknoCPZi0cQhhFcX5k1ONeG5kj34O-2FBBoQ-2FLjT8vsRUtwPfx4G3MPg3tV-2B4orWLdlLlt1eXCdUfCFiKPCJa1cUvNi7IiggvrjlrOuIFG-2FsMe9YK5ZdjGzzKPUw0S7VOWKcWqXOTpRbqgblGcVYpX9fz5LPb69DH2bd8Zzx5C5N7xHqHtzKjn0dGQjKl3AHqBj5ZtH4T2gpBZ5qEvJzRdUD3h9HwkezHMAqeK8v1FbCZR2oe82deXZV6C9J1IFVqTzZXHtLKGjq0A-3DC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
WINWORD.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3848"C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exe" "E638DF31-CB10-4CC0-B572-20A56DEC49BF" "5FAAA709-B765-43B1-A12D-FD8FEA87CD77" "4804"C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exeWINWORD.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Artificial Intelligence (AI) Host for the Microsoft® Windows® Operating System and Platform x64.
Version:
0.12.2.0
Modules
Images
c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\ai.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\common files\microsoft shared\clicktorun\appvisvsubsystems64.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
4476"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x300,0x304,0x308,0x2f8,0x310,0x7fffd2355fd8,0x7fffd2355fe4,0x7fffd2355ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4648"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3520 --field-trial-handle=2400,i,11996636458299229006,5540218880797661748,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4720"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2396 --field-trial-handle=2400,i,11996636458299229006,5540218880797661748,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4804"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\Elio.elgemayel-In Services.Agreement-YAMPA 832957.docx" /o ""C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Word
Version:
16.0.16026.20146
Modules
Images
c:\program files\microsoft office\root\office16\winword.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
5112"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4088 --field-trial-handle=2400,i,11996636458299229006,5540218880797661748,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5500"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3680 --field-trial-handle=2400,i,11996636458299229006,5540218880797661748,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6800"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2708 --field-trial-handle=2400,i,11996636458299229006,5540218880797661748,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
18 666
Read events
18 219
Write events
397
Delete events
50

Modification events

(PID) Process:(4804) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
Operation:writeName:0
Value:
017012000000001000B24E9A3E01000000000000000500000000000000
(PID) Process:(4804) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\5932
Operation:delete valueName:0
Value:
ซ괐殺ࠆꯞꝅ莼跳⏺䘅헉꾍樁င$梅摝麨…ީ湕湫睯쥮௅賙ᒳ೅肫
(PID) Process:(4804) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\5932
Operation:delete keyName:(default)
Value:
(PID) Process:(4804) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\WINWORD\4804
Operation:writeName:0
Value:
0B0E102020D28BDB91DD419283D0718F61B7EE2300468787ECFBA7F7C5ED016A04102400449A7D64B29D01008500A907556E6B6E6F776EC906022222CA0DC2190000C91003783634C511C425D2120B770069006E0077006F00720064002E00650078006500C51620C517808004C91808323231322D44656300
(PID) Process:(4804) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:en-US
Value:
2
(PID) Process:(4804) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:de-de
Value:
2
(PID) Process:(4804) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:fr-fr
Value:
2
(PID) Process:(4804) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:es-es
Value:
2
(PID) Process:(4804) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:it-it
Value:
2
(PID) Process:(4804) WINWORD.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:ja-jp
Value:
2
Executable files
20
Suspicious files
195
Text files
84
Unknown types
0

Dropped files

PID
Process
Filename
Type
4804WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\A24D84AA-2E0C-4037-9320-8528FFB0D03Exml
MD5:AD4DDF3899BD901DB247BDCFFA057B46
SHA256:CED6172D75CFF4F509D0EE1B45EFB76CBE2F29BCBF1D4CE45DF81941E7D31736
4804WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Office\16.0\Personalization\Governance\Anonymous\floodgatecampaigns.jsonbinary
MD5:66A78666F5D8A377361D9AF35E89F58E
SHA256:B6E5744D2AF9D19CCE128546B09B176E15C44A15613E91440EC1C6FA26EC8DE4
4804WINWORD.EXEC:\Users\admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lextext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
4804WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Office\16.0\Personalization\Governance\Anonymous\floodgatecampaigns.json.tmpbinary
MD5:66A78666F5D8A377361D9AF35E89F58E
SHA256:B6E5744D2AF9D19CCE128546B09B176E15C44A15613E91440EC1C6FA26EC8DE4
4804WINWORD.EXEC:\Users\admin\AppData\Local\Temp\~$io.elgemayel-In Services.Agreement-YAMPA 832957.docxbinary
MD5:73609FB839D31156B90ED271179DD4B1
SHA256:171B08292F9A728DD5AEF467D2CD16F8A3AB520F0EF632DB73109B7B860ABF42
4804WINWORD.EXEC:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotmbinary
MD5:00F1C23072C5DAFED70C64F462EB551B
SHA256:1226E637414BB20A4E860A05D7802D0519986C8BCEB5BDAF7108639CB0A07599
4804WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbresbinary
MD5:C7FD19D3ABD9BD8F7A7569800A73FFEA
SHA256:04DCF72E1E69D4CEE1A642B387C91D0376C35CB3477230433190C1F7C5153A1A
4804WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbresbinary
MD5:98388B25A1CCC74ADB3B8A9C71FCAEF4
SHA256:432677CD25C01368377E429FCB363A93597CB4C4B819D0FC57E80A7BDC438B65
4804WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttfpi2
MD5:4296A064B917926682E7EED650D4A745
SHA256:E04E41C74D6C78213BA1588BACEE64B42C0EDECE85224C474A714F39960D8083
4804WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\mso9BA1.tmpdocument
MD5:530BF1E658ABBFCFA198617A2012235A
SHA256:D572EA0DAD08284D5A8DE86A64208EAB8820369FC73BAD44BA789F0ECCB46D8E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
24
TCP/UDP connections
133
DNS requests
77
Threats
17

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2120
MoUsoCoreWorker.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
68
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4804
WINWORD.EXE
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
4804
WINWORD.EXE
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl
unknown
whitelisted
3580
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/f300adde-9890-41a1-bfc9-9c80f93f33ec?P1=1728600728&P2=404&P3=2&P4=LQ%2b3gqlJJ0ETZP4c6R8fe%2f8%2fz6Cpx7ikojUCJ%2fT8%2b2J7lYVZ%2fM7YZHid%2foCpOYuyiEYa5Q%2bgiDEg3Xdbx61DDg%3d%3d
unknown
whitelisted
4804
WINWORD.EXE
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
whitelisted
4804
WINWORD.EXE
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
3580
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/f300adde-9890-41a1-bfc9-9c80f93f33ec?P1=1728600728&P2=404&P3=2&P4=LQ%2b3gqlJJ0ETZP4c6R8fe%2f8%2fz6Cpx7ikojUCJ%2fT8%2b2J7lYVZ%2fM7YZHid%2foCpOYuyiEYa5Q%2bgiDEg3Xdbx61DDg%3d%3d
unknown
whitelisted
4804
WINWORD.EXE
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
unknown
whitelisted
3580
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/f300adde-9890-41a1-bfc9-9c80f93f33ec?P1=1728600728&P2=404&P3=2&P4=LQ%2b3gqlJJ0ETZP4c6R8fe%2f8%2fz6Cpx7ikojUCJ%2fT8%2b2J7lYVZ%2fM7YZHid%2foCpOYuyiEYa5Q%2bgiDEg3Xdbx61DDg%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2952
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2120
MoUsoCoreWorker.exe
23.52.120.96:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
4324
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4804
WINWORD.EXE
52.109.32.97:443
officeclient.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
GB
whitelisted
4804
WINWORD.EXE
52.113.194.132:443
ecs.office.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4804
WINWORD.EXE
23.48.23.18:443
omex.cdn.office.net
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
www.microsoft.com
  • 23.52.120.96
  • 95.101.149.131
whitelisted
google.com
  • 142.250.185.238
whitelisted
officeclient.microsoft.com
  • 52.109.32.97
whitelisted
ecs.office.com
  • 52.113.194.132
whitelisted
omex.cdn.office.net
  • 23.48.23.18
  • 23.48.23.30
whitelisted
login.live.com
  • 40.126.32.68
  • 40.126.32.138
  • 40.126.32.76
  • 40.126.32.74
  • 40.126.32.134
  • 40.126.32.72
  • 20.190.160.20
  • 40.126.32.140
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
client.wns.windows.com
  • 40.113.103.199
  • 40.83.240.146
whitelisted
go.microsoft.com
  • 23.213.166.81
  • 184.28.89.167
whitelisted

Threats

PID
Process
Class
Message
6844
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Marketing emails platform (.sendgrid .net)
6844
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Domain chain identified as Phishing (firefy)
6844
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Domain chain identified as Phishing (firefy)
6844
msedge.exe
Misc activity
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
6844
msedge.exe
Misc activity
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
6844
msedge.exe
Misc activity
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
6844
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Fake Microsoft Sign-In Page (Logo Request w/o MSlogin)
6844
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Fake Microsoft Sign-In Page (Logo Request w/o MSlogin)
6844
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Image branding component hosted by Microsoft
6844
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Image branding component hosted by Microsoft
Process
Message
WINWORD.EXE
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
WINWORD.EXE
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
WINWORD.EXE
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Elio.elgemayel-In Services.Agreement-YAMPA 832957.docx