| URL: | https://excelonline8394-nsb.miadean.info/dltp88o8/read.php?pro=stn498 |
| Full analysis: | https://app.any.run/tasks/d21443b2-534d-4760-9a49-5e68ee85a4ff |
| Verdict: | Malicious activity |
| Analysis date: | April 07, 2026, 05:45:00 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Tags: | |
| Indicators: | |
| MD5: | 270676F259D0F1FD119A270B6BBD50CD |
| SHA1: | 04A17A874EF62077EF91C4E5B2EC98C776F201A3 |
| SHA256: | 24E96C8680D78D466A67AB6DD33E995FEE4251F384A6FEB8938E01AC87E79818 |
| SSDEEP: | 3:N8+ArB8Fj/MhrdA+GWRL6d:2+cB8F6C+Bt2 |
MALICIOUS
PHISHING has been detected (SURICATA)
- msedge.exe (PID: 7028)
SUSPICIOUS
No suspicious indicators.INFO
No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
152
Monitored processes
1
Malicious processes
1
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 7028 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --webtransport-developer-mode --string-annotations --always-read-main-dll --field-trial-handle=2256,i,13378875761215938322,9620771509043916482,262144 --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:3 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | msedge.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Version: 133.0.3065.92 Modules
| |||||||||||||||
Total events
0
Read events
0
Write events
0
Delete events
0
Modification events
Executable files
0
Suspicious files
1
Text files
4
Unknown types
8
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b6 | binary | |
MD5:BE94BE93DF7B7853B4585153CE3D8764 | SHA256:35A7046BDF0CA242AC5C331CB7319AB660A029CE7CC36F17D54D43CD8418A538 | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ba | binary | |
MD5:373C5BFDE8DAB5190258BA2BB62C1D12 | SHA256:C28013B8A76E02E213229DA7DE13EF50AF6EC6A40237D908BAEB12F4A00A084C | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b5 | text | |
MD5:DD5E5819B692DD2277B28807AA4FF9A7 | SHA256:B5A080717A0D8EE2B9877A148E2208B53D6C287100E36D35B75119EA6CCA2175 | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b8 | binary | |
MD5:DA7D3AFA81CA3F0769FB85F58E55B47C | SHA256:53E2E695462E89A66C56D328D8BAEC8151800BE05B878370A38601E5438B3D82 | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b7 | binary | |
MD5:0C9B68CD1BEA4CED9029E4A2661D4A5D | SHA256:95B84494A3A50E0783275A4A29494CFF6E9DC9F6ED1784DC5588D82A68D0BEE2 | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b9 | binary | |
MD5:2A86EF0B707AF3674F5797A98FEFF774 | SHA256:B017DF1DEFE56BB74395E69CF291BEEA481D7F97CDBE2CD50E9EA9F86F5570CA | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bb | binary | |
MD5:6D973C8B7E2439D958E09C0A1AB9FE50 | SHA256:F3C122DC227E829ED96B2A754296809201BD78ABBAD7BA50EF5079654E1CC894 | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bc | compressed | |
MD5:F3AD19FDBD15A27B32A4D25E49CC266E | SHA256:3A657EDDEC2905CE29950E37A3CC78C6839AFC858FE26A89490A1502BE032D13 | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000be | binary | |
MD5:6D973C8B7E2439D958E09C0A1AB9FE50 | SHA256:F3C122DC227E829ED96B2A754296809201BD78ABBAD7BA50EF5079654E1CC894 | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\2f3b9127-aab1-4146-9af3-82e56ec1488c.tmp | text | |
MD5:F054A7D6E382DF24018FE84986B710A2 | SHA256:4E5235C6B40BCE6C5FD0554D554FCDB38E8016DCDDFA9CAB63103407CAF8DAEB | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
78
TCP/UDP connections
90
DNS requests
66
Threats
32
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
7880 | RUXIMICS.exe | GET | 304 | 51.124.78.146:443 | https://settings-win.data.microsoft.com/settings/v3.0/WSD/RUXIM?os=Windows&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3623&OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&FlightRing=Retail&AttrDataVer=188&App=RUXIM&AppVer=&DeviceFamily=Windows.Desktop | US | — | — | whitelisted |
5336 | MoUsoCoreWorker.exe | GET | 304 | 51.124.78.146:443 | https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3593&FlightIds=&UpdateOfferedDays=344&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%206%20Model%2014%20Stepping%203&sku=48&ActivationChannel=Retail&AttrDataVer=188&IsMDMEnrolled=0&ProcessorCores=4&ProcessorModel=Intel%28R%29%20Core%28TM%29%20i5-6400%20CPU%20%40%202.70GHz&TotalPhysicalRAM=4096&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260246&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30 | US | — | — | whitelisted |
7760 | svchost.exe | HEAD | 200 | 95.101.176.121:443 | https://fs.microsoft.com/fs/windows/config.json | US | — | — | whitelisted |
5168 | svchost.exe | GET | 200 | 23.216.77.28:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | NL | binary | 825 b | whitelisted |
7028 | msedge.exe | OPTIONS | 200 | 35.190.80.1:443 | https://a.nel.cloudflare.com/report/v4?s=v4zZUFELxgIuZp5nq9527rL%2F%2BPsJjqMhrh9xa6STvK%2FP%2FiAMiZFh7Yp1otbIZSqaXk5aWzT6%2BHv4NkZr4ZpBlO7nEWva6zKx73MukJferBTnekpqcUW0BCp3Mj7Z%2FQ1MfLFGblvprqALyOq2fT2N%2B3NcbnQSFvYNNSWwl8d9Rg%3D%3D | US | — | — | — |
7880 | RUXIMICS.exe | GET | 200 | 23.216.77.28:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | NL | binary | 825 b | whitelisted |
5336 | MoUsoCoreWorker.exe | GET | 200 | 23.216.77.28:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | NL | binary | 825 b | whitelisted |
5168 | svchost.exe | GET | 200 | 92.122.17.157:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | US | binary | 814 b | whitelisted |
5336 | MoUsoCoreWorker.exe | GET | 200 | 92.122.17.157:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | US | binary | 814 b | whitelisted |
7028 | msedge.exe | POST | 200 | 35.190.80.1:443 | https://a.nel.cloudflare.com/report/v4?s=v4zZUFELxgIuZp5nq9527rL%2F%2BPsJjqMhrh9xa6STvK%2FP%2FiAMiZFh7Yp1otbIZSqaXk5aWzT6%2BHv4NkZr4ZpBlO7nEWva6zKx73MukJferBTnekpqcUW0BCp3Mj7Z%2FQ1MfLFGblvprqALyOq2fT2N%2B3NcbnQSFvYNNSWwl8d9Rg%3D%3D | US | — | — | unknown |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
5168 | svchost.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
7880 | RUXIMICS.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
5336 | MoUsoCoreWorker.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
— | — | 224.0.0.251:5353 | — | — | — | whitelisted |
7028 | msedge.exe | 188.114.96.3:443 | excelonline8394-nsb.miadean.info | CLOUDFLARENET | US | whitelisted |
5168 | svchost.exe | 23.216.77.28:80 | crl.microsoft.com | AKAMAI-ASN1 | NL | whitelisted |
7880 | RUXIMICS.exe | 23.216.77.28:80 | crl.microsoft.com | AKAMAI-ASN1 | NL | whitelisted |
5336 | MoUsoCoreWorker.exe | 23.216.77.28:80 | crl.microsoft.com | AKAMAI-ASN1 | NL | whitelisted |
5168 | svchost.exe | 92.122.17.157:80 | www.microsoft.com | AKAMAI-AS | US | whitelisted |
7028 | msedge.exe | 35.190.80.1:443 | a.nel.cloudflare.com | GOOGLE-CLOUD-PLATFORM | US | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
excelonline8394-nsb.miadean.info |
| unknown |
crl.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
a.nel.cloudflare.com |
| whitelisted |
www.bing.com |
| whitelisted |
fs.microsoft.com |
| whitelisted |
challenges.cloudflare.com |
| whitelisted |
cdnjs.cloudflare.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
7028 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare Network Error Logging (NEL) |
7028 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare Network Error Logging (NEL) |
5168 | svchost.exe | Unknown Traffic | ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW) |
7028 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge |
7028 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge |
7028 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge |
7028 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com) |
7028 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com) |
7028 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] BootstrapCDN (maxcdn .bootstrapcdn .com) |
7028 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] BootstrapCDN (stackpath .bootstrapcdn .com) |