URL:

https://e.vg/976279870591

Full analysis: https://app.any.run/tasks/6656f65a-db61-4ba3-998d-19b2d338f291
Verdict: Malicious activity
Analysis date: May 10, 2025, 03:22:28
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
phishing
Indicators:
MD5:

33E01AE5A7FC415D7CE30EA396F93F4F

SHA1:

F47656D82C2E964C5CEFFDFD6018E62BD0FF12F6

SHA256:

23B88755A9D947644E019EB65FBF44CEBF4644ABC70130557F851AE2F9B96ED5

SSDEEP:

3:N8VKQ3Un:2VKT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 1396)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
148
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
#PHISHING msedge.exe

Process information

PID
CMD
Path
Indicators
Parent process
1396"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --webtransport-developer-mode --no-appcompat-clear --mojo-platform-channel-handle=2532 --field-trial-handle=2372,i,8504447382059928769,14367336096275567116,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
1
Suspicious files
30
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
1396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000batext
MD5:638A4990025383A0F83EBF29BDB84A68
SHA256:878E34B89800BB271D3588E526EB3598EB3822E263F3BDAF53645847D39D0AD6
1396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bdcompressed
MD5:28B83B37F24561D487E21A86066E5C8E
SHA256:21B819A855E1875B84C8DE95AF5589E4950983A1B76340B7C08BD7838F8237DA
1396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000becompressed
MD5:CD9956D2B6201B91899207BB167832A7
SHA256:E357F17301202634BF112FBECDE34147CCD4E49FB8E973831195A718CFACF770
1396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bfcompressed
MD5:B129DD4C4DD1FC434965E17DB982296D
SHA256:6660D544292D6F8081C0DFE08EA30D9CE91259AB8CE3FCB063730DE193EF6E89
1396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c1compressed
MD5:14F91CAFBFD4E524F311A37973E6E481
SHA256:5A6DDE631FF5FC56D2EE4B0717C9770A07051DE1A1D17FCB5B7D772BE576E9B9
1396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c4compressed
MD5:5856BAF64A567ECFDAE586266F3D61EB
SHA256:1E444AD555E3F20E67F505E40F30ED3E67D5906610EE677281B367801E51EF66
1396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c0compressed
MD5:4D5D6DB17933982FAF2FF0C6180A4B21
SHA256:40F46CC932F1C2F06F7D7929C462EB7969F3F06B9BB179F33342F0B3FEEE139F
1396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c2compressed
MD5:F9E969A5FF052424471F3B3C656FD229
SHA256:0B6875FF3955B3F51370572FB12E0F30FB0581700D2897A107168069C36CD70F
1396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c3compressed
MD5:A8DB01FBB7A3BA40C5523954BD0CB283
SHA256:11DE86102895AD7F025A40CB2FEE6AAE9F6F4375C34136FDF5350E1EF23CF82E
1396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c6image
MD5:EAA918479400786006BC5A37E77075A2
SHA256:69A47EA33E7FA0226B9F23B5837A9075F36A0FFC2E7ADC2F5B30F564E1DAD09C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
95
TCP/UDP connections
89
DNS requests
56
Threats
13

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
2.23.227.215:443
https://www.bing.com/bloomfilterfiles/ExpandedDomainsFilterGlobal.json
unknown
binary
654 Kb
whitelisted
GET
200
172.64.145.151:443
https://store.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=CG8Em6e-Ozq3&l=russian&_cdn=cloudflare
unknown
text
17.8 Kb
whitelisted
GET
200
104.18.42.105:443
https://store.cloudflare.steamstatic.com/public/javascript/main.js?v=wZOkh5CBgIrx&l=russian&_cdn=cloudflare
unknown
binary
86.4 Kb
whitelisted
GET
200
172.64.145.151:443
https://store.cloudflare.steamstatic.com/public/javascript/dynamicstore.js?v=OzwSXx1UJWs8&l=russian&_cdn=cloudflare
unknown
binary
88.2 Kb
whitelisted
POST
200
40.126.31.73:443
https://login.live.com/RST2.srf
unknown
xml
1.24 Kb
whitelisted
GET
200
172.64.145.151:443
https://store.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=2C1Oh9QFVTyK&l=russian&_cdn=cloudflare
unknown
text
2.54 Kb
whitelisted
GET
200
172.64.145.151:443
https://store.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=7sR4EhV3nKzm&l=russian&_cdn=cloudflare
unknown
text
86.1 Kb
whitelisted
GET
200
104.18.42.105:443
https://store.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=hFJKQ6HV7IKT&l=russian&_cdn=cloudflare
unknown
text
31.9 Kb
whitelisted
GET
200
172.64.145.151:443
https://store.cloudflare.steamstatic.com/public/css/v6/store.css?v=5_pmjscCAXNy&l=russian&_cdn=cloudflare
unknown
text
126 Kb
whitelisted
GET
200
104.18.42.105:443
https://store.cloudflare.steamstatic.com/public/css/styles_about.css?v=KuY6YbIF4rkW&l=russian&_cdn=cloudflare
unknown
text
29.8 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3080
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
239.255.255.250:1900
whitelisted
3484
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2848
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1396
msedge.exe
188.114.96.3:443
e.vg
malicious
1396
msedge.exe
104.21.48.1:443
steamescommunilty.com
unknown
4936
svchost.exe
20.190.160.3:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1396
msedge.exe
2.23.227.215:443
www.bing.com
Ooredoo Q.S.C.
QA
whitelisted
104.17.24.14:443
cdnjs.cloudflare.com
whitelisted
172.64.145.151:443
store.cloudflare.steamstatic.com
CLOUDFLARENET
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
whitelisted
google.com
  • 142.250.185.110
whitelisted
e.vg
  • 188.114.96.3
  • 188.114.97.3
malicious
steamescommunilty.com
  • 104.21.48.1
  • 104.21.64.1
  • 104.21.32.1
  • 104.21.80.1
  • 104.21.112.1
  • 104.21.16.1
  • 104.21.96.1
unknown
login.live.com
  • 20.190.160.3
  • 20.190.160.17
  • 20.190.160.64
  • 40.126.32.68
  • 40.126.32.140
  • 20.190.160.20
  • 20.190.160.128
  • 20.190.160.22
whitelisted
www.bing.com
  • 2.23.227.215
  • 2.23.227.208
  • 2.19.96.128
  • 2.19.96.120
whitelisted
store.cloudflare.steamstatic.com
  • 172.64.145.151
  • 104.18.42.105
whitelisted
cdnjs.cloudflare.com
  • 104.17.24.14
  • 104.17.25.14
whitelisted
code.jquery.com
  • 151.101.66.137
  • 151.101.2.137
  • 151.101.130.137
  • 151.101.194.137
whitelisted
a.nel.cloudflare.com
  • 35.190.80.1
whitelisted

Threats

PID
Process
Class
Message
Misc activity
ET INFO URL Shortening Service Domain in DNS Lookup (e .vg)
Misc activity
ET INFO URL Shortening Service Domain in DNS Lookup (e .vg)
Misc activity
ET INFO Observed URL Shortening Service Domain (e .vg in TLS SNI)
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing Fake Steam Domain 2
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing Fake Steam Domain 2
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://e.vg/976279870591