File name:

{Possible Spam } DX1 sales invoice numbered SIN023731.msg

Full analysis: https://app.any.run/tasks/51241a51-b03d-4e63-a795-b161625868e0
Verdict: Malicious activity
Analysis date: September 19, 2019, 10:28:05
OS: Windows 10 Professional (build: 16299, 64 bit)
Indicators:
MIME: application/vnd.ms-outlook
File info: CDFV2 Microsoft Outlook Message
MD5:

C0DED4885F2A18F098B0C2469CEA6BFA

SHA1:

83C0B2A4F613360196FF30B8B2D57C70E5B53D92

SHA256:

AF4E8C39434C261A1C0BB0DEEEAD1D15AB8C609EBD4101CC5C82E2BE90EB0B0B

SSDEEP:

192:PthgzAM3zWoSyY3TAi/IARyuUuRuhu27jNR8R9+7RJ/3RsXhIjQxiA:Fh6AMDbmLY7ZR8R9mAhIjQIA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executed via COM

      • OpenWith.exe (PID: 5856)
      • RuntimeBroker.exe (PID: 6340)
      • MicrosoftEdgeCP.exe (PID: 3060)
      • MicrosoftEdgeCP.exe (PID: 4924)
      • browser_broker.exe (PID: 2060)
      • MicrosoftEdgeCP.exe (PID: 4856)
      • RuntimeBroker.exe (PID: 3308)
      • browser_broker.exe (PID: 6224)
      • MicrosoftEdgeCP.exe (PID: 6160)
      • MicrosoftEdge.exe (PID: 468)
      • MicrosoftEdgeCP.exe (PID: 3988)
      • MicrosoftEdge.exe (PID: 3864)
      • RuntimeBroker.exe (PID: 6920)
      • MicrosoftEdgeCP.exe (PID: 1940)
      • MicrosoftEdgeCP.exe (PID: 1932)

    • Creates files in the user directory

      • OUTLOOK.EXE (PID: 5692)

    • Checks supported languages

      • MicrosoftEdge.exe (PID: 3864)
      • MicrosoftEdge.exe (PID: 468)
      • OpenWith.exe (PID: 5856)

    • Reads the machine GUID from the registry

      • MicrosoftEdgeCP.exe (PID: 1932)
      • MicrosoftEdgeCP.exe (PID: 6160)
      • MicrosoftEdge.exe (PID: 468)
      • browser_broker.exe (PID: 2060)

    • Reads Environment values

      • OUTLOOK.EXE (PID: 5692)

  • INFO

    • Reads the machine GUID from the registry

      • OUTLOOK.EXE (PID: 5692)

    • Reads the software policy settings

      • MicrosoftEdgeCP.exe (PID: 1932)
      • OUTLOOK.EXE (PID: 5692)
      • browser_broker.exe (PID: 2060)
      • MicrosoftEdgeCP.exe (PID: 6160)
      • MicrosoftEdge.exe (PID: 468)

    • Reads settings of System Certificates

      • MicrosoftEdgeCP.exe (PID: 1932)
      • browser_broker.exe (PID: 2060)
      • MicrosoftEdgeCP.exe (PID: 6160)
      • OUTLOOK.EXE (PID: 5692)
      • MicrosoftEdge.exe (PID: 468)

    • Reads Microsoft Office registry keys

      • OUTLOOK.EXE (PID: 5692)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msg | Outlook Message (58.9)
.oft | Outlook Form Template (34.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
120
Monitored processes
16
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start outlook.exe openwith.exe no specs microsoftedge.exe no specs browser_broker.exe runtimebroker.exe no specs microsoftedgecp.exe no specs microsoftedgecp.exe no specs microsoftedgecp.exe no specs microsoftedgecp.exe no specs runtimebroker.exe no specs microsoftedge.exe no specs browser_broker.exe no specs microsoftedgecp.exe no specs microsoftedgecp.exe no specs runtimebroker.exe no specs microsoftedgecp.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
468"C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mcaC:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
11.00.16299.402 (WinBuild.160101.0800)
Modules
Images
c:\windows\systemapps\microsoft.microsoftedge_8wekyb3d8bbwe\microsoftedge.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
1932"C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mcaC:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge Content Process
Exit code:
1
Version:
11.00.16299.402 (WinBuild.160101.0800)
Modules
Images
c:\windows\systemapps\microsoft.microsoftedge_8wekyb3d8bbwe\microsoftedgecp.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\msvcrt.dll
1940"C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mcaC:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge Content Process
Exit code:
0
Version:
11.00.16299.402 (WinBuild.160101.0800)
Modules
Images
c:\windows\systemapps\microsoft.microsoftedge_8wekyb3d8bbwe\microsoftedgecp.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\msvcrt.dll
2060C:\WINDOWS\system32\browser_broker.exe -EmbeddingC:\WINDOWS\system32\browser_broker.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Browser_Broker
Exit code:
2147500037
Version:
11.00.16299.15 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\browser_broker.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\sechost.dll
3060"C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mcaC:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge Content Process
Exit code:
0
Version:
11.00.16299.402 (WinBuild.160101.0800)
Modules
Images
c:\windows\systemapps\microsoft.microsoftedge_8wekyb3d8bbwe\microsoftedgecp.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\msvcrt.dll
3308C:\Windows\System32\RuntimeBroker.exe -EmbeddingC:\Windows\System32\RuntimeBroker.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Runtime Broker
Exit code:
0
Version:
10.0.16299.15 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\runtimebroker.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\sechost.dll
3864"C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mcaC:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
1
Version:
11.00.16299.402 (WinBuild.160101.0800)
Modules
Images
c:\windows\systemapps\microsoft.microsoftedge_8wekyb3d8bbwe\microsoftedge.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
3988"C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mcaC:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge Content Process
Exit code:
0
Version:
11.00.16299.402 (WinBuild.160101.0800)
Modules
Images
c:\windows\systemapps\microsoft.microsoftedge_8wekyb3d8bbwe\microsoftedgecp.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\msvcrt.dll
4856"C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mcaC:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge Content Process
Exit code:
0
Version:
11.00.16299.402 (WinBuild.160101.0800)
Modules
Images
c:\windows\systemapps\microsoft.microsoftedge_8wekyb3d8bbwe\microsoftedgecp.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\msvcrt.dll
4924"C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mcaC:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge Content Process
Exit code:
0
Version:
11.00.16299.402 (WinBuild.160101.0800)
Modules
Images
c:\windows\systemapps\microsoft.microsoftedge_8wekyb3d8bbwe\microsoftedgecp.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\msvcrt.dll
Total events
8 365
Read events
7 368
Write events
934
Delete events
63

Modification events

(PID) Process:(5692) OUTLOOK.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Logging
Operation:writeName:
Value:
C:\Users\admin\AppData\Local\Temp\Outlook Logging\OUTLOOK-20190919T1128370495-v2.etl
(PID) Process:(5692) OUTLOOK.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:delete keyName:
Value:
(PID) Process:(5692) OUTLOOK.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:writeName:BootResolution
Value:
BootSuccess
(PID) Process:(5692) OUTLOOK.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:writeName:ProfileBeingOpened
Value:
Outlook
(PID) Process:(5692) OUTLOOK.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:writeName:SessionId
Value:
A8D02E06-7F60-429E-AE14-BF99173D2779
(PID) Process:(5692) OUTLOOK.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsData
Operation:delete keyName:
Value:
(PID) Process:(5692) OUTLOOK.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Diagnostics
Operation:writeName:OutlookBootFlag
Value:
1
(PID) Process:(5692) OUTLOOK.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ClientTelemetry\Sampling
Operation:writeName:6
Value:
017C11000000001000BE4E402C03000000000000000300000000000000
(PID) Process:(5692) OUTLOOK.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:en-US
Value:
2
(PID) Process:(5692) OUTLOOK.EXEKey:HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:en-US
Value:
1
Executable files
0
Suspicious files
10
Text files
142
Unknown types
12

Dropped files

PID
Process
Filename
Type
3864MicrosoftEdge.exeC:\Users\admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb
MD5:
SHA256:
3864MicrosoftEdge.exeC:\Users\admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm
MD5:
SHA256:
3864MicrosoftEdge.exeC:\Users\admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb
MD5:
SHA256:
5692OUTLOOK.EXEC:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotmpgc
MD5:
SHA256:
5692OUTLOOK.EXEC:\Users\admin\AppData\Local\Temp\.session64binary
MD5:
SHA256:
5692OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\B3B1D48C-0BB4-4B94-B090-8ACB7C7CDFD0xml
MD5:
SHA256:
3864MicrosoftEdge.exeC:\Users\admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chkbinary
MD5:
SHA256:
1932MicrosoftEdgeCP.exeC:\Users\admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XFX9M9IP\EDJH21KJ.htmhtml
MD5:
SHA256:
1932MicrosoftEdgeCP.exeC:\Users\admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\AD2SZ9CR\materialize.min[1].csstext
MD5:
SHA256:
1932MicrosoftEdgeCP.exeC:\Users\admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XFX9M9IP\icon[1].csstext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
106
TCP/UDP connections
93
DNS requests
38
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2676
SearchProtocolHost.exe
GET
204
52.109.8.20:443
https://nexusrules.officeapps.live.com/nexus/rules?Application=searchprotocolhost.exe&Version=7.0.16299.402&ClientId=%7bD61AB268-C26A-439D-BB15-2A0DEDFCA6A3%7d&OSEnvironment=10&MsoAppId=-2&AudienceName=Production&AudienceGroup=Production&AppVersion=7.0.16299.402&
US
whitelisted
5692
OUTLOOK.EXE
GET
200
13.107.3.128:443
https://config.edge.skype.com/config/v1/Office/16.0.11328.20158?&Clientid=%7bD61AB268-C26A-439D-BB15-2A0DEDFCA6A3%7d&Application=outlook&Platform=win32&Version=16.0.11328.20158&MsoVersion=16.0.11328.20156&Audience=Production&Build=ship&Architecture=x64&Language=en-US&SubscriptionLicense=false&PerpetualLicense=2019&Channel=CC&InstallType=C2R&SessionId=%7b873062D3-EFB2-4A70-AAF7-8E8A4BABAF1B%7d&LabMachine=false
US
text
56.6 Kb
malicious
GET
302
31.192.213.23:80
http://es.kuvve.net/class.php
TR
unknown
GET
200
23.20.248.43:443
https://docparser.com/css/fontawesome5/fontawesome-pro-regular.css
US
text
569 b
unknown
5464
svchost.exe
POST
200
40.90.137.124:443
https://login.live.com/RST2.srf
US
xml
9.89 Kb
whitelisted
5692
OUTLOOK.EXE
GET
200
52.109.76.6:443
https://officeclient.microsoft.com/config16/?lcid=1033&syslcid=2057&uilcid=1033&build=16.0.11328&crev=3
IE
xml
107 Kb
whitelisted
GET
200
23.20.248.43:443
https://docparser.com/css/bootstrap.css
US
text
142 Kb
unknown
5692
OUTLOOK.EXE
GET
200
52.109.8.20:443
https://nexusrules.officeapps.live.com/nexus/rules?Application=outlook.exe&Version=16.0.11328.20158&ClientId=%7bD61AB268-C26A-439D-BB15-2A0DEDFCA6A3%7d&OSEnvironment=10&MsoAppId=6&AudienceName=Production&AudienceGroup=Production&AppVersion=16.0.11328.20158&
US
xml
329 Kb
whitelisted
GET
200
23.20.248.43:443
https://docparser.com/css/materialize.min.css
US
text
115 Kb
unknown
5692
OUTLOOK.EXE
POST
200
52.114.158.53:443
https://self.events.data.microsoft.com/OneCollector/1.0/
US
text
52 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5692
OUTLOOK.EXE
13.107.3.128:443
config.edge.skype.com
Microsoft Corporation
US
whitelisted
5464
svchost.exe
40.90.137.124:443
login.live.com
Microsoft Corporation
US
unknown
2676
SearchProtocolHost.exe
13.107.3.128:443
config.edge.skype.com
Microsoft Corporation
US
whitelisted
5692
OUTLOOK.EXE
52.114.158.53:443
self.events.data.microsoft.com
Microsoft Corporation
US
whitelisted
2676
SearchProtocolHost.exe
52.109.8.20:443
nexusrules.officeapps.live.com
Microsoft Corporation
US
whitelisted
31.192.213.23:80
es.kuvve.net
Netinternet Bilisim Teknolojileri AS
TR
unknown
5692
OUTLOOK.EXE
52.109.8.20:443
nexusrules.officeapps.live.com
Microsoft Corporation
US
whitelisted
23.20.248.43:443
docparser.com
Amazon.com, Inc.
US
unknown
151.101.2.110:443
fast.wistia.com
Fastly
US
suspicious
5692
OUTLOOK.EXE
52.109.76.6:443
officeclient.microsoft.com
Microsoft Corporation
IE
whitelisted

DNS requests

Domain
IP
Reputation
config.edge.skype.com
  • 13.107.3.128
malicious
login.live.com
  • 40.90.137.124
  • 40.90.23.154
  • 40.90.23.208
whitelisted
self.events.data.microsoft.com
  • 52.114.158.53
whitelisted
nexusrules.officeapps.live.com
  • 52.109.8.20
whitelisted
es.kuvve.net
  • 31.192.213.23
unknown
officeclient.microsoft.com
  • 52.109.76.6
whitelisted
docparser.com
  • 23.20.248.43
unknown
fonts.googleapis.com
  • 172.217.18.106
  • 172.217.21.234
whitelisted
fast.wistia.com
  • 151.101.2.110
  • 151.101.66.110
  • 151.101.130.110
  • 151.101.194.110
whitelisted
assets.capterra.com
  • 13.32.218.197
  • 13.32.218.243
  • 13.32.218.177
  • 13.32.218.119
shared

Threats

No threats detected
Process
Message
OUTLOOK.EXE
Reminder Queue Starts ===========================:
OUTLOOK.EXE
ReminderQueue: Hrinitialize hr = 0
OUTLOOK.EXE
ReminderQueueBase:InitializeTable hr=0
OUTLOOK.EXE
ReminderQueue: ProcessNotification: End<-----
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
{Possible Spam } DX1 sales invoice numbered SIN023731.msg