URL:

https://www.downloadcomputergames.net/2021/08/driver-san-francisco.html

Full analysis: https://app.any.run/tasks/fadfb598-38d5-4b85-9b98-03cfa5493612
Verdict: Malicious activity
Analysis date: May 23, 2026, 15:08:56
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
obfuscated-js
qrcode
phishing
Indicators:
MD5:

3CB5F94845D63B70BB8AF8394761DDBA

SHA1:

BB4CA4848C10C4BB1E8C05905A293A721AD31768

SHA256:

199BB167D790913EA57AC7C88446A4B017829DFFEA1E99F40CF85E53522EB0F5

SSDEEP:

3:N8DSL0bZQRA39M0sX2ZBXULoiGy:2OLKEz09fSoit

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 7028)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
180
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
#PHISHING msedge.exe

Process information

PID
CMD
Path
Indicators
Parent process
7028"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --webtransport-developer-mode --string-annotations --always-read-main-dll --field-trial-handle=2256,i,13378875761215938322,9620771509043916482,262144 --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
81
Text files
57
Unknown types
1

Dropped files

PID
Process
Filename
Type
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000baimage
MD5:79CD98923505B8ACD342E6851C966BF3
SHA256:F64FBF82C7461B7D236893F6F5098ECDE3249928A345DA29CD891A3CD0CB1A03
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b5binary
MD5:3EBF28F46C82E7DED1B9F8839A268CFA
SHA256:C3E3E97B4FFE1F6819AAC5A9642BD9969D2381CA7027459EF970BDB729F49951
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b7compressed
MD5:47D1306905BA493B7CEAB08974AE8C05
SHA256:08B1CDA5D8296C43B82B5D9528124E172E81312E5C4C4B53608887F6F1565BD1
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b8binary
MD5:E0102F980B9E16D9169755AF7B4A38A7
SHA256:E6CAF5474C8664F57FF0D21A4B0AFB47291F7F8A5A3DFD7E3949E1055AE34158
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c0image
MD5:79CD98923505B8ACD342E6851C966BF3
SHA256:F64FBF82C7461B7D236893F6F5098ECDE3249928A345DA29CD891A3CD0CB1A03
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c2image
MD5:21EED40A19B155B3A6E484410F138CE2
SHA256:F3F73770A99280C1DA6FB4EE41E46BFEA9DEF89EDB93C3B1234E1C10F59914B5
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c3image
MD5:751634BB42FC3139CE08564A571C454A
SHA256:C9D99AD07E181EF00AF2AE498F3F14166056DDC641A8909A3B4894DE109D63FC
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c4image
MD5:77354F20D801B8E63B5AC9B3DFDA3155
SHA256:79A75F011B7EFA0775ED57CD4B416D5977A4538F1516EAADBB13E2A9BED13242
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c5compressed
MD5:8388475F0C91F17E69322A487900469D
SHA256:DCFA7BD930CCF9A56523AF6A0FEBCC686AF995BDBBFAB1099CAFAA8404132F78
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c6compressed
MD5:083459F7B6108696C4D721909F70B292
SHA256:A32C38BDFFC3993B9399736AF4876CE1B93A79DBEDAB7B44A7B60656071A5F02
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
617
TCP/UDP connections
273
DNS requests
274
Threats
20

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
8036
RUXIMICS.exe
GET
304
48.209.138.189:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/RUXIM?os=Windows&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3623&OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&FlightRing=Retail&AttrDataVer=188&App=RUXIM&AppVer=&DeviceFamily=Windows.Desktop
US
whitelisted
5336
MoUsoCoreWorker.exe
GET
304
48.209.138.189:443
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3593&FlightIds=&UpdateOfferedDays=344&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%206%20Model%2014%20Stepping%203&sku=48&ActivationChannel=Retail&AttrDataVer=188&IsMDMEnrolled=0&ProcessorCores=4&ProcessorModel=Intel%28R%29%20Core%28TM%29%20i5-6400%20CPU%20%40%202.70GHz&TotalPhysicalRAM=4096&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260246&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30
US
whitelisted
7760
svchost.exe
HEAD
200
104.102.63.189:443
https://fs.microsoft.com/fs/windows/config.json
US
whitelisted
7028
msedge.exe
GET
200
188.114.96.3:443
https://www.downloadcomputergames.net/2021/08/driver-san-francisco.html
US
html
341 Kb
unknown
7648
svchost.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
8036
RUXIMICS.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
7648
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
5336
MoUsoCoreWorker.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
7028
msedge.exe
GET
200
2.16.241.218:443
https://www.bing.com/bloomfilterfiles/ExpandedDomainsFilterGlobal.json
unknown
text
666 Kb
whitelisted
GET
200
142.251.110.132:443
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7MC9Y1wQEXn76nS0Oegr22HKlj4VezAufyzy5fJ43ek8wqclQLVn3vU1ciPpbesmg_IEL7DIYbHcV-DpdRg3Kw83WGKArLMlZUK8AI11Kf3raZV984-QsvF64bBcBa_Qe0JlybXjKmw/s330-e365-rw/DownloadComputerGames.webp
US
image
8.29 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
7648
svchost.exe
48.209.138.189:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
8036
RUXIMICS.exe
48.209.138.189:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5336
MoUsoCoreWorker.exe
48.209.138.189:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1640
msedge.exe
224.0.0.251:5353
whitelisted
7028
msedge.exe
188.114.96.3:443
www.downloadcomputergames.net
CLOUDFLARENET
US
whitelisted
7648
svchost.exe
23.216.77.6:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
8036
RUXIMICS.exe
23.216.77.6:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5336
MoUsoCoreWorker.exe
23.216.77.6:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
8036
RUXIMICS.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
7648
svchost.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 48.209.138.189
  • 57.153.246.3
whitelisted
google.com
  • 142.251.110.102
  • 142.251.110.101
  • 142.251.110.113
  • 142.251.110.139
  • 142.251.110.100
  • 142.251.110.138
whitelisted
www.downloadcomputergames.net
  • 188.114.96.3
  • 188.114.97.3
whitelisted
crl.microsoft.com
  • 23.216.77.6
  • 23.216.77.28
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted
1.bp.blogspot.com
  • 142.251.20.132
  • 142.250.154.132
whitelisted
2.bp.blogspot.com
  • 142.251.14.132
whitelisted
adservice.google.com
  • 142.251.110.155
  • 142.251.110.157
  • 142.251.110.156
  • 142.251.110.154
  • 142.251.20.155
  • 142.251.20.154
  • 142.251.20.157
  • 142.251.20.156
whitelisted
adservice.google.ca
  • 142.250.154.155
  • 142.250.154.156
  • 142.250.154.157
  • 142.250.154.154
whitelisted
www.googletagservices.com
  • 142.251.127.157
  • 142.251.127.155
  • 142.251.127.156
  • 142.251.127.154
  • 142.251.110.156
  • 142.251.110.155
  • 142.251.110.154
  • 142.251.110.157
whitelisted

Threats

PID
Process
Class
Message
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
7028
msedge.exe
Potentially Bad Traffic
SUSPICIOUS [ANY.RUN] Possible Malicious CrossDomain (highperformanceformat .com)
8036
RUXIMICS.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
7028
msedge.exe
Potentially Bad Traffic
SUSPICIOUS [ANY.RUN] Possible Malicious CrossDomain (kettledroopingcontinuation .com)
7028
msedge.exe
Potentially Bad Traffic
SUSPICIOUS [ANY.RUN] Possible Malicious CrossDomain (usrpubtrk .com)
Misc activity
SUSPICIOUS [ANY.RUN] JavaScript Obfuscation (ParseInt)
Misc activity
SUSPICIOUS [ANY.RUN] JavaScript Obfuscation (ParseInt)
Misc activity
SUSPICIOUS [ANY.RUN] JavaScript Obfuscation (ParseInt)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.downloadcomputergames.net/2021/08/driver-san-francisco.html