analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

phish_alert_sp2_2.0.0.0.eml

Full analysis: https://app.any.run/tasks/22b6b9e6-672d-44ec-bb6c-950bfa3d8eed
Verdict: Malicious activity
Analysis date: August 12, 2022, 16:21:10
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: message/rfc822
File info: RFC 822 mail, ASCII text, with very long lines, with CRLF line terminators
MD5:

24F558C2B5F624CA75B2F2FDAC6C0AB6

SHA1:

B7B0A02759F77297F94DA088A607DCF53F4D2400

SHA256:

C383FB9815738AF45AF9F9A3EA4671CCEC9D9016555C12A2E383C704BE7BECF8

SSDEEP:

12288:zUBx5dd/aI915ngZWg18/CzixuMwdc3Vq5NOxlLwrFHKeDQJep4wLNoU3MdqSEm1:k/am6182rMwiFQNOWBdQQpZ33MqmDjjJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Drops executable file immediately after starts

      • firefox.exe (PID: 4052)
  • SUSPICIOUS

    • Searches for installed software

      • OUTLOOK.EXE (PID: 1284)
    • Reads the computer name

      • OUTLOOK.EXE (PID: 1284)
    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 3044)
    • Checks supported languages

      • OUTLOOK.EXE (PID: 1284)
    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 632)
    • Reads the date of Windows installation

      • rundll32.exe (PID: 2444)
    • Executable content was dropped or overwritten

      • firefox.exe (PID: 4052)
    • Drops a file with a compile date too recent

      • firefox.exe (PID: 4052)
  • INFO

    • Reads the computer name

      • iexplore.exe (PID: 3044)
      • rundll32.exe (PID: 972)
      • iexplore.exe (PID: 2892)
      • chrome.exe (PID: 3600)
      • chrome.exe (PID: 632)
      • chrome.exe (PID: 3136)
      • chrome.exe (PID: 3356)
      • chrome.exe (PID: 1092)
      • rundll32.exe (PID: 2444)
      • chrome.exe (PID: 3132)
      • firefox.exe (PID: 2756)
      • firefox.exe (PID: 4052)
      • firefox.exe (PID: 2512)
      • chrome.exe (PID: 1608)
      • chrome.exe (PID: 2832)
      • firefox.exe (PID: 3644)
      • chrome.exe (PID: 4092)
      • firefox.exe (PID: 3588)
      • firefox.exe (PID: 1988)
    • Changes internet zones settings

      • iexplore.exe (PID: 2892)
    • Checks supported languages

      • iexplore.exe (PID: 2892)
      • rundll32.exe (PID: 972)
      • iexplore.exe (PID: 3044)
      • rundll32.exe (PID: 1036)
      • chrome.exe (PID: 420)
      • chrome.exe (PID: 632)
      • chrome.exe (PID: 3600)
      • chrome.exe (PID: 3136)
      • chrome.exe (PID: 2760)
      • chrome.exe (PID: 2832)
      • chrome.exe (PID: 2492)
      • chrome.exe (PID: 3528)
      • chrome.exe (PID: 2000)
      • chrome.exe (PID: 2244)
      • chrome.exe (PID: 3748)
      • chrome.exe (PID: 2100)
      • chrome.exe (PID: 3356)
      • chrome.exe (PID: 3132)
      • chrome.exe (PID: 1092)
      • chrome.exe (PID: 392)
      • chrome.exe (PID: 452)
      • chrome.exe (PID: 3452)
      • firefox.exe (PID: 3080)
      • firefox.exe (PID: 2756)
      • firefox.exe (PID: 4052)
      • firefox.exe (PID: 2512)
      • rundll32.exe (PID: 2444)
      • firefox.exe (PID: 1988)
      • firefox.exe (PID: 3588)
      • chrome.exe (PID: 916)
      • firefox.exe (PID: 3644)
      • chrome.exe (PID: 3544)
      • chrome.exe (PID: 1608)
      • chrome.exe (PID: 4092)
      • chrome.exe (PID: 4064)
      • chrome.exe (PID: 2832)
      • chrome.exe (PID: 2216)
    • Application launched itself

      • iexplore.exe (PID: 2892)
      • chrome.exe (PID: 632)
      • firefox.exe (PID: 3080)
      • firefox.exe (PID: 4052)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 2892)
      • iexplore.exe (PID: 3044)
      • chrome.exe (PID: 3600)
    • Manual execution by user

      • chrome.exe (PID: 632)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 3044)
      • iexplore.exe (PID: 2892)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3044)
    • Reads the date of Windows installation

      • iexplore.exe (PID: 2892)
      • chrome.exe (PID: 1608)
    • Reads Microsoft Office registry keys

      • OUTLOOK.EXE (PID: 1284)
    • Changes default file association

      • rundll32.exe (PID: 2444)
    • Reads CPU info

      • firefox.exe (PID: 4052)
    • Creates files in the program directory

      • firefox.exe (PID: 4052)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.eml | E-Mail message (Var. 5) (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
79
Monitored processes
38
Malicious processes
2
Suspicious processes
2

Behavior graph

Click at the process to see the details
start outlook.exe rundll32.exe no specs rundll32.exe no specs iexplore.exe iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs rundll32.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1284"C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE" /eml "C:\Users\admin\AppData\Local\Temp\phish_alert_sp2_2.0.0.0.eml"C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Outlook
Version:
14.0.6025.1000
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\microsoft office\office14\outlook.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1036"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\1JUEY2B0\Payment signed.shtmC:\Windows\system32\rundll32.exeOUTLOOK.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
972"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\1JUEY2B0\Payment signed.shtmC:\Windows\system32\rundll32.exeOUTLOOK.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
3221225547
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imagehlp.dll
2892"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?LinkId=57426&Ext=shtmC:\Program Files\Internet Explorer\iexplore.exe
rundll32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
3044"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2892 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
632"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
Explorer.EXE
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
2760"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x67bcd988,0x67bcd998,0x67bcd9a4C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
3136"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1144,13913098426383023254,518727402455545965,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1072 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
3600"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1144,13913098426383023254,518727402455545965,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1268 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
420"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1144,13913098426383023254,518727402455545965,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1936 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\version.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
Total events
38 725
Read events
37 792
Write events
0
Delete events
0

Modification events

No data
Executable files
4
Suspicious files
230
Text files
258
Unknown types
38

Dropped files

PID
Process
Filename
Type
1284OUTLOOK.EXEC:\Users\admin\AppData\Local\Temp\CVRA2E7.tmp.cvr
MD5:
SHA256:
1284OUTLOOK.EXEC:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
MD5:
SHA256:
3044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:0C8FF982183878147F01B33C84F9EF76
SHA256:E28D538443496138A56253EA0C15D91E90FCDD04CB9818C9072846177BC05C97
1284OUTLOOK.EXEC:\Users\admin\AppData\Local\Temp\outlook logging\firstrun.logtext
MD5:6671059D65F2FB1585D458ED959F4689
SHA256:435A1DD91DF9304632022C5BD66AE41B503585BCDFC01895FDDE21DF0CDA6CD1
3044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63binary
MD5:98F17F73B2F4E7DE0EBBE376AD108462
SHA256:9949172C9898F2D28EE737C3B34F1BD53C9DD7B6CE18821729DF3C2854EB16B5
1284OUTLOOK.EXEC:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotmpgc
MD5:3FA1AC403DC28837D9252F90CC02BD43
SHA256:401E21E415FA47B5B201835D2B9E78C412CCB87DC35297A12642D1FDAF7E4A54
3044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63der
MD5:EE87BB11E233C12009CC11725035DBDC
SHA256:D82930A5B051B3C3F1639C24E83BDDF41D5AA66E467A0944D1AC3D59AE6330C5
1284OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\1JUEY2B0\Payment signed (2).shtmhtml
MD5:CE1200D618B06A56A293F96955C3A7B7
SHA256:47EFEA1CCCB0DFB4128CA118E4CA87B5352F5D21571A0D4CAA1F7CC3C8AC2DF5
1284OUTLOOK.EXEC:\Users\admin\AppData\Local\Temp\tmpA49E.tmptext
MD5:FC657A1C07FF9DC1253F5669CFE7CD3C
SHA256:05231445DF31E97C6DE46C295C10C2DEFD6A688EC443E283FD879DB5EC3D56F4
1284OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_TCPrefs_2_129CF545F07BE849972D5129194166D4.datxml
MD5:F194B1FA12F9B6F46A47391FAE8BEEC2
SHA256:FCD8D7E030BE6EA7588E5C6CB568E3F1BDFC263942074B693942A27DF9521A74
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
24
TCP/UDP connections
99
DNS requests
107
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3044
iexplore.exe
GET
301
2.21.20.141:80
http://shell.windows.com/fileassoc/fileassoc.asp?Ext=shtm
DE
whitelisted
1284
OUTLOOK.EXE
GET
64.4.26.155:80
http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig
US
whitelisted
3600
chrome.exe
GET
301
2.21.20.159:80
http://shell.windows.com/fileassoc/fileassoc.asp?Ext=shtm
DE
whitelisted
3600
chrome.exe
GET
302
96.16.143.41:80
http://go.microsoft.com/fwlink/?LinkId=57426&Ext=shtm
US
whitelisted
856
svchost.exe
HEAD
302
142.250.185.174:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
US
whitelisted
3044
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D
US
der
1.47 Kb
whitelisted
3044
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
4052
firefox.exe
POST
200
142.250.185.99:80
http://ocsp.pki.goog/gts1c3
US
der
472 b
whitelisted
4052
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
3600
chrome.exe
GET
302
142.250.185.238:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
US
html
591 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3044
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
Highwinds Network Group, Inc.
US
whitelisted
2892
iexplore.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
3044
iexplore.exe
2.21.20.141:80
shell.windows.com
NTT America, Inc.
DE
suspicious
3044
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3044
iexplore.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
3044
iexplore.exe
96.16.143.41:443
go.microsoft.com
Akamai International B.V.
US
whitelisted
1284
OUTLOOK.EXE
64.4.26.155:80
config.messenger.msn.com
Microsoft Corporation
US
whitelisted
3600
chrome.exe
142.250.186.131:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
3600
chrome.exe
2.21.20.159:80
shell.windows.com
NTT America, Inc.
DE
suspicious
3600
chrome.exe
142.250.186.36:443
www.google.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
config.messenger.msn.com
  • 64.4.26.155
whitelisted
go.microsoft.com
  • 96.16.143.41
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
ctldl.windowsupdate.com
  • 209.197.3.8
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
shell.windows.com
  • 2.21.20.141
  • 2.21.20.159
whitelisted
clientservices.googleapis.com
  • 142.250.186.131
whitelisted
www.google.com
  • 142.250.186.36
whitelisted
clients2.google.com
  • 142.250.186.46
whitelisted

Threats

PID
Process
Class
Message
4052
firefox.exe
Potentially Bad Traffic
ET INFO Terse Request for .txt - Likely Hostile
4052
firefox.exe
Potentially Bad Traffic
ET INFO Terse Request for .txt - Likely Hostile
No debug info