File name:

Lindenmeyr Remittance Advice Note - ACH_EFT47-8029 [Internal-Use] on July 1, 2025.eml

Full analysis: https://app.any.run/tasks/904580b3-bb49-409d-8c8f-b6a6e7e2c16e
Verdict: Malicious activity
Analysis date: July 02, 2025, 13:09:30
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
attachments
attc-pdf
qrcode
phishing
phish-url
pdf-secudoc
phishing
phishing-ml
Indicators:
MIME: message/rfc822
File info: RFC 822 mail, ASCII text, with CRLF line terminators
MD5:

A5BC6FF9C356147B8D717776496C46F6

SHA1:

D9FA2FE49F45734F5E00F38D971C898CA95A96FD

SHA256:

A68D407EB6B0BC40E044FA7840E0925D33C4AB6301CC004D82F429C48B738962

SSDEEP:

1536:M1O+CurvkieQWGLvQ/catavmFwYBgmJPX9ENCV29KN65379gYFEs:eONUwGLY/cGa+FwWgsXSUuKs53nf

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Detects suspicious words and phrases in PDF content (generic)

      • OUTLOOK.EXE (PID: 4192)

    • PHISHING has been detected (SURICATA)

      • svchost.exe (PID: 2200)

  • SUSPICIOUS

    • There is functionality for taking screenshot (YARA)

      • AcroCEF.exe (PID: 7288)

  • INFO

    • Reads security settings of Internet Explorer

      • OpenWith.exe (PID: 5184)

    • Reads Microsoft Office registry keys

      • OpenWith.exe (PID: 5184)
      • firefox.exe (PID: 8100)
      • Acrobat.exe (PID: 888)

    • Manual execution by a user

      • firefox.exe (PID: 8080)

    • Application launched itself

      • firefox.exe (PID: 8100)
      • Acrobat.exe (PID: 5352)
      • firefox.exe (PID: 8080)
      • AcroCEF.exe (PID: 2320)

    • Checks proxy server information

      • slui.exe (PID: 2876)

    • Executable content was dropped or overwritten

      • firefox.exe (PID: 8100)

    • The sample compiled with english language support

      • firefox.exe (PID: 8100)

    • Reads the software policy settings

      • slui.exe (PID: 2876)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.eml | E-Mail message (Var. 5) (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
179
Monitored processes
38
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start outlook.exe ai.exe no specs openwith.exe no specs acrobat.exe acrobat.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs slui.exe firefox.exe no specs firefox.exe no specs #PHISHING svchost.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
504"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 2676 -prefsLen 39015 -prefMapHandle 4840 -prefMapSize 272997 -jsInitHandle 4804 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 5040 -initialChannelId {52ac6e84-1f80-4572-860a-4f9282bf7fea} -parentPid 8100 -crashReporter "\\.\pipe\gecko-crash-server-pipe.8100" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
888"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" --type=renderer /prefetch:1 "C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\025GS471\Remittance ADVICE_sstone@lindenmeyr.com_5939.pdf"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeAcrobat.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe Acrobat
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrobat.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
892"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=gpu-process --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --lang=en-US --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2628 --field-trial-handle=1624,i,15599230867745897607,14911891757749866523,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Exit code:
0
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1192"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5600 -prefsLen 39385 -prefMapHandle 5604 -prefMapSize 272997 -jsInitHandle 5608 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 5584 -initialChannelId {59a2f156-e182-43b5-976e-8805d6708cf9} -parentPid 8100 -crashReporter "\\.\pipe\gecko-crash-server-pipe.8100" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 10 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\vcruntime140_1.dll
c:\windows\system32\msvcp140.dll
1740"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1624,i,15599230867745897607,14911891757749866523,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1948"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 2588 -prefsLen 39385 -prefMapHandle 5464 -prefMapSize 272997 -jsInitHandle 4724 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 2820 -initialChannelId {45b228a9-8d2e-4e86-b980-3c7b84ab56be} -parentPid 8100 -crashReporter "\\.\pipe\gecko-crash-server-pipe.8100" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 12 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\vcruntime140_1.dll
c:\windows\system32\bcrypt.dll
2200C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2320"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16514043C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcrobat.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
2492"C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exe" "69D03A91-1EB7-48D4-BC6D-FC9EFFE49745" "304C979A-2ED2-4A42-A237-AF41A43EA71B" "4192"C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exeOUTLOOK.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Artificial Intelligence (AI) Host for the Microsoft® Windows® Operating System and Platform x64.
Version:
0.12.2.0
Modules
Images
c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\ai.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\common files\microsoft shared\clicktorun\appvisvsubsystems64.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\program files\common files\microsoft shared\clicktorun\c2r64.dll
c:\windows\system32\ole32.dll
c:\windows\system32\sechost.dll
2804"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 2288 -prefsLen 39661 -prefMapHandle 2640 -prefMapSize 272997 -jsInitHandle 4448 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 5684 -initialChannelId {2bdc8dd9-916d-400f-963c-4c9ef0c14fb2} -parentPid 8100 -crashReporter "\\.\pipe\gecko-crash-server-pipe.8100" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 18 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\vcruntime140_1.dll
c:\windows\system32\bcrypt.dll
Total events
47 826
Read events
47 229
Write events
510
Delete events
87

Modification events

(PID) Process:(4192) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\GracefulExit\OUTLOOK\1644
Operation:delete valueName:0
Value:
ซ渐�꿃僁赇臢섙䘱醛ꂾ樁င$驄摽鶲…ީ湕湫睯쥮Ȇ∢්ł¢ᣂ숁씀褎예ﴏ�뾙뚠ǭ჉砃㐶ᇅ೬ዒ漋甀琀氀漀漀欀⸀攀砀攀씀‖ៅ肀줄࠘㈲㈱䐭捥
(PID) Process:(4192) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\GracefulExit\OUTLOOK\1644
Operation:delete keyName:(default)
Value:
(PID) Process:(4192) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\4192
Operation:writeName:0
Value:
0B0E10E4D9070440B0B947B0C66931AC0DEEC7230046B6F984FDA8EAFAED016A04102400449A7D64B29D01008500A907556E6B6E6F776EC906022222CA0DC2190000C50E8908C91003783634C511E020D2120B6F00750074006C006F006F006B002E00650078006500C51620C517808004C91808323231322D44656300
(PID) Process:(4192) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
Operation:writeName:SessionId
Value:
0407D9E4-B040-47B9-B0C6-6931AC0DEEC7
(PID) Process:(4192) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
Operation:delete valueName:BootFailureCount
Value:
(PID) Process:(4192) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046
Operation:writeName:00030429
Value:
09000000
(PID) Process:(4192) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
Operation:writeName:ProfileBeingOpened
Value:
Outlook
(PID) Process:(4192) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046
Operation:writeName:00030397
Value:
60000000
(PID) Process:(4192) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
Operation:writeName:1
Value:
4D736F3A3A436865636B73756D52656769737472793A3A446174617C75696E7436345F747C323334303733373732353230303233393431343B456373436F6E666967526573706F6E7365446174617C7B202256657222203A2022696E7433325F747C30222C2022436F6E6649647322203A20227374643A3A77737472696E677C502D522D313039383135382D312D352C502D522D37363735372D312D322C502D522D32363134362D352D31372C502D442D32393633352D312D312C502D442D32373038372D312D392C502D522D37393638382D312D332C502D582D313035363139362D322D332C502D522D313037353533392D342D362C502D522D313036353130332D342D352C502D522D313034303537342D342D382C502D522D313032313439312D342D342C502D522D313032303733302D322D31302C502D522D313031393539312D342D342C502D522D313030343536312D342D342C64686965643636303A3434383338312C502D582D39383531382D362D392C502D582D313036313437302D322D332C502D582D313032313936352D312D372C502D582D313032313936382D322D332C502D582D37333633392D312D352C502D522D313037383237352D342D372C502D522D313037363531382D342D362C502D522D313036393531352D342D362C502D522D313032353434342D342D352C502D522D33333737342D36342D3235302C626C6F636B6564677261706869637361646170746572353A3437353839392C66653635313636373A3336313635382C37326838623835393A3238343430302C38306562633336353A3236353636392C61696764693533333A3338303138352C502D522D35383634302D312D332C502D582D37343731382D312D392C502D522D313037343034382D362D372C502D522D33353039392D322D342C6175656E613732343A3537373735332C502D522D313038313433312D382D362C502D522D313035333437382D382D352C502D522D33343834332D342D362C502D582D37313237342D312D372C502D522D33333832322D31342D36362C502D522D34353438332D31362D35332C502D522D35303731372D31382D36302C502D522D38373538372D342D342C502D522D37353036392D312D332C502D522D37353030312D312D332C502D522D36383135322D31382D32312C502D522D35323331362D31382D33372C502D522D34393136322D31382D31332C502D522D34393136312D31382D31332C502D522D34303235332D362D31392C502D522D34303235342D362D31382C502D522D33353430312D362D372C502D522D33323130372D32322D32322C636C70726F3130353A3436363736322C502D582D3130393138392D312D352C502D582D313030333535362D312D352C502D522D35383236362D34382D33392C502D522D32343938302D382D34382C502D522D31383237392D322D36352C63753637333A3332353936392C63756973663436343A3434363635342C502D582D313033363930382D312D332C502D522D3131333931352D382D372C502D522D35323938322D31382D33342C502D522D35313134352D322D372C67356234623530373A3238363035352C502D582D313031323533332D312D352C502D522D313036393430352D342D382C502D522D313035303139342D33322D32312C502D522D34313034362D32322D38332C64696173793933323A3237333238302C502D582D313037373139382D322D352C502D582D313034383430382D322D352C502D582D38353335392D312D31332C502D582D38393031322D312D31312C502D522D313036313635312D382D362C502D522D313034323432302D342D332C502D522D313033363136342D342D372C502D522D3131333530382D382D362C502D522D39353631362D382D352C502D522D37393631362D312D332C502D522D37373632312D312D332C502D522D37373230342D312D332C502D522D37363130372D312D332C502D522D37343333342D312D332C502D522D37343433392D312D332C502D522D37333634322D312D332C502D522D36383933382D312D362C502D522D36323837352D322D342C502D522D36303537392D322D322C502D522D36303333332D312D332C502D522D35383130372D322D322C502D522D35353734332D312D332C502D522D35313935382D312D352C502D522D33383038352D31322D392C502D522D33353338392D31382D33382C75736570726570726F63743A3337333738382C7573657632656E64706F696E7474726561746D656E743A3333333939332C6E617469766577696E333272646C3A3138363734342C646F6373686F6D6570616765736561726368656E61626C65616767726567617465646D7275736561726368736F757263653A3137353733392C502D522D313033343136392D31302D372C502D582D313037383537362D322D332C502D582D313035393131312D312D332C502D582D38303734322D312D31312C502D582D39333738372D332D31312C502D582D313035363137372D322D332C502D582D37393936312D312D372C502D582D313033333335362D322D332C502D582D39393034342D312D332C502D582D39363134312D312D332C502D452D32383637372D322D332C502D522D35353132322D382D382C502D522D35303235352D31302D392C502D522D34353331342D31302D31362C37393332313738393A3335353439302C336A6768393438383A3337353232372C6578706F773334343A3337353535352C65787069766F746E6F6E64657374727563746976656175746F67726F75703A3338373137392C69393268333737303A3333363131342C657861766F3833333A3234393839332C736D617274726563616C632D74726561746D656E743A3433313131322C6D6F6465726E62726F777365726F617574686469616C6F673A3230383934332C65786973723434383A3230383933342C502D582D313234303832332D312D332C502D452D33383233312D43312D342C502D522D313234353636322D31352D342C502D522D3130383334322D31342D31372C502D522D39353232352D31342D31372C502D522D39343636312D31342D31332C502D522D39343536302D31342D31322C502D522D39343138392D31342D31332C502D522D39333838322D31342D32362C502D522D36313134372D4331372D322C502D522D35343732382D31362D32332C502D522D35343639382D31362D31362C502D522D35343635382D31382D31392C502D522D34303034392D322D32392C502D522D33383330362D4331372D332C502D522D33343031392D342D332C77696E333264657669636563616E6172793A3534313438332C77696E333264657669636563616E6172793A3534313438332C502D582D313035313539312D312D352C502D582D313030373237342D332D31372C502D582D313030373237352D31332D34352C502D582D38353839362D312D31392C502D582D39313739302D312D352C502D582D313031343433312D312D372C502D582D3131363131352D312D392C502D582D3130373539352D312D352C502D582D36313130322D332D31312C502D582D35313236322D312D31312C502D582D35323539312D312D31312C502D582D39383636352D312D392C502D582D39383635352D312D352C502D582D38343436342D312D352C502D582D35343335382D312D372C502D582D35333937352D332D392C502D582D36393138392D312D372C502D582D35363237342D312D392C502D582D36333133342D312D372C502D582D35383637382D312D352C502D582D35353833322D312D362C502D582D35363134372D312D352C502D582D35363135342D312D352C502D582D35343231322D312D352C502D522D313535343133302D342D352C502D522D313535343132372D342D352C502D522D313535343132322D342D362C502D522D313037343833392D382D352C502D522D313037343430372D382D352C502D522D313037343033302D382D342C502D522D313037323332362D382D362C502D522D313036323835322D382D392C502D522D313035333236392D382D352C502D522D39353038322D382D352C502D522D39333937302D382D342C502D522D36393036352D312D332C502D522D35393139332D312D332C502D522D34353630392D31342D362C502D522D34353139372D322D362C502D522D34303938302D31382D31362C502D522D33393032392D352D31382C502D522D33353136352D322D372C502D522D32393830392D312D372C502D522D32363936382D332D392C502D522D31383432352D382D36322C502D522D31383432362D352D33302C502D522D31383432342D342D33342C502D442D313130393930372D342D31322C686E6C6162656C3A3630333036372C686E656469746F72733A3531383233342C356D696E31306D696E5F31306D696E6772616365706572696F643A3531373738392C66696C69733436363A3733363730322C66696D6F633234383A3139333439312C62657474657262726561646372756D62733A3439303833362C6669616C6C3139383A3439383838372C66696261633936373A3630383537312C66697465733231373A3136313436382C66697265663334363A33343532352C66696D6F633538393A32383937392C6772617068617069666F726F64656E61626C6564726F6C6C6F75743A3339343135362C6F6E656472697665636F6E76657267656E6365656E6C69676874656E6564726F6C6C6F75743A3135393033382C66696F6D693239333A3131383038312C6669656E613934373A33303633352C66697374613430373A36313032372C6669656E613930333A36353934342C66696461763236353A35353033352C66696361633834313A34393636342C6669656E613431353A33383738302C6669656E613439303A33343138312C72656D6F74656D6F76656465766963653A34323530302C6669656E613237363A34313030342C6669656E613338313A34393939372C502D582D313032303335332D312D372C502D522D313233363533302D382D322C502D522D313037383537312D31382D382C502D522D313034363334302D31382D31352C502D522D313033343131382D31382D32302C502D522D313032363335342D31382D32312C502D522D36313730372D33362D32382C502D522D35333534352D342D352C502D522D34393733362D362D32322C502D522D33303038352D312D392C502D522D32353135372D382D31342C502D522D32343336332D362D31332C502D522D31393831342D312D36322C502D522D31393031322D312D35372C666C656E613231343A3532363832342C666C656E613231343A3532363832342C502D582D313032343434382D312D332C30356269353338323A3430333333312C502D582D313035363435362D322D31312C502D582D313031383536342D332D392C502D582D313032303539372D312D372C502D582D313030393332392D312D372C502D582D313031313434322D312D31312C502D582D313031393633322D312D332C502D582D313031353535342D312D352C502D582D313031303331342D312D352C502D582D3130383336342D312D332C502D582D37373734322D312D352C502D582D38363339352D312D352C502D582D38343332312D312D352C502D582D35303232302D312D332C502D582D34393733302D312D332C502D522D313034333838352D362D362C502D522D313031343435322D382D382C502D522D36343834312D32322D31352C502D522D36333130302D32382D31302C502D522D35323033382D32382D31382C502D522D34303939302D31322D31352C502D522D33323734342D31342D31352C502D522D33323734312D33322D31362C502D522D32383735312D322D32302C69693435373531323A3434393137382C6272616B696E67736B703A3338383633312C6772616C743139333A3431313231352C6772616C743232323A3334353534372C67726766783930363A3432333930352C67723233343A3433343331362C6772736B693435353A3537383535332C67723331323A3631333334312C67723337303A3538333038372C677264656C3334373A3132373632382C67727376673936303A3435323639302C67727573653434343A3132343039312C67727573653438383A3537303335382C677269636F3430363A31393737372C502D582D3130353838392D312D352C32346139333336353A3134373734372C502D522D35303432392D31382D382C502D522D33363533392D31302D352C502D522D32343038342D312D31362C502D582D313535393535332D312D332C502D582D313034393232352D312D332C502D582D313033333336302D312D352C502D582D313033333335352D312D332C502D582D313031313137332D312D352C502D522D313537363838342D31332D31342C502D522D313434353932342D382D362C502D522D313130313038312D382D352C502D522D313037373631302D382D352C502D522D313032363534322D382D342C502D522D313032313732352D31382D35302C502D522D35333432312D32382D31342C502D522D34303437352D32382D32382C502D522D33353938352D31342D32332C502D522D33323030342D322D352C37613961633834303A3736333637322C39373935633332303A3335393832302C32646262623537393A3238363232352C69383364613438393A3338383033382C69643539323A3238383731342C502D582D38383033352D312D352C6C616C616E3233313A3134303738312C502D582D313237363530392D312D352C502D582D313033393636392D312D392C502D582D313035363637392D312D362C502D582D313031323534332D342D32352C502D582D3130333738362D312D332C502D522D313238303432352D31332D31372C502D522D36313234382D31382D372C502D522D35313939352D31382D32382C502D522D33323433382D31352D35352C69306437363937303A3539383638392C31343530373439353A3430363034302C6C6F6F705F6761726F6C6C6F75743A3431303034392C65663635393538383A3430343732312C6C656973753732343A3631303738342C502D582D313034343531342D322D372C502D582D313036313732332D322D352C502D582D313037363235322D312D362C502D582D313034393634392D322D352C502D582D313034373731352D322D372C502D582D313031343139352D342D31392C502D582D313032363133312D322D352C502D582D313032373931332D312D31312C502D582D313031373734352D382D31342C502D582D38303736372D312D33372C502D582D3130383634332D322D372C502D582D313030393034382D312D392C502D582D39353630352D322D332C502D522D313035383637352D382D342C502D522D313033363537362D342D342C502D522D39383131302D342D352C502D522D37393936332D312D322C502D522D36303831362D31302D31392C502D522D35313736342D312D342C502D522D34323339322D322D342C502D522D33393037332D312D352C70697063687962726964743A3333363236352C326766396A3631383A3336323439302C396A6734633839333A3335373434342C34676839653230353A3438333737382C363135316A3631333A3434373631392C67643868383735353A3331373939302C6A6A3035303832373A3234353136322C61306537323236393A3332323039342C37673633363833323A3236383639382C65396268363531353A3234343439392C37366534673937353A3332343937392C6C693533303A3537313939352C67306864303232313A3435303335352C502D522D313132333337362D31302D31342C502D522D313030393835352D31322D31342C502D522D39383835362D31382D34382C502D522D313036313233392D382D362C502D522D34333438392D33302D31352C502D522D33383431302D31322D32332C502D582D313239313234362D322D332C502D582D313236343332372D312D392C502D582D313032313731342D322D352C502D582D313032373135362D312D372C502D582D313031323836352D312D352C502D582D313036313138302D322D372C502D582D313037313733392D312D332C502D582D313036363534362D312D31332C502D582D38393837382D312D352C502D582D313035303032352D312D31312C502D582D313035303636352D332D372C502D582D313034313735362D322D352C502D582D313032313432332D322D352C502D582D313031393538312D312D332C502D582D313030363137342D312D352C502D582D3131383230392D312D332C502D582D35313735392D312D332C502D522D313536353432382D322D332C502D522D313533343538302D382D322C502D522D313532363931352D382D332C502D522D313234393337302D342D352C502D522D313039343131352D342D342C502D522D313038393139322D362D352C502D522D313031373036362D342D352C502D522D3131373934312D342D342C502D522D35393533342D312D332C502D522D35343535372D312D332C63683337313137393A3630303339362C33326535613931333A3538333337322C64633031373739383A3533373631302C31323568373933353A3335313834372C6361726574706F736974696F6E6368616E6765643A3339343139362C38376A61613633343A3336383734362C3866316A663234323A3638313635382C62656C6F776F70656E646976696465723A3534323535372C6F6575696C3832303A3332363132342C726573706563746C6F6F707374796C653A3639313535392C6F65656E61626C656F73666964656E746974796D616E616765723A3434393931392C67623038643735323A3239323132322C65333931323438393A3338393436372C6F656D69633633393A3339373735332C6F65616C6C3834333A3337353838372C6F65666C753433343A3332313933392C6F656D61633335383A32303530322C726573706563746C6F6F707374796C653A3639313535392C502D522D37313336302D31382D31392C502D582D37363535352D312D332C6F6E6D61703336363A38313734302C502D442D313437363534302D312D332C502D442D313234383335302D332D332C502D442D313232303436342D392D352C502D442D313033303630312D332D332C502D442D313135373731372D312D332C502D442D313134393433362D312D332C502D442D313133313332392D362D372C502D442D313131303935362D342D332C502D442D313038343536352D332D332C502D442D313037333031342D352D332C502D442D313035393333322D322D342C502D442D313034323830332D322D342C502D442D313033373534312D372D362C502D442D313033333339312D322D342C502D442D313033313531322D312D332C502D442D313033313531302D312D332C502D442D313033313530392D312D332C502D442D313033313530382D312D332C502D442D313033313436302D312D332C502D442D313033313435362D322D342C502D442D313033313435352D312D332C502D442D313033313435342D312D332C502D442D313033313435332D312D332C502D442D313033313435322D312D332C502D442D313033313435312D312D332C502D442D313033313435302D312D332C502D442D313033313434392D312D332C502D442D313033313434382D312D332C502D442D313033313434372D312D332C502D442D313033313434362D312D332C502D442D313033313337332D312D332C502D442D313033313035302D342D332C502D442D313033313032322D312D332C502D442D313033313031382D312D332C502D442D313033313031322D312D332C502D442D313033303936342D312D332C502D442D313033303936332D312D33
(PID) Process:(4192) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData
Operation:writeName:ChunkCount
Value:
uint64_t|0
Executable files
4
Suspicious files
304
Text files
97
Unknown types
123

Dropped files

PID
Process
Filename
Type
4192OUTLOOK.EXEC:\Users\admin\Documents\Outlook Files\Outlook1.pst
MD5:
SHA256:
888Acrobat.exeC:\Users\admin\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTINGmp3
MD5:DC84B0D741E5BEAE8070013ADDCC8C28
SHA256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
2320AcroCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.oldtext
MD5:2EF1F7C0782D1A46974286420D24F629
SHA256:D3A9BB7E09E1F4B0C41FF7808E930DDACF5DB3BACD98ECCF5BC7DB4863D1FCF5
4192OUTLOOK.EXEC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04binary
MD5:CC9DB3D1C9EB6C65C350B1FCC1F02EA4
SHA256:F43C137AE6CA40B572ED7FED8DDF734DAAFF5748B9740268C27ED8540FE805A1
2320AcroCEF.exeC:\Users\admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF177e38.TMPtext
MD5:D012E5B4EB91B61F6E8AE2F8EC3C623E
SHA256:1BDA750084F20306722008016420E1912BA608CA8EFB9C661F7E7EFCF5E89673
4192OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\025GS471\Remittance ADVICE_sstone@lindenmeyr.com_5939 (002).pdfpdf
MD5:C0883552B1E8E1C1FB2C9D86B9BADEB9
SHA256:36FD63C7951A2F5B3F5FECA1DB48E95758883F5C8D87905A2FCF973E12C1A081
4192OUTLOOK.EXEC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04der
MD5:1BC8FC49F696C5B8AFEEFD1B674E0670
SHA256:D85A7DC8E5373298A300CB15C7C72325A76ED356E95091B6BBC06828BCEC9B50
4192OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\025GS471\Remittance ADVICE_sstone@lindenmeyr.com_5939.pdf:Zone.Identifiertext
MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
SHA256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
4192OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\025GS471\Remittance ADVICE_sstone@lindenmeyr.com_5939.pdfpdf
MD5:C0883552B1E8E1C1FB2C9D86B9BADEB9
SHA256:36FD63C7951A2F5B3F5FECA1DB48E95758883F5C8D87905A2FCF973E12C1A081
4192OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_TableViewPreviewPrefs_2_92D9DC46AE2D48488138E08332D2A850.datxml
MD5:0E092DB99AEE99FDFF9B5B222C732CFD
SHA256:D1614AD99ADED9F6F5C1BE7FE7FFA5124BD04A526580DA3818EA8A954E852AA6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
27
TCP/UDP connections
94
DNS requests
149
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7020
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1268
svchost.exe
GET
200
23.216.77.30:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4192
OUTLOOK.EXE
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
5352
Acrobat.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAfy81yHqHeveu%2FpR5k1Jb0%3D
unknown
whitelisted
1268
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7968
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7968
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
8100
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
8100
firefox.exe
POST
200
172.217.18.3:80
http://o.pki.goog/s/wr3/k58
unknown
whitelisted
8100
firefox.exe
POST
172.217.18.3:80
http://o.pki.goog/we2
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5944
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
1268
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1328
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4192
OUTLOOK.EXE
52.123.129.14:443
ecs.office.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
whitelisted
4192
OUTLOOK.EXE
23.50.131.86:443
omex.cdn.office.net
Akamai International B.V.
DE
whitelisted
4192
OUTLOOK.EXE
52.111.232.11:443
messaging.lifecycle.office.com
MICROSOFT-CORP-MSN-AS-BLOCK
JP
whitelisted
1268
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
23.216.77.30:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 40.127.240.158
  • 51.104.136.2
whitelisted
google.com
  • 142.250.184.206
whitelisted
ecs.office.com
  • 52.123.129.14
  • 52.123.128.14
whitelisted
omex.cdn.office.net
  • 23.50.131.86
  • 23.50.131.87
whitelisted
messaging.lifecycle.office.com
  • 52.111.232.11
whitelisted
crl.microsoft.com
  • 23.216.77.30
  • 23.216.77.6
  • 23.216.77.38
  • 23.216.77.19
  • 23.216.77.36
  • 23.216.77.18
  • 23.216.77.25
  • 23.216.77.35
  • 23.216.77.28
whitelisted
www.microsoft.com
  • 23.35.229.160
  • 95.101.149.131
whitelisted
login.live.com
  • 20.190.159.71
  • 20.190.159.64
  • 20.190.159.129
  • 20.190.159.73
  • 20.190.159.2
  • 40.126.31.69
  • 40.126.31.1
  • 40.126.31.67
whitelisted
ocsp.digicert.com
  • 2.17.190.73
  • 2.23.77.188
whitelisted
self.events.data.microsoft.com
  • 20.189.173.13
  • 13.89.179.10
whitelisted

Threats

PID
Process
Class
Message
2200
svchost.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing Domain (casa-de-descanso-arc .com)
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Lindenmeyr Remittance Advice Note - ACH_EFT47-8029 [Internal-Use] on July 1, 2025.eml