Malware analysis ipinfo.io Malicious activity | ANY.RUN

Add for printing

URL:	ipinfo.io
Full analysis:	https://app.any.run/tasks/a750cf58-453a-431a-adf9-9de9421a0a79
Verdict:	Malicious activity
Analysis date:	April 08, 2026, 06:21:52
OS:	Windows 10 Professional (build: 19044, 64 bit)
MD5:	69A2C0DD9E32D90B3D4E00B722A241CB
SHA1:	9C90FD6A0FD7FC8305E9B29E8578758D2CF48872
SHA256:	080EDED95AC0CF29458B6581312A17E9FFC2980F58DA42ED552EC4055DC98D5E
SSDEEP:	3:UKWH:UnH

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
No suspicious indicators.
INFO
No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

158

Monitored processes

1

Malicious processes

0

Suspicious processes

0

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

7028

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --webtransport-developer-mode --string-annotations --always-read-main-dll --field-trial-handle=2256,i,13378875761215938322,9620771509043916482,262144 --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Version:

133.0.3065.92

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

Add for printing

Total events

0

Read events

0

Write events

0

Delete events

0

Modification events

No data

Add for printing

Executable files

0

Suspicious files

8

Text files

4

Unknown types

61

Dropped files

PID	Process	Filename		Type
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ba		binary
		MD5:9D48154E03DBAFCBB2AF9E701254CE75	SHA256:8929C45EB1F6B2F45CE83787CCC1DD8EB936757DF6C00A1D388A83CD89B3CF77
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b7		binary
		MD5:3DEF353BDFFE86BF1571F7F64B52BDD9	SHA256:7092D91259EF4388B94DD9594E67C321542BADB0868291D5B725D45B8078F98A
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c1		binary
		MD5:5981FD7CC2907BB15A2C79AA9E7FAB2F	SHA256:4E8D47F2D51E5C15ED54E8237F827005D675EEC474216E7931E534C78FF30158
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bb		binary
		MD5:F7651290E6AD8BE46AB11A2763F58994	SHA256:7F1CA2AAB9D81D8AAAD5D71CE272B6837493AF12FFE3E19659F258CB6765A2D5
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b8		binary
		MD5:C701418E2F543D7F5D26448B1ECFBFC8	SHA256:2C935CCEA0EFA74F1D034628790A2AEBFE2CCB6F5D60E8F5B224366066E10188
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bc		binary
		MD5:278895D49E341B0BA5D128C0613FB877	SHA256:977587E735A70EE9095E02CEEF98CB6D4F3877D6E278CBE65AF18DCE8966CDAA
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000be		binary
		MD5:0DF81C49B46379D11A6B0F7CA5A1483F	SHA256:5C273C63828CA825944FCA1DF4BB8FD7471DD491FF511AEB02FD8BA9F6CCA1FC
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bd		binary
		MD5:B1BEA450F4FE027C3919D8504B50AD9D	SHA256:5B50B9492860F99DEB30389C37B4B5611D9C6E396A0AF056CBCF968E64C663D7
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c2		binary
		MD5:C2E5C7CC9672F6101B733DEEA327D1D6	SHA256:60FE579C50202903EEC3A1898B8EAFC6DF528307B7E40052C0F800E718A7129F
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b5		binary
		MD5:DA457A672A0DB575C87F1E5ADE128D5B	SHA256:09C0D266D96138AC8A77B83CCDC10335122466720BEDE8CAA0247B7814C954DC

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

437

TCP/UDP connections

215

DNS requests

227

Threats

20

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
7028	msedge.exe	GET	200	34.117.59.81:443	https://ipinfo.io/	US	binary	146 Kb	unknown
7028	msedge.exe	GET	200	92.123.104.30:443	https://www.bing.com/bloomfilterfiles/ExpandedDomainsFilterGlobal.json	unknown	text	665 Kb	whitelisted
7028	msedge.exe	GET	200	104.18.23.73:443	https://website-cdn.assets.ipinfo.io/_next/static/media/443896d591e4f761-s.p.woff2	US	binary	21.4 Kb	unknown
7028	msedge.exe	GET	200	104.18.23.73:443	https://website-cdn.assets.ipinfo.io/_next/static/css/658376a2533eef14.css	US	binary	609 Kb	unknown
7028	msedge.exe	GET	200	104.18.22.73:443	https://website-cdn.assets.ipinfo.io/_next/static/css/8b9dbbc55c682252.css	US	binary	8.63 Kb	unknown
6500	RUXIMICS.exe	GET	304	51.104.136.2:443	https://settings-win.data.microsoft.com/settings/v3.0/WSD/RUXIM?os=Windows&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3623&OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&FlightRing=Retail&AttrDataVer=188&App=RUXIM&AppVer=&DeviceFamily=Windows.Desktop	US	—	—	whitelisted
5336	MoUsoCoreWorker.exe	GET	304	51.104.136.2:443	https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3593&FlightIds=&UpdateOfferedDays=344&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%206%20Model%2014%20Stepping%203&sku=48&ActivationChannel=Retail&AttrDataVer=188&IsMDMEnrolled=0&ProcessorCores=4&ProcessorModel=Intel%28R%29%20Core%28TM%29%20i5-6400%20CPU%20%40%202.70GHz&TotalPhysicalRAM=4096&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260246&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30	US	—	—	whitelisted
7028	msedge.exe	GET	200	104.18.23.73:443	https://website-cdn.assets.ipinfo.io/_next/static/media/placeholder.63070286.png	US	binary	17.0 Kb	unknown
8012	svchost.exe	GET	200	23.216.77.6:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	NL	binary	825 b	whitelisted
7028	msedge.exe	GET	200	104.18.23.73:443	https://website-cdn.assets.ipinfo.io/_next/static/chunks/webpack-60b8c82e71c4cfbf.js	US	binary	6.29 Kb	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
8012	svchost.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
6500	RUXIMICS.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
5336	MoUsoCoreWorker.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
—	—	224.0.0.251:5353	—	—	—	whitelisted
7028	msedge.exe	184.86.251.25:443	www.bing.com	AKAMAI-ASN1	NL	whitelisted
7028	msedge.exe	34.117.59.81:80	ipinfo.io	GOOGLE-CLOUD-PLATFORM	US	whitelisted
7028	msedge.exe	34.117.59.81:443	ipinfo.io	GOOGLE-CLOUD-PLATFORM	US	whitelisted
7028	msedge.exe	104.18.22.73:443	website-cdn.assets.ipinfo.io	CLOUDFLARENET	US	whitelisted
7028	msedge.exe	184.24.77.144:443	use.typekit.net	AKAMAI-ASN1	NL	whitelisted
7028	msedge.exe	184.24.77.154:443	p.typekit.net	AKAMAI-ASN1	NL	whitelisted

DNS requests

Domain	IP	Reputation
settings-win.data.microsoft.com	51.104.136.2 4.231.128.59 40.127.240.158	whitelisted
google.com	192.178.183.100 192.178.183.101 192.178.183.139 192.178.183.138 192.178.183.113 192.178.183.102	whitelisted
www.bing.com	184.86.251.25 184.86.251.28 184.86.251.5 184.86.251.10 184.86.251.24 184.86.251.23 184.86.251.27 184.86.251.30 184.86.251.9 184.86.251.11 184.86.251.7 184.86.251.8 92.123.104.38 92.123.104.37 92.123.104.22 92.123.104.26 92.123.104.28 92.123.104.40 92.123.104.29 92.123.104.36 92.123.104.30	whitelisted
ipinfo.io	34.117.59.81	whitelisted
website-cdn.assets.ipinfo.io	104.18.22.73 104.18.23.73	shared
use.typekit.net	184.24.77.144 184.24.77.156	whitelisted
p.typekit.net	184.24.77.154 184.24.77.146	whitelisted
crl.microsoft.com	23.216.77.6 23.216.77.28	whitelisted
www.microsoft.com	23.52.181.212 88.221.169.152	whitelisted
login.live.com	40.126.31.0 40.126.31.3 40.126.31.130 40.126.31.73 40.126.31.128 20.190.159.23 20.190.159.2 20.190.159.130	whitelisted

Threats

PID	Process	Class	Message
7028	msedge.exe	Device Retrieving External IP Address Detected	ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io)
7028	msedge.exe	Device Retrieving External IP Address Detected	ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io)
7028	msedge.exe	Device Retrieving External IP Address Detected	ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io)
7028	msedge.exe	Device Retrieving External IP Address Detected	ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io)
7028	msedge.exe	Device Retrieving External IP Address Detected	ET INFO Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
—	—	Device Retrieving External IP Address Detected	ET INFO External IP Lookup ipinfo.io
8012	svchost.exe	Unknown Traffic	ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
7028	msedge.exe	Device Retrieving External IP Address Detected	ET INFO Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
7028	msedge.exe	Device Retrieving External IP Address Detected	ET INFO Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
7028	msedge.exe	Device Retrieving External IP Address Detected	ET INFO Possible External IP Lookup Domain Observed in SNI (ipinfo. io)

Add for printing

No debug info

General Info

ipinfo.io

69A2C0DD9E32D90B3D4E00B722A241CB

9C90FD6A0FD7FC8305E9B29E8578758D2CF48872

080EDED95AC0CF29458B6581312A17E9FFC2980F58DA42ED552EC4055DC98D5E

3:UKWH:UnH

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

INFO

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings