File name:

ACCIÓN JUDICIAL POR DAÑOS Y PERJUICIOS.eml

Full analysis: https://app.any.run/tasks/6a0ca5bb-3b0f-4ba0-92f0-79433f082c8e
Verdict: Malicious activity
Threats:

XWorm is a remote access trojan (RAT) sold as a malware-as-a-service. It possesses an extensive hacking toolset and is capable of gathering private information and files from the infected computer, hijacking MetaMask and Telegram accounts, and tracking user activity. XWorm is typically delivered to victims' computers through multi-stage attacks that start with phishing emails.

Malware Trends Tracker     >>>
Analysis date: January 10, 2025, 22:28:05
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
xworm
Indicators:
MIME: message/rfc822
File info: SMTP mail, ASCII text, with CRLF line terminators
MD5:

6DF44F6EEEA0714F5F225EC5858D51BE

SHA1:

8CE5701E062213ADCA3331E99776FA4708962EAF

SHA256:

E2F60ED13FBAFCF6BA286318470C4BAA0068F8FB6BD34BC48B1501A8653A6CA5

SSDEEP:

1536:UaTuWBMSz42CXT19fBlOXSHl+vRcmzD39xJFkyTQBIaD404a:L1WSz42CD1FSXCl+vRz3jJmyTQOaDxh

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Starts Visual C# compiler

      • ACCIÓN JUDICIAL POR DAÑOS Y PERJUICIOS.exe (PID: 4188)
      • ACCIÓN JUDICIAL POR DAÑOS Y PERJUICIOS.exe (PID: 6956)
      • ACCIÓN JUDICIAL POR DAÑOS Y PERJUICIOS.exe (PID: 7540)

    • Changes the autorun value in the registry

      • ACCIÓN JUDICIAL POR DAÑOS Y PERJUICIOS.exe (PID: 4188)
      • ACCIÓN JUDICIAL POR DAÑOS Y PERJUICIOS.exe (PID: 6956)
      • ACCIÓN JUDICIAL POR DAÑOS Y PERJUICIOS.exe (PID: 7540)

    • XWORM has been detected (YARA)

      • csc.exe (PID: 7276)

    • Connects to the CnC server

      • csc.exe (PID: 7276)

    • XWORM has been detected (SURICATA)

      • csc.exe (PID: 7276)

  • SUSPICIOUS

    • Connects to unusual port

      • csc.exe (PID: 7276)

    • Contacting a server suspected of hosting an CnC

      • csc.exe (PID: 7276)

  • INFO

    • The process uses the downloaded file

      • OUTLOOK.EXE (PID: 6284)
      • msedge.exe (PID: 7564)
      • WinRAR.exe (PID: 7760)

    • Manual execution by a user

      • cmd.exe (PID: 7220)
      • WinRAR.exe (PID: 7760)
      • ACCIÓN JUDICIAL POR DAÑOS Y PERJUICIOS.exe (PID: 6956)
      • notepad++.exe (PID: 5964)
      • ACCIÓN JUDICIAL POR DAÑOS Y PERJUICIOS.exe (PID: 7540)

    • Reads Environment values

      • identity_helper.exe (PID: 5740)

    • Checks supported languages

      • identity_helper.exe (PID: 5740)
      • ACCIÓN JUDICIAL POR DAÑOS Y PERJUICIOS.exe (PID: 6956)
      • ACCIÓN JUDICIAL POR DAÑOS Y PERJUICIOS.exe (PID: 4188)
      • ACCIÓN JUDICIAL POR DAÑOS Y PERJUICIOS.exe (PID: 7540)
      • csc.exe (PID: 7276)
      • csc.exe (PID: 4360)
      • csc.exe (PID: 7140)

    • Reads the computer name

      • identity_helper.exe (PID: 5740)
      • csc.exe (PID: 7276)
      • csc.exe (PID: 4360)
      • csc.exe (PID: 7140)

    • Gets the hash of the file via CERTUTIL.EXE

      • certutil.exe (PID: 1876)
      • certutil.exe (PID: 8072)

    • Application launched itself

      • msedge.exe (PID: 4052)

    • The sample compiled with english language support

      • msedge.exe (PID: 5872)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 5872)
      • WinRAR.exe (PID: 7760)

    • Sends debugging messages

      • notepad++.exe (PID: 5964)

    • Reads the machine GUID from the registry

      • csc.exe (PID: 7276)
      • csc.exe (PID: 4360)
      • csc.exe (PID: 7140)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

XWorm

(PID) Process(7276) csc.exe
C287.120.116.179:1300
Keys
AES<123456789>
Options
Splitter<Xwormmm>
Sleep time3
USB drop name10-01-25
Mutexk2ajRGAWWdwZwgsE
No Malware configuration.

TRiD

.eml | E-Mail message (Var. 7) (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
209
Monitored processes
72
Malicious processes
3
Suspicious processes
2

Behavior graph

Click at the process to see the details
start outlook.exe ai.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs conhost.exe no specs certutil.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs certutil.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs acción judicial por daños y perjuicios.exe msedge.exe acción judicial por daños y perjuicios.exe notepad++.exe #XWORM csc.exe msedge.exe no specs acción judicial por daños y perjuicios.exe csc.exe no specs msedge.exe no specs csc.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
848"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5316 --field-trial-handle=2384,i,2385696698200010611,17227886339188285604,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1080"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5776 --field-trial-handle=2384,i,2385696698200010611,17227886339188285604,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1200"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5868 --field-trial-handle=2384,i,2385696698200010611,17227886339188285604,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1328"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=1540 --field-trial-handle=2384,i,2385696698200010611,17227886339188285604,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1876certutil -hashfile "ACCIÓN JUDICIAL POR DAÑOS Y PERJUICIOS.zip" sha256C:\Windows\System32\certutil.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
CertUtil.exe
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\certutil.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
2084"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3708 --field-trial-handle=2384,i,2385696698200010611,17227886339188285604,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2380"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=1428 --field-trial-handle=2384,i,2385696698200010611,17227886339188285604,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2408"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=1444 --field-trial-handle=2384,i,2385696698200010611,17227886339188285604,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2420"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5824 --field-trial-handle=2384,i,2385696698200010611,17227886339188285604,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2572"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5236 --field-trial-handle=2384,i,2385696698200010611,17227886339188285604,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
17 427
Read events
16 917
Write events
425
Delete events
85

Modification events

(PID) Process:(6284) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
Operation:writeName:6
Value:
01941A000000001000B24E9A3E06000000000000000600000000000000
(PID) Process:(6284) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\6284
Operation:writeName:0
Value:
0B0E1007390C3C7B8F484D8DF4EAD5EB2944852300469BCB88F5EEF5D8ED016A04102400449A7D64B29D01008500A907556E6B6E6F776EC906022222CA0DC2190000C91003783634C5118C31D2120B6F00750074006C006F006F006B002E00650078006500C51620C517808004C91808323231322D44656300
(PID) Process:(6284) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
Operation:delete valueName:BootCommand
Value:
(PID) Process:(6284) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
Operation:delete valueName:BootFailureCount
Value:
(PID) Process:(6284) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:delete keyName:(default)
Value:
(PID) Process:(6284) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:writeName:CantBootResolution
Value:
BootSuccess
(PID) Process:(6284) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:writeName:ProfileBeingOpened
Value:
Outlook
(PID) Process:(6284) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:writeName:SessionId
Value:
C3D8E96E-C1AF-4750-8D52-F4E28119C131
(PID) Process:(6284) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:writeName:BootDiagnosticsLogFile
Value:
C:\Users\admin\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16026_20146-20240718T1116060318-1644.etl
(PID) Process:(6284) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
Operation:delete valueName:ProfileBeingOpened
Value:
Executable files
6
Suspicious files
529
Text files
113
Unknown types
0

Dropped files

PID
Process
Filename
Type
6284OUTLOOK.EXEC:\Users\admin\Documents\Outlook Files\Outlook1.pst
MD5:
SHA256:
6284OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbresbinary
MD5:F9D2320E04AFCA4ACBD19BF07DEF6BD3
SHA256:265E174D33797440552242DC9327F9F0D3722A317C4914528A5C0B96348CD762
4052msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Variationsbinary
MD5:1C42329800C95BC1DB27E7657711FF1E
SHA256:D58993216FB0CBF52CED6DA4FCAEBFC8FCC7C1A37191954397BA77951B16BE9B
4052msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old~RF13c7d7.TMPtext
MD5:C5C8E14929BCE261B2B5B899CB479AF7
SHA256:73DBFF8A366CFF6972A38C091782EF62C89E28FDA1423A47448A60343F921754
4052msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF13c7e7.TMP
MD5:
SHA256:
4052msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF13c7e7.TMP
MD5:
SHA256:
4052msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
4052msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF13c7e7.TMP
MD5:
SHA256:
4052msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
4052msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
59
TCP/UDP connections
88
DNS requests
85
Threats
22

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6284
OUTLOOK.EXE
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4520
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6284
OUTLOOK.EXE
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
2572
svchost.exe
HEAD
200
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/1f999e8d-9476-499d-b6ee-fd975bc82372?P1=1737075612&P2=404&P3=2&P4=bctWdOwFAC3U4SZES%2fHvdG2hck4aE6AlYQmtTLgi5Ed1r%2bc%2fzG%2f8vBjRJgbB0I8wObKUdiF2BgCjg3gb%2b6FA6g%3d%3d
unknown
whitelisted
2572
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/1f999e8d-9476-499d-b6ee-fd975bc82372?P1=1737075612&P2=404&P3=2&P4=bctWdOwFAC3U4SZES%2fHvdG2hck4aE6AlYQmtTLgi5Ed1r%2bc%2fzG%2f8vBjRJgbB0I8wObKUdiF2BgCjg3gb%2b6FA6g%3d%3d
unknown
whitelisted
2572
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/1f999e8d-9476-499d-b6ee-fd975bc82372?P1=1737075612&P2=404&P3=2&P4=bctWdOwFAC3U4SZES%2fHvdG2hck4aE6AlYQmtTLgi5Ed1r%2bc%2fzG%2f8vBjRJgbB0I8wObKUdiF2BgCjg3gb%2b6FA6g%3d%3d
unknown
whitelisted
6508
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5064
SearchApp.exe
104.126.37.131:443
www.bing.com
Akamai International B.V.
DE
whitelisted
2624
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:138
whitelisted
6284
OUTLOOK.EXE
52.109.89.18:443
officeclient.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.78
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
  • 23.48.23.166
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
www.bing.com
  • 104.126.37.131
  • 104.126.37.145
  • 104.126.37.144
  • 104.126.37.154
  • 104.126.37.123
  • 104.126.37.129
  • 104.126.37.128
  • 104.126.37.155
  • 104.126.37.162
  • 104.126.37.130
  • 104.126.37.178
  • 104.126.37.163
  • 104.126.37.139
  • 104.126.37.176
  • 104.126.37.153
  • 104.126.37.179
  • 104.126.37.171
  • 104.126.37.137
  • 104.126.37.170
  • 104.126.37.160
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
officeclient.microsoft.com
  • 52.109.89.18
whitelisted
ecs.office.com
  • 52.113.194.132
whitelisted
login.live.com
  • 40.126.32.136
  • 40.126.32.72
  • 40.126.32.134
  • 40.126.32.68
  • 40.126.32.76
  • 20.190.160.20
  • 20.190.160.22
  • 20.190.160.17
whitelisted
roaming.officeapps.live.com
  • 52.109.28.47
whitelisted
go.microsoft.com
  • 23.213.166.81
  • 2.23.242.9
whitelisted

Threats

Found threats are available for the paid subscriptions
22 ETPRO signatures available at the full report
Process
Message
notepad++.exe
VerifyLibrary: certificate revocation checking is disabled
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\SciLexer.dll
notepad++.exe
ED255D9151912E40DF048A56288E969A8D0DAFA3
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\updater\gup.exe
notepad++.exe
VerifyLibrary: error while getting certificate informations
notepad++.exe
VerifyLibrary: certificate revocation checking is disabled
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ACCIÓN JUDICIAL POR DAÑOS Y PERJUICIOS.eml