URL:

https://github.com/SecHex/SecHex-Spoofy

Full analysis: https://app.any.run/tasks/615c6213-d451-4434-bbac-2b83b524f56b
Verdict: Malicious activity
Analysis date: September 13, 2024, 18:42:42
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MD5:

A39C7A5190088CC8644E00968638E918

SHA1:

F8A6F324B85D91ED69E7B743B7BF2596C2D5493D

SHA256:

0509FD93E61D6EDB3CBC6664823106DC33F0677A6E47582709473BBDAA564AB3

SSDEEP:

3:N8tEd4hgYcn:2unxn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 4920)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 6892)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 4920)
      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 7136)

    • Starts a Microsoft application from unusual location

      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 7136)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 4920)

    • Reads security settings of Internet Explorer

      • SecHex-GUI.exe (PID: 7116)
      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 7136)

    • Starts itself from another location

      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 7136)

    • Searches for installed software

      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 7136)

    • Creates a software uninstall entry

      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 4920)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 884)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 884)

    • Checks Windows Trust Settings

      • msiexec.exe (PID: 884)

  • INFO

    • The process uses the downloaded file

      • msedge.exe (PID: 3316)
      • msedge.exe (PID: 6156)
      • msedge.exe (PID: 5644)
      • msedge.exe (PID: 6952)
      • WinRAR.exe (PID: 6724)
      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 7136)

    • Reads Environment values

      • identity_helper.exe (PID: 6416)
      • identity_helper.exe (PID: 4316)

    • Reads the computer name

      • identity_helper.exe (PID: 6416)
      • identity_helper.exe (PID: 4316)
      • SecHex-GUI.exe (PID: 7116)
      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 7136)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 4920)
      • msiexec.exe (PID: 884)
      • msiexec.exe (PID: 3032)
      • msiexec.exe (PID: 3552)
      • msiexec.exe (PID: 2248)
      • msiexec.exe (PID: 6196)

    • Checks supported languages

      • identity_helper.exe (PID: 6416)
      • identity_helper.exe (PID: 4316)
      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 6892)
      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 7136)
      • SecHex-GUI.exe (PID: 7116)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 4920)
      • msiexec.exe (PID: 884)
      • msiexec.exe (PID: 3032)
      • msiexec.exe (PID: 6196)
      • msiexec.exe (PID: 2248)
      • msiexec.exe (PID: 3552)

    • Reads Microsoft Office registry keys

      • msedge.exe (PID: 6156)

    • Application launched itself

      • msedge.exe (PID: 6156)
      • msedge.exe (PID: 6952)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 5152)
      • WinRAR.exe (PID: 6724)
      • msedge.exe (PID: 6952)
      • msiexec.exe (PID: 884)

    • Create files in a temporary directory

      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 6892)
      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 4920)
      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 7136)

    • Manual execution by a user

      • SecHex-GUI.exe (PID: 7116)
      • SecHex-GUI.exe (PID: 508)

    • Sends debugging messages

      • SecHex-GUI.exe (PID: 7116)

    • Process checks computer location settings

      • windowsdesktop-runtime-6.0.33-win-x64 (1).exe (PID: 7136)

    • Creates files in the program directory

      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 4920)

    • Reads the machine GUID from the registry

      • windowsdesktop-runtime-6.0.33-win-x64.exe (PID: 4920)
      • msiexec.exe (PID: 884)

    • Reads the software policy settings

      • msiexec.exe (PID: 884)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 884)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
230
Monitored processes
94
Malicious processes
5
Suspicious processes
1

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe no specs sechex-gui.exe no specs sechex-gui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs windowsdesktop-runtime-6.0.33-win-x64 (1).exe windowsdesktop-runtime-6.0.33-win-x64 (1).exe msedge.exe no specs msedge.exe no specs windowsdesktop-runtime-6.0.33-win-x64.exe msiexec.exe msedge.exe no specs msiexec.exe no specs msedge.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
32"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3936 --field-trial-handle=2376,i,7796154310191834334,16742392183488352209,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
304"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5152 --field-trial-handle=2376,i,7796154310191834334,16742392183488352209,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
460"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5156 --field-trial-handle=2376,i,7796154310191834334,16742392183488352209,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
488"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7176 --field-trial-handle=2376,i,7796154310191834334,16742392183488352209,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
508"C:\Users\admin\Desktop\V1.5.6 + V1.5.8\SecHex-Spoofy V1.5.8 (testing)\SecHex-GUI.exe" C:\Users\admin\Desktop\V1.5.6 + V1.5.8\SecHex-Spoofy V1.5.8 (testing)\SecHex-GUI.exeexplorer.exe
User:
admin
Company:
SecHex
Integrity Level:
MEDIUM
Description:
SecHex-GUI
Exit code:
3221226540
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\v1.5.6 + v1.5.8\sechex-spoofy v1.5.8 (testing)\sechex-gui.exe
c:\windows\system32\ntdll.dll
752"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2648 --field-trial-handle=2372,i,10532802923800819184,6585231883822259586,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
884"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7292 --field-trial-handle=2376,i,7796154310191834334,16742392183488352209,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
884C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1048"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2372 --field-trial-handle=2376,i,7796154310191834334,16742392183488352209,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1140"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5604 --field-trial-handle=2376,i,7796154310191834334,16742392183488352209,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
24 096
Read events
23 074
Write events
978
Delete events
44

Modification events

(PID) Process:(6156) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(6156) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(6156) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(6156) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(6156) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
A32198DF9A802F00
(PID) Process:(6156) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
7D68A4DF9A802F00
(PID) Process:(6156) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\852470
Operation:writeName:WindowTabManagerFileMappingId
Value:
{B6DF9DDC-D65E-40EE-93EE-146EE681C3D5}
(PID) Process:(6156) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\852470
Operation:writeName:WindowTabManagerFileMappingId
Value:
{40FEC954-B123-420B-9A9F-DFA423D7B86E}
(PID) Process:(6156) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\852470
Operation:writeName:WindowTabManagerFileMappingId
Value:
{80CEEBBC-DA43-41A5-9619-0A56D0E7537F}
(PID) Process:(6156) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\852470
Operation:writeName:WindowTabManagerFileMappingId
Value:
{3E5A26CC-8DC8-4124-8A13-B8337ACD8B09}
Executable files
539
Suspicious files
703
Text files
221
Unknown types
23

Dropped files

PID
Process
Filename
Type
6156msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF12b89a.TMP
MD5:
SHA256:
6156msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
6156msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF12b8c9.TMP
MD5:
SHA256:
6156msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
6156msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF12b8d8.TMP
MD5:
SHA256:
6156msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
6156msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF12b8d8.TMP
MD5:
SHA256:
6156msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
6156msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF12b917.TMP
MD5:
SHA256:
6156msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF12b926.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
62
TCP/UDP connections
114
DNS requests
144
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3568
svchost.exe
GET
206
217.20.57.18:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/ea79963f-51af-4930-ab74-50e807a8950b?P1=1726547907&P2=404&P3=2&P4=f%2b39if1br9f8ZrfkoT3HnxjpWLKL%2fY%2faLxWjRmMBgu%2fY04rsg4sEBZ6zAAWUKdS04sDQelBJkyyz9UUynWk%2fKQ%3d%3d
unknown
whitelisted
3568
svchost.exe
GET
206
217.20.57.18:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/15d253df-7d48-4338-8759-fb2e882eb7ec?P1=1726773229&P2=404&P3=2&P4=WnltdqEddAdIbWOug38ELjvRdRl1bncRl9fBcz2eeoygvw2WI5LqYgljKQOj6cWEeK53zhQAdGEB0v%2fzqAmwJQ%3d%3d
unknown
whitelisted
HEAD
200
217.20.57.18:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/ea79963f-51af-4930-ab74-50e807a8950b?P1=1726547907&P2=404&P3=2&P4=f%2b39if1br9f8ZrfkoT3HnxjpWLKL%2fY%2faLxWjRmMBgu%2fY04rsg4sEBZ6zAAWUKdS04sDQelBJkyyz9UUynWk%2fKQ%3d%3d
unknown
whitelisted
3568
svchost.exe
GET
206
217.20.57.18:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/ea79963f-51af-4930-ab74-50e807a8950b?P1=1726547907&P2=404&P3=2&P4=f%2b39if1br9f8ZrfkoT3HnxjpWLKL%2fY%2faLxWjRmMBgu%2fY04rsg4sEBZ6zAAWUKdS04sDQelBJkyyz9UUynWk%2fKQ%3d%3d
unknown
whitelisted
3568
svchost.exe
GET
206
217.20.57.18:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/ea79963f-51af-4930-ab74-50e807a8950b?P1=1726547907&P2=404&P3=2&P4=f%2b39if1br9f8ZrfkoT3HnxjpWLKL%2fY%2faLxWjRmMBgu%2fY04rsg4sEBZ6zAAWUKdS04sDQelBJkyyz9UUynWk%2fKQ%3d%3d
unknown
whitelisted
3568
svchost.exe
HEAD
200
217.20.57.18:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/15d253df-7d48-4338-8759-fb2e882eb7ec?P1=1726773229&P2=404&P3=2&P4=WnltdqEddAdIbWOug38ELjvRdRl1bncRl9fBcz2eeoygvw2WI5LqYgljKQOj6cWEeK53zhQAdGEB0v%2fzqAmwJQ%3d%3d
unknown
whitelisted
3568
svchost.exe
GET
206
217.20.57.18:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/15d253df-7d48-4338-8759-fb2e882eb7ec?P1=1726773229&P2=404&P3=2&P4=WnltdqEddAdIbWOug38ELjvRdRl1bncRl9fBcz2eeoygvw2WI5LqYgljKQOj6cWEeK53zhQAdGEB0v%2fzqAmwJQ%3d%3d
unknown
whitelisted
3568
svchost.exe
GET
206
217.20.57.18:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/ea79963f-51af-4930-ab74-50e807a8950b?P1=1726547907&P2=404&P3=2&P4=f%2b39if1br9f8ZrfkoT3HnxjpWLKL%2fY%2faLxWjRmMBgu%2fY04rsg4sEBZ6zAAWUKdS04sDQelBJkyyz9UUynWk%2fKQ%3d%3d
unknown
whitelisted
3568
svchost.exe
GET
206
217.20.57.18:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/15d253df-7d48-4338-8759-fb2e882eb7ec?P1=1726773229&P2=404&P3=2&P4=WnltdqEddAdIbWOug38ELjvRdRl1bncRl9fBcz2eeoygvw2WI5LqYgljKQOj6cWEeK53zhQAdGEB0v%2fzqAmwJQ%3d%3d
unknown
whitelisted
3568
svchost.exe
GET
206
217.20.57.18:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/ea79963f-51af-4930-ab74-50e807a8950b?P1=1726547907&P2=404&P3=2&P4=f%2b39if1br9f8ZrfkoT3HnxjpWLKL%2fY%2faLxWjRmMBgu%2fY04rsg4sEBZ6zAAWUKdS04sDQelBJkyyz9UUynWk%2fKQ%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
752
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6156
msedge.exe
239.255.255.250:1900
whitelisted
752
msedge.exe
140.82.121.4:443
github.com
GITHUB
US
shared
752
msedge.exe
185.199.109.154:443
github.githubassets.com
FASTLY
US
whitelisted
752
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
752
msedge.exe
13.107.6.158:443
business.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
752
msedge.exe
94.245.104.56:443
api.edgeoffer.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
752
msedge.exe
13.107.246.45:443
edge-mobile-static.azureedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
  • 51.104.136.2
whitelisted
google.com
  • 216.58.206.46
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
github.com
  • 140.82.121.4
shared
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
api.edgeoffer.microsoft.com
  • 94.245.104.56
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted
bzib.nelreports.net
  • 23.48.23.51
  • 23.48.23.26
whitelisted
github.githubassets.com
  • 185.199.109.154
  • 185.199.110.154
  • 185.199.108.154
  • 185.199.111.154
whitelisted

Threats

No threats detected
Process
Message
SecHex-GUI.exe
You must install .NET to run this application. App: C:\Users\admin\Desktop\V1.5.6 + V1.5.8\SecHex-Spoofy V1.5.8 (testing)\SecHex-GUI.exe Architecture: x64 App host version: 6.0.16 .NET location: Not found Learn about runtime installation: https://aka.ms/dotnet/app-launch-failed Download the .NET runtime: https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=6.0.16
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://github.com/SecHex/SecHex-Spoofy