URL:

https://urldefense.proofpoint.com/v2/url?u=https-3A__url.us.m.mimecastprotect.com_r_djvuL7mYUbLSjWrnnlMRak7HYIVt7LW7QsholS5SlvrqYU17B4sptqDUK2SgHv7jDfwvov53gTs6-2DiDuRNFhCxW0-2DTYMmpUXVVLl083BaG1jmRayCo3p7vcoOj8e-2DlMPCOKBKICagIlYUWaL3g-2DCypx5I-5FgTCVbP0qj6BfQhfawg1TNMvuucXQzheEm0sMCiOTPqpw-2D-5FDgysY8geDQVcWTroqaFafxY9omu3A0pNIFv62I71hgPcBvFZA6ipGNGsuaWIIBpGfcaDPaQ2K-2DPJ9yWWSajFssru-2DrGh0dUe3qhYvbFnToxVtVjUJ8ZDtmhOKaKjlMa06RrW0BWfPKH10XWe1gmj8kEJxJXgzBC7W5afT-2D5-2DKWvvXYWt9HXvkJONTgTspEAvrSVr-2DxPesX6CaOWopCxl55BGJZOskVLVYBTQ4scuczogFZjNf8IuHe9zjxhQoshIScZA1eiuh0VotFMXT7smCFdJAEXePmi3Wu74TUA7VAwtJ503UilFutTD3OZOXrXAKlsO8Wz0AbpyM0Zphp0qsCDu0WSzrZqF3eVgjBIPHOcE680jm0lBVwJXHOEYDyyUuyDhGTk-5F-5FKhs5k3MjBE8Yogi0N2CoyEYHITF33ckjg5FdKAmX2I6F7WgFed8Bwy2gThf2fKufSLevxAibFs9-2DcYsTLFVVfgvmLqtfBe6HbNm-5FVrdLhKFvahHQz-5FUnLLkgMA-5FQSq6WFwq0O6uIppgoTUnTrWkHIEWxlR9fqRCF4S2TBTaIeuW-5FRN00vCnSwIM30BPEYdExRmBzSxk1jPR9ouKyTE5GTE9armIkeyDNdxY256w27TNTuTD8pUXDqwtB2x9BARHhXyl3R9heI7FbXeb4-5FQrHvOVM3khGUzcj1nPRJL1g9W-2DmC0kpK6-2DgSDx-2DtjgBBMJqG-2DJTW-2DW14ON3IojsLA3H965NTuIqcJWDh4mLU8lBIAubuXj4G3KTLZba9yMECapb3YIlN6Nxji7PL-2Dx7K4SrSPmiwti-5FCKd9Jl0clY-2DOD0P9vxKhwELkCfSYHcHFiraWUAf6OcM31GqYnEoq7sQvGc5VAe2Vug8ibEzeuvxEyNxiHRTbhw1driD8Vo2PPKZWD2Cj0w-5Fou8-5FvTZwHDcsrRghXhTw7vMiFhHl12WEd2GnkJvRn-5FStyNyqGyFlW-5FvLIFFrGCKoAHjeX-5Fq-2DsWUimsCrYbTvbVRioD0GXmpMXDqUBVw0DhB1ySCAZxg7T2RgLN8DtlOBvpY825e2zpLTYW9PA-2D976jzNmjUKHJUJKKToDV5jfKZGWdLEHE35Sj-2DlGn8sc48bYRlG7u8iMTUn3IUM9zUYPTDma-5FMo5dtTjKMjmmdyNhb-2D1z6w8Uj8VuhOkZj68F38rksxr7o7QUeIJ0cxANVevU1x-2DX1208l61tSFrqt0a6P1AG4VoAYBBHp6EdPzVFJGvePezUWKTFPPZWT828unMzOfAV04DxzYP36ANk69mw71MGCvILEdFxYz2A7kcah-5Fi9-2DZmbf4Kkw-5FQpNjYz7UHq-2DTKeJ5XdZBDnT4CZ9U00lDqjwxegD3q9c-5FA7S5pEcmtnuHtTsWDxYINERQSPsCb00-2DmH-5FTwc8nSn53pDjpkL37NyCkygzAqpQuLtvygKL83qUMvcwimFiy9iRX1ON3dc7xsiOV12mjItRXbMcA6y2A8zYl-2D4m81UqZwcstwNfqFCSN1YxibfldEWM-2DTxddViKUUqDgmSQe8l7FUCQAWT2ROrvES9hGiVZxSuHRdux5eEfyrwodyNdpMiWtiMjumEPjMadjuViIQ8XQrH-5F-5Fl8yt7Z-2DAPZGaTt7o-2DII6JxIX-5Fmt9EWmf81uo2r9l8UYk7mBoe9V9fyb2Tk6frMb1Lfm016xjshRHwR2qOMDUYfr4VwF3BQeYhYh19j3ZbDjGZf3-5Fi-5FCIEjhl1braRj9jnpU-5Fc-5FlT-5F8IVNQ6adiktEviSzELzx6NipTTbmbZjSvfXhb3FuYntqAHNXM4x9acRc8qRo5-5Fn-2DOaVXe7KSGWTERjK-2DLQcsSl9wLZyRTS8s26vP-2Ds3urztAYJaZGuz2z-2DEvkQzWZ-5FEPb44-5F4lcN9Z2SWwnD2dd98pv5PdMJdr37kWvGKz1EfHxBjHuOgOLRpsQ8nJBrCo7PVL0jUth2V1b-2DrGoM3X-2DE1pleex7mPJcnDVZQSnE6vyAhV6ebdBFhvczag3Nd4dX6wxlWjMBTpqFy-2DppGdryXUoOjpcdhJHyVtPrGr2lBOttsA8trXF9Kk8VNoJi7LYsxhqAAcA67px-5FtjmQ1UF33mLM46kPG3NQsTP4oYODvSMWIEWsTMUR7znvbwKCtjNBUluJKJk0LyxPMjk6q2s011KGYLhj7qdX9y2H2MdHUvzRCGDOSkW9fBhv1tXSbmQ8PK-5FUl8qsJBqqX5mCauLKTvYEU-2DVV9z6xMeUAXVsofZie5n1gAh-5FtONLPonI6WFiWXldDev6sX-2DePfxYAkg1FiuYF4lDprbBVDajD1syI3fcKmXyL4OtoDU5soRXs15xG4mBI9rxwCx6qUcHDDhsA3yGcIoUwCo0h3jd94POUkjXUHnQPxI21YU1OlseHRc-5F4i-2D5oGwNil7HGSFa05x6XjgyMxE1dJrBksMG3EMkPm5JDXV6F-5F01Id4zemaoZgzooEh-5F7fv1E4Zv3mE1qdYUsorfnHlmQs7ASpv9l3gGSRkrARskqTZ4x-5Fy5oew6kflzRIj7-2Da8xMPESmp4Ss4ysUv0BYOs7qyz50af3NUaft-5FZHoHG2omhT0-2Dm5SUZLO8eFxJgYR9B0LCmtaUlxE-5Fzhrf65vPvj09uu-5F9ooIQn0SOUz2XzNOSUcB1SfIUxSHGuQHxx1mdUOV-2DkWq8gjzkXPH7o5rqzHT440EE1bZFO2-2DdB69WZuGRGhCwR8-2D6fUNe9sHEcfVFJZMRfCDRJpyBddQR3k1d8xLEdt69UQ8jzdsPhXcIwHXohaHCZWkpb-5FnU1LGnWmoNTXTf2ObuXuNkoJVECqkDMWrTJpoVasChvrWli5pAPEY5soALmEjeoGMIF6Hz-2DpmEREulECXlldG9gpC2XP0Y4VyOKzA4A2j3sPDWBZC62iJqmJf5AIRgEqUQ75KriJKCgRA-2Dj7HsVGUyukVsrYpzyQeagJuEe96BbYbFIPdEpzxack4vbeBgqvtnggnsxgF6vrUASb9x4Hiw1JdCBLx7bQU-5F-5Fqfy4q-5FmQ4OCFse4Xn7fNOq-2D1FmaOKDr0qjVUnKBCh9lQzt3rRixmtEMdnhubhUSEzxHkmdwIh8BkYJOkx2w62wwFirwUPMCVPy94lVPWLW-2DuHrOleEAaa20xNsBKGYcAs4GmCVU8dKkztp32GnfJf1ydkOAPm6oUBJzWgwMrd6ebt1C1kdJCeSxdSXCaG8aSdYOu1iQDa7TNMP4FuPQvkUrx90mAYbmuDzb856LqJN-2Ddk7k8yv2iuQf1yml0Dy0YXCH3HVt-5FJ0Nvjqr1WjpDG4OcBQSYf-5F5dDSLS4TBwsFEt8CRAVf3fSScBMvf12-2DOPaEFL9B2ZE7N76zHl8f5c4nHhkqDBzwGJ0px8X3HVRFS8J5DaMRwDBlloXGiTUd-2Dr0ms57AGjDPw0rxEixXmFze18TpWk0zceCxayfhK6rk-2DJt1IFOY8Hirr6zmmatyXGOR9qgY9WFjNTUY71f06Fy5uFStzAtypUxhRb-2Dqodzz05uTmDcyB4I7MAKvEHNI-5FQPxkG2VkZTY02PaVAB75TS9i2yr0AGoQwGwSxuOPBeNjO9xBZwJT80rqoHp457sjFwvk9sXTQNlkE2riskMYltJuy7NHur3-2D6adW7QSBeBpOpK8D3lwb-5FbC4mqTO95om6yDs-2DlZznTHl6Aez5IlXeRKpRxt0Zv5MGUttISwU72GosppeZ8qjEwuwbtj4t-2DhsdSOMNkvt-5FZdxCwGVRt6yjK09IYiGhUdJd8nybTtrFnb7khWVflBalY2f3qGnBrbQWTopeL9anXmEe3I1yFnpcfk5xmu4sVg0QFFcr8oZO67xLIktFogmRtIOl-2Dxn7-2DBtuzITk6B1eBCv5q3s5aMdiZDXO0v0giI3YF0LV9yxkvoqJsPu3xhvvvoqrHX1Qc-2DnuZ5g2WBbCfSvLRjCi7Ig5sVYNrI9C091UFB1OTyJuVShC-5FORmikKLXzdjq9GeQqNt8wQ5I3ucg-2DNqlxhR1hTkdz-2DeUu42tA6eCQivymiE8aEEzASdk6BL-5FjNnksjLRhIdaMZXZAeaLWaRIEevaL788X1E3KMC74O6JTzxXPbqLh5swqgjtRQoGbzeosjQgZ1lciwso249Ti1Gesgqc8-5FDhj4f2rM8flFSk-5FzuGTj0HgImdgTrvkvqsRovKGVQC-5FGh1LJTy6jJCGo2heH5-2D-5Fd6ljCqSo0D8OT4GQmjWzniqkisLVAZqfrnfHz2gtOJQIMw5dR6yi1x39xqAtXg-2D5bRN5uVmz86Oj6Il0fNRVgSs3URoyTeIZdkVBjiN3qW-5FnF32rOxV09OQGiF-5FLD9lvWs2yU39EG7pwRJL0aY1rOBqNWwvnJMsHGWNAF-2Dfd7mZsgakkfGUSuN1-2DLPgK6UgsBx2-5Fit92NnPZzS7gNNrZTx-5F09DpaxN1QBKhkRDmNV10HEtS-5FNzo&d=DwMFAQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=nd_0ZWqP5-KzdaWZtXSjszcklBG74jfT6xVTo8CTwTM&m=b_jNuHWhyblLq2-yfyxWd0Tu0-3ORCYk2ZJQB1dIoUx0uQJXsbY0iKRIvrbXsoRt&s=OpCcJOBJ3-jMFcNx6s8aB7kZb15qWCgXlD8T7YLg6_E&e=

Full analysis: https://app.any.run/tasks/86399ba0-c9ca-4b03-835c-313bc66656d0
Verdict: Malicious activity
Analysis date: April 15, 2025, 17:59:56
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
phishing
Indicators:
MD5:

568529B5BCF67473BB7E6A976E98B0BF

SHA1:

BDDD496A21F39F5ABA8F6A74C4638C6EAF3B5A2E

SHA256:

1EAA9B519197BF966BBB2549285CF201D273E2DA0727E495A84C321404364F72

SSDEEP:

96:5IQz9hC0tSjk+XxkQFa+IZJXF9muBe/h/8lzcLdRGSSny82z6Za3579e8ncyL:5IGhC0tSNXk15Y2RcL/LSyz6s5x3nF

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 7248)
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Checks supported languages

      • identity_helper.exe (PID: 7544)
    • Application launched itself

      • msedge.exe (PID: 1180)
    • Reads the computer name

      • identity_helper.exe (PID: 7544)
    • Reads Environment values

      • identity_helper.exe (PID: 7544)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
166
Monitored processes
37
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs #PHISHING msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs sppextcomobj.exe no specs slui.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1180"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://urldefense.proofpoint.com/v2/url?u=https-3A__url.us.m.mimecastprotect.com_r_djvuL7mYUbLSjWrnnlMRak7HYIVt7LW7QsholS5SlvrqYU17B4sptqDUK2SgHv7jDfwvov53gTs6-2DiDuRNFhCxW0-2DTYMmpUXVVLl083BaG1jmRayCo3p7vcoOj8e-2DlMPCOKBKICagIlYUWaL3g-2DCypx5I-5FgTCVbP0qj6BfQhfawg1TNMvuucXQzheEm0sMCiOTPqpw-2D-5FDgysY8geDQVcWTroqaFafxY9omu3A0pNIFv62I71hgPcBvFZA6ipGNGsuaWIIBpGfcaDPaQ2K-2DPJ9yWWSajFssru-2DrGh0dUe3qhYvbFnToxVtVjUJ8ZDtmhOKaKjlMa06RrW0BWfPKH10XWe1gmj8kEJxJXgzBC7W5afT-2D5-2DKWvvXYWt9HXvkJONTgTspEAvrSVr-2DxPesX6CaOWopCxl55BGJZOskVLVYBTQ4scuczogFZjNf8IuHe9zjxhQoshIScZA1eiuh0VotFMXT7smCFdJAEXePmi3Wu74TUA7VAwtJ503UilFutTD3OZOXrXAKlsO8Wz0AbpyM0Zphp0qsCDu0WSzrZqF3eVgjBIPHOcE680jm0lBVwJXHOEYDyyUuyDhGTk-5F-5FKhs5k3MjBE8Yogi0N2CoyEYHITF33ckjg5FdKAmX2I6F7WgFed8Bwy2gThf2fKufSLevxAibFs9-2DcYsTLFVVfgvmLqtfBe6HbNm-5FVrdLhKFvahHQz-5FUnLLkgMA-5FQSq6WFwq0O6uIppgoTUnTrWkHIEWxlR9fqRCF4S2TBTaIeuW-5FRN00vCnSwIM30BPEYdExRmBzSxk1jPR9ouKyTE5GTE9armIkeyDNdxY256w27TNTuTD8pUXDqwtB2x9BARHhXyl3R9heI7FbXeb4-5FQrHvOVM3khGUzcj1nPRJL1g9W-2DmC0kpK6-2DgSDx-2DtjgBBMJqG-2DJTW-2DW14ON3IojsLA3H965NTuIqcJWDh4mLU8lBIAubuXj4G3KTLZba9yMECapb3YIlN6Nxji7PL-2Dx7K4SrSPmiwti-5FCKd9Jl0clY-2DOD0P9vxKhwELkCfSYHcHFiraWUAf6OcM31GqYnEoq7sQvGc5VAe2Vug8ibEzeuvxEyNxiHRTbhw1driD8Vo2PPKZWD2Cj0w-5Fou8-5FvTZwHDcsrRghXhTw7vMiFhHl12WEd2GnkJvRn-5FStyNyqGyFlW-5FvLIFFrGCKoAHjeX-5Fq-2DsWUimsCrYbTvbVRioD0GXmpMXDqUBVw0DhB1ySCAZxg7T2RgLN8DtlOBvpY825e2zpLTYW9PA-2D976jzNmjUKHJUJKKToDV5jfKZGWdLEHE35Sj-2DlGn8sc48bYRlG7u8iMTUn3IUM9zUYPTDma-5FMo5dtTjKMjmmdyNhb-2D1z6w8Uj8VuhOkZj68F38rksxr7o7QUeIJ0cxANVevU1x-2DX1208l61tSFrqt0a6P1AG4VoAYBBHp6EdPzVFJGvePezUWKTFPPZWT828unMzOfAV04DxzYP36ANk69mw71MGCvILEdFxYz2A7kcah-5Fi9-2DZmbf4Kkw-5FQpNjYz7UHq-2DTKeJ5XdZBDnT4CZ9U00lDqjwxegD3q9c-5FA7S5pEcmtnuHtTsWDxYINERQSPsCb00-2DmH-5FTwc8nSn53pDjpkL37NyCkygzAqpQuLtvygKL83qUMvcwimFiy9iRX1ON3dc7xsiOV12mjItRXbMcA6y2A8zYl-2D4m81UqZwcstwNfqFCSN1YxibfldEWM-2DTxddViKUUqDgmSQe8l7FUCQAWT2ROrvES9hGiVZxSuHRdux5eEfyrwodyNdpMiWtiMjumEPjMadjuViIQ8XQrH-5F-5Fl8yt7Z-2DAPZGaTt7o-2DII6JxIX-5Fmt9EWmf81uo2r9l8UYk7mBoe9V9fyb2Tk6frMb1Lfm016xjshRHwR2qOMDUYfr4VwF3BQeYhYh19j3ZbDjGZf3-5Fi-5FCIEjhl1braRj9jnpU-5Fc-5FlT-5F8IVNQ6adiktEviSzELzx6NipTTbmbZjSvfXhb3FuYntqAHNXM4x9acRc8qRo5-5Fn-2DOaVXe7KSGWTERjK-2DLQcsSl9wLZyRTS8s26vP-2Ds3urztAYJaZGuz2z-2DEvkQzWZ-5FEPb44-5F4lcN9Z2SWwnD2dd98pv5PdMJdr37kWvGKz1EfHxBjHuOgOLRpsQ8nJBrCo7PVL0jUth2V1b-2DrGoM3X-2DE1pleex7mPJcnDVZQSnE6vyAhV6ebdBFhvczag3Nd4dX6wxlWjMBTpqFy-2DppGdryXUoOjpcdhJHyVtPrGr2lBOttsA8trXF9Kk8VNoJi7LYsxhqAAcA67px-5FtjmQ1UF33mLM46kPG3NQsTP4oYODvSMWIEWsTMUR7znvbwKCtjNBUluJKJk0LyxPMjk6q2s011KGYLhj7qdX9y2H2MdHUvzRCGDOSkW9fBhv1tXSbmQ8PK-5FUl8qsJBqqX5mCauLKTvYEU-2DVV9z6xMeUAXVsofZie5n1gAh-5FtONLPonI6WFiWXldDev6sX-2DePfxYAkg1FiuYF4lDprbBVDajD1syI3fcKmXyL4OtoDU5soRXs15xG4mBI9rxwCx6qUcHDDhsA3yGcIoUwCo0h3jd94POUkjXUHnQPxI21YU1OlseHRc-5F4i-2D5oGwNil7HGSFa05x6XjgyMxE1dJrBksMG3EMkPm5JDXV6F-5F01Id4zemaoZgzooEh-5F7fv1E4Zv3mE1qdYUsorfnHlmQs7ASpv9l3gGSRkrARskqTZ4x-5Fy5oew6kflzRIj7-2Da8xMPESmp4Ss4ysUv0BYOs7qyz50af3NUaft-5FZHoHG2omhT0-2Dm5SUZLO8eFxJgYR9B0LCmtaUlxE-5Fzhrf65vPvj09uu-5F9ooIQn0SOUz2XzNOSUcB1SfIUxSHGuQHxx1mdUOV-2DkWq8gjzkXPH7o5rqzHT440EE1bZFO2-2DdB69WZuGRGhCwR8-2D6fUNe9sHEcfVFJZMRfCDRJpyBddQR3k1d8xLEdt69UQ8jzdsPhXcIwHXohaHCZWkpb-5FnU1LGnWmoNTXTf2ObuXuNkoJVECqkDMWrTJpoVasChvrWli5pAPEY5soALmEjeoGMIF6Hz-2DpmEREulECXlldG9gpC2XP0Y4VyOKzA4A2j3sPDWBZC62iJqmJf5AIRgEqUQ75KriJKCgRA-2Dj7HsVGUyukVsrYpzyQeagJuEe96BbYbFIPdEpzxack4vbeBgqvtnggnsxgF6vrUASb9x4Hiw1JdCBLx7bQU-5F-5Fqfy4q-5FmQ4OCFse4Xn7fNOq-2D1FmaOKDr0qjVUnKBCh9lQzt3rRixmtEMdnhubhUSEzxHkmdwIh8BkYJOkx2w62wwFirwUPMCVPy94lVPWLW-2DuHrOleEAaa20xNsBKGYcAs4GmCVU8dKkztp32GnfJf1ydkOAPm6oUBJzWgwMrd6ebt1C1kdJCeSxdSXCaG8aSdYOu1iQDa7TNMP4FuPQvkUrx90mAYbmuDzb856LqJN-2Ddk7k8yv2iuQf1yml0Dy0YXCH3HVt-5FJ0Nvjqr1WjpDG4OcBQSYf-5F5dDSLS4TBwsFEt8CRAVf3fSScBMvf12-2DOPaEFL9B2ZE7N76zHl8f5c4nHhkqDBzwGJ0px8X3HVRFS8J5DaMRwDBlloXGiTUd-2Dr0ms57AGjDPw0rxEixXmFze18TpWk0zceCxayfhK6rk-2DJt1IFOY8Hirr6zmmatyXGOR9qgY9WFjNTUY71f06Fy5uFStzAtypUxhRb-2Dqodzz05uTmDcyB4I7MAKvEHNI-5FQPxkG2VkZTY02PaVAB75TS9i2yr0AGoQwGwSxuOPBeNjO9xBZwJT80rqoHp457sjFwvk9sXTQNlkE2riskMYltJuy7NHur3-2D6adW7QSBeBpOpK8D3lwb-5FbC4mqTO95om6yDs-2DlZznTHl6Aez5IlXeRKpRxt0Zv5MGUttISwU72GosppeZ8qjEwuwbtj4t-2DhsdSOMNkvt-5FZdxCwGVRt6yjK09IYiGhUdJd8nybTtrFnb7khWVflBalY2f3qGnBrbQWTopeL9anXmEe3I1yFnpcfk5xmu4sVg0QFFcr8oZO67xLIktFogmRtIOl-2Dxn7-2DBtuzITk6B1eBCv5q3s5aMdiZDXO0v0giI3YF0LV9yxkvoqJsPu3xhvvvoqrHX1Qc-2DnuZ5g2WBbCfSvLRjCi7Ig5sVYNrI9C091UFB1OTyJuVShC-5FORmikKLXzdjq9GeQqNt8wQ5I3ucg-2DNqlxhR1hTkdz-2DeUu42tA6eCQivymiE8aEEzASdk6BL-5FjNnksjLRhIdaMZXZAeaLWaRIEevaL788X1E3KMC74O6JTzxXPbqLh5swqgjtRQoGbzeosjQgZ1lciwso249Ti1Gesgqc8-5FDhj4f2rM8flFSk-5FzuGTj0HgImdgTrvkvqsRovKGVQC-5FGh1LJTy6jJCGo2heH5-2D-5Fd6ljCqSo0D8OT4GQmjWzniqkisLVAZqfrnfHz2gtOJQIMw5dR6yi1x39xqAtXg-2D5bRN5uVmz86Oj6Il0fNRVgSs3URoyTeIZdkVBjiN3qW-5FnF32rOxV09OQGiF-5FLD9lvWs2yU39EG7pwRJL0aY1rOBqNWwvnJMsHGWNAF-2Dfd7mZsgakkfGUSuN1-2DLPgK6UgsBx2-5Fit92NnPZzS7gNNrZTx-5F09DpaxN1QBKhkRDmNV10HEtS-5FNzo&d=DwMFAQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=nd_0ZWqP5-KzdaWZtXSjszcklBG74jfT6xVTo8CTwTM&m=b_jNuHWhyblLq2-yfyxWd0Tu0-3ORCYk2ZJQB1dIoUx0uQJXsbY0iKRIvrbXsoRt&s=OpCcJOBJ3-jMFcNx6s8aB7kZb15qWCgXlD8T7YLg6_E&e="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2096"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --no-appcompat-clear --mojo-platform-channel-handle=5428 --field-trial-handle=2336,i,6347065372868912976,5708471701947536505,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4040"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5484 --field-trial-handle=2336,i,6347065372868912976,5708471701947536505,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4244"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6420 --field-trial-handle=2336,i,6347065372868912976,5708471701947536505,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4688"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x300,0x304,0x308,0x280,0x310,0x7ffc87fc5fd8,0x7ffc87fc5fe4,0x7ffc87fc5ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4756"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5616 --field-trial-handle=2336,i,6347065372868912976,5708471701947536505,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4988"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6668 --field-trial-handle=2336,i,6347065372868912976,5708471701947536505,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5064"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6660 --field-trial-handle=2336,i,6347065372868912976,5708471701947536505,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5244"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4092 --field-trial-handle=2336,i,6347065372868912976,5708471701947536505,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5608"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6556 --field-trial-handle=2336,i,6347065372868912976,5708471701947536505,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
4 422
Read events
4 407
Write events
15
Delete events
0

Modification events

(PID) Process:(1180) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(1180) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(1180) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(1180) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(1180) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
C26E82386B912F00
(PID) Process:(1180) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
4DE68D386B912F00
(PID) Process:(1180) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\262786
Operation:writeName:WindowTabManagerFileMappingId
Value:
{C0E55052-71DE-46EA-9B34-F5C52D92F8CF}
(PID) Process:(1180) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\262786
Operation:writeName:WindowTabManagerFileMappingId
Value:
{9D63F403-F164-4F2A-B123-A48D5ECC29B4}
(PID) Process:(1180) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\262786
Operation:writeName:WindowTabManagerFileMappingId
Value:
{824F8538-0461-4314-AE3B-5B3D8C5DD4AB}
(PID) Process:(1180) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
88CE05396B912F00
Executable files
6
Suspicious files
55
Text files
27
Unknown types
0

Dropped files

PID
Process
Filename
Type
1180msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF10c70b.TMP
MD5:
SHA256:
1180msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF10c70b.TMP
MD5:
SHA256:
1180msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
1180msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF10c71a.TMP
MD5:
SHA256:
1180msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF10c71a.TMP
MD5:
SHA256:
1180msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
1180msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
1180msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
1180msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF10c73a.TMP
MD5:
SHA256:
1180msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
42
DNS requests
52
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
GET
200
23.48.23.153:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1228
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
1228
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
23.48.23.153:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1180
msedge.exe
239.255.255.250:1900
whitelisted
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
7248
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7248
msedge.exe
150.171.28.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7248
msedge.exe
13.107.253.45:443
edge-mobile-static.azureedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7248
msedge.exe
13.107.6.158:443
business.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7248
msedge.exe
52.6.56.188:443
urldefense.proofpoint.com
AMAZON-AES
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 23.48.23.153
  • 23.48.23.140
  • 23.48.23.141
  • 23.48.23.147
  • 23.48.23.143
  • 23.48.23.146
  • 23.48.23.164
  • 23.48.23.156
  • 23.48.23.161
whitelisted
google.com
  • 142.250.181.238
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.253.45
whitelisted
urldefense.proofpoint.com
  • 52.6.56.188
  • 52.204.90.22
  • 52.71.28.102
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
bzib.nelreports.net
  • 23.53.40.8
  • 23.53.40.56
whitelisted

Threats

PID
Process
Class
Message
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing Domain (doghouse .com .tr)
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing Domain (doghouse .com .tr)
No debug info