analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://drive.google.com/file/d/1XFpk0L_41SYsdEMyH-wVPWmQXSlpdKwN/

Full analysis: https://app.any.run/tasks/c5730db1-f72c-433e-8eba-b0ca64049bfa
Verdict: Malicious activity
Analysis date: April 01, 2023, 13:03:59
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

C3E989D464D8A5252EB644193D96F86B

SHA1:

9EAB1FF2FA09329841160E41362622984E4F57AF

SHA256:

B010EBF377336B2B9406903477DB4B0804D45F0278B14719D1BE3EE8B7B8AB93

SSDEEP:

3:N8PMMtZJuloHjVOVUhEt4WYSrKn:2As03YSrK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads the Internet Settings

      • OUTLOOK.EXE (PID: 2960)
    • Searches for installed software

      • OUTLOOK.EXE (PID: 2960)
  • INFO

    • Reads the computer name

      • OUTLOOK.EXE (PID: 2960)
    • Checks supported languages

      • OUTLOOK.EXE (PID: 2960)
      • Reader_sl.exe (PID: 752)
    • The process checks LSA protection

      • OUTLOOK.EXE (PID: 2960)
      • explorer.exe (PID: 2584)
    • Reads Microsoft Office registry keys

      • OUTLOOK.EXE (PID: 2960)
      • AcroRd32.exe (PID: 4092)
    • Application launched itself

      • iexplore.exe (PID: 2668)
      • AcroRd32.exe (PID: 3808)
      • AcroRd32.exe (PID: 3148)
      • RdrCEF.exe (PID: 3248)
    • The process uses the downloaded file

      • iexplore.exe (PID: 2668)
      • OUTLOOK.EXE (PID: 2960)
    • Create files in a temporary directory

      • iexplore.exe (PID: 2668)
      • OUTLOOK.EXE (PID: 2960)
    • Reads the machine GUID from the registry

      • OUTLOOK.EXE (PID: 2960)
    • Process checks computer location settings

      • OUTLOOK.EXE (PID: 2960)
    • Checks proxy server information

      • OUTLOOK.EXE (PID: 2960)
    • Creates files or folders in the user directory

      • OUTLOOK.EXE (PID: 2960)
    • Manual execution by a user

      • explorer.exe (PID: 2584)
      • WinRAR.exe (PID: 1700)
      • AcroRd32.exe (PID: 3808)
      • WinRAR.exe (PID: 1184)
      • WinRAR.exe (PID: 2496)
      • AcroRd32.exe (PID: 3148)
    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1700)
      • WinRAR.exe (PID: 2496)
      • AdobeARM.exe (PID: 3668)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
72
Monitored processes
23
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe outlook.exe explorer.exe no specs winrar.exe winrar.exe winrar.exe no specs acrord32.exe acrord32.exe no specs rdrcef.exe rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs rdrcef.exe no specs iexplore.exe adobearm.exe reader_sl.exe no specs acrord32.exe no specs acrord32.exe no specs rdrcef.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2668"C:\Program Files\Internet Explorer\iexplore.exe" "https://drive.google.com/file/d/1XFpk0L_41SYsdEMyH-wVPWmQXSlpdKwN/"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\iertutil.dll
3140"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2668 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2960"C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE" /eml "C:\Users\admin\Downloads\phishing9-23c5c7702b9c56a319eb58426fa691c8.eml"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Outlook
Version:
14.0.6025.1000
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\microsoft office\office14\outlook.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
2584"C:\Windows\explorer.exe" C:\Windows\explorer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1700"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\documentation.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2496"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\documentation.zip" C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
1184"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Documents\documentation.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\lpk.dll
c:\windows\system32\comdlg32.dll
3808"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\admin\Documents\Agenda21.pdf"C:\Program Files\Adobe\acrobat reader dc\Reader\AcroRd32.exe
explorer.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe Acrobat Reader DC
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
4092"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer "C:\Users\admin\Documents\Agenda21.pdf"C:\Program Files\Adobe\acrobat reader dc\Reader\AcroRd32.exeAcroRd32.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe Acrobat Reader DC
Version:
20.13.20064.405839
Modules
Images
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
3248"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
AcroRd32.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Version:
20.13.20064.405839
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\adobe\acrobat reader dc\reader\acrocef\rdrcef.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
Total events
105 542
Read events
103 968
Write events
1 498
Delete events
76

Modification events

(PID) Process:(2668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(2668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(2668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(2668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2668) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
6
Suspicious files
408
Text files
124
Unknown types
60

Dropped files

PID
Process
Filename
Type
3140iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_F21BF538BAEA56C2FC86EE4A4D9AD2BFder
MD5:02DDC021542AADB090AA31099F7B9267
SHA256:DCCA0F6C051C27F611B9E51981FB34BD0C82A317C2E3AE3412EC6DE80C596D24
3140iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAder
MD5:F38ABED7C0362F77808F7E0C5AEDC8DF
SHA256:8F39EE855DFC4B0A19406C5A3109222CF09FE1ABF3A56577E8D0EB29FECC9C20
3140iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAbinary
MD5:73CE5A55F4ADCB56B8E0C4799AC83144
SHA256:A4591C83F552581139035333A567F9394C412580DB1850C2CAFA24770569591C
3140iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:AC489F824715FF2AAA60C9E154E6BA15
SHA256:9A0F597CEAD01841D085F6566BBE0D15E928B659BB9A7FDF1FFFCD965F7A2352
3140iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\TO6VQ3HU.txttext
MD5:56915706753B183C8904A50F1293265F
SHA256:D1AA6B8B17096C7E00CF0B7BC03C82DE01643A972637F6ADB753DE5B1A451588
3140iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_1CB3B26D4404CE9B58DF976169FD358Eder
MD5:FF36EC2657D8EE3B0F78D0A8B2BC9C96
SHA256:7C6A6029F3D8B5C88C0D52CFA1D8A6D79FE57080CBD88951CE40456D1AE214E0
3140iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\edit[1].htmhtml
MD5:814BCE72BDC75F44ACE61AEB9574AA21
SHA256:F0A64E412B27397C5B0DDB8086851F2C10C901803CBAC51A5E243A3A3DADAB91
3140iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_AA1ADD4071D073F3048022453A5FE061binary
MD5:1F335ACACD5E7C8C8BB712D3D8D0BBCE
SHA256:F45A83120E60C4E73FF7D3332351409BE994C7A859BDC67B7E022A1C32639722
3140iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_1CB3B26D4404CE9B58DF976169FD358Ebinary
MD5:A30F689E918F9D9430C349A3D2475F7F
SHA256:6AC98077A95B25319FC99EE2574E1DAB1C3E59871E73F506A553A70D8AB50228
3140iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_F21BF538BAEA56C2FC86EE4A4D9AD2BFbinary
MD5:C9F4BBD0AC0C066BBCF161C0C515AE36
SHA256:6F3CAB2344CCBB2C20B8D59EBF8B4D5B1EB322ACC469B5B083B72796B63E6F01
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
19
TCP/UDP connections
65
DNS requests
34
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3140
iexplore.exe
GET
200
142.250.185.195:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQDP0V3EgcJtXxJEXyOb6vmJ
US
der
472 b
whitelisted
2668
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D
US
der
1.47 Kb
whitelisted
3140
iexplore.exe
GET
200
178.79.242.11:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?fc4f2c2fe9f59e56
DE
compressed
4.70 Kb
whitelisted
3140
iexplore.exe
GET
200
178.79.242.11:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?884ff7ffd71a194f
DE
compressed
4.70 Kb
whitelisted
3140
iexplore.exe
GET
200
142.250.185.195:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEEX8DsGwm267CjwDOorEaJk%3D
US
der
471 b
whitelisted
3140
iexplore.exe
GET
200
142.250.185.195:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
der
1.41 Kb
whitelisted
3140
iexplore.exe
GET
200
142.250.185.195:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEGuOw5S%2FgZeuCs2W38ctSDs%3D
US
der
471 b
whitelisted
2960
OUTLOOK.EXE
GET
64.4.26.155:80
http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig
US
whitelisted
3140
iexplore.exe
GET
200
142.250.185.195:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEFwMawXF47e0CuAYa1GCMjM%3D
US
der
471 b
whitelisted
2056
iexplore.exe
GET
192.147.130.80:80
http://supportdownloads.adobe.com/detail.jsp?ftpID=6839
US
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3140
iexplore.exe
142.250.185.195:80
ocsp.pki.goog
GOOGLE
US
whitelisted
3140
iexplore.exe
142.250.186.35:443
www.gstatic.com
GOOGLE
US
whitelisted
3140
iexplore.exe
142.250.185.138:443
fonts.googleapis.com
GOOGLE
US
whitelisted
3140
iexplore.exe
172.217.18.14:443
GOOGLE
US
whitelisted
2668
iexplore.exe
204.79.197.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3140
iexplore.exe
142.250.186.131:443
fonts.gstatic.com
GOOGLE
US
whitelisted
3140
iexplore.exe
178.79.242.11:80
ctldl.windowsupdate.com
LLNW
DE
suspicious
2668
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
3140
iexplore.exe
172.217.16.206:443
apis.google.com
GOOGLE
US
whitelisted
3140
iexplore.exe
142.250.186.138:443
content.googleapis.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
ctldl.windowsupdate.com
  • 178.79.242.11
whitelisted
ocsp.pki.goog
  • 142.250.185.195
whitelisted
fonts.googleapis.com
  • 142.250.185.138
whitelisted
www.gstatic.com
  • 142.250.186.35
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
fonts.gstatic.com
  • 142.250.186.131
whitelisted
apis.google.com
  • 172.217.16.206
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
ssl.gstatic.com
  • 142.250.185.67
whitelisted

Threats

PID
Process
Class
Message
860
svchost.exe
Potentially Bad Traffic
ET INFO TLS Handshake Failure
No debug info