Malware analysis https://track.dsqlpt.asia/unsubscribe-v2.html?token=eyJlbnYiOiJwcm8iLCJlbWFpbElkIjoiMTI2MjA0NTM1MCJ9 Malicious activity

Add for printing

URL:	https://track.dsqlpt.asia/unsubscribe-v2.html?token=eyJlbnYiOiJwcm8iLCJlbWFpbElkIjoiMTI2MjA0NTM1MCJ9
Full analysis:	https://app.any.run/tasks/14cb16ba-21f8-43e9-b9fc-be5d7e8254fa
Verdict:	Malicious activity
Analysis date:	May 10, 2025, 01:30:39
OS:	Windows 10 Professional (build: 19044, 64 bit)
MD5:	766B2F5BA69F37246B499EA5948E56D2
SHA1:	7A6AAF838AB8A9F94E493205A439F8B10DF22E3F
SHA256:	2BEABF2B4AAA981D8D8218BC92BC01DCD8594B7C53173A440B8F245D7D0EEB13
SSDEEP:	3:N8fvsVRMeWFLRKTgJxqhGdOJOsPXs36mx:2n0RMeWxsTg2GdOAsPXs3T

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
No suspicious indicators.
INFO
No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

144

Monitored processes

1

Malicious processes

0

Suspicious processes

0

Behavior graph

Click at the process to see the details

Process information

PID	CMD	Path	Indicators	Parent process
1396	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --webtransport-developer-mode --no-appcompat-clear --mojo-platform-channel-handle=2532 --field-trial-handle=2372,i,8504447382059928769,14367336096275567116,262144 --variations-seed-version /prefetch:3	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe		msedge.exe
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Version: 122.0.2365.59

Add for printing

Total events

0

Read events

0

Write events

0

Delete events

0

Modification events

No data

Add for printing

Executable files

0

Suspicious files

15

Text files

0

Unknown types

0

Dropped files

PID	Process	Filename		Type
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF139b97.TMP		binary
		MD5:15D26FA4E16467BE658F42074AC0DBAA	SHA256:D287407BD901A32E3F38F4392984507184D596C3694FAA69DD0B2E68F9F3A8FE
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF148442.TMP		binary
		MD5:3140CB797498137E330D3CAE1AD5970A	SHA256:B4C87E65FB18FF2E4028E934653089C7DE70D854E7D861D9A1063189C5212119
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\c07c82d6-bdb4-4036-baf7-12a96ea482b1.tmp		binary
		MD5:3CB03858929AFEC0FC5DB3AF5DF76844	SHA256:B3961DE268FEC8AE8DEFC155D2BBAB76F22FB564F867A07BEE7CA12528709ECB
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF1496d0.TMP		binary
		MD5:83FFEA402016788A30F93F3AA4BE6586	SHA256:78968C643E93B5BDBD0A00E880CD1CDD0F59A74D78BA698F73F507738D09D1B4
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bb		compressed
		MD5:C4FCEFC4978E5534BDA58276F6897ABE	SHA256:02B00469442B0E3628B92E79717868D853EE59C7C82275C2B1753966F4E3319F
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity		binary
		MD5:83FFEA402016788A30F93F3AA4BE6586	SHA256:78968C643E93B5BDBD0A00E880CD1CDD0F59A74D78BA698F73F507738D09D1B4
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\77bb5a30-3e5f-4502-831f-a880dedadc07.tmp		binary
		MD5:3140CB797498137E330D3CAE1AD5970A	SHA256:B4C87E65FB18FF2E4028E934653089C7DE70D854E7D861D9A1063189C5212119
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\570a6ffd-78cc-4c46-ae80-5a6b87e7d4a9.tmp		binary
		MD5:83FFEA402016788A30F93F3AA4BE6586	SHA256:78968C643E93B5BDBD0A00E880CD1CDD0F59A74D78BA698F73F507738D09D1B4
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF13a01b.TMP		binary
		MD5:50823AF426E5FA5F5641C1004F470D3E	SHA256:599163927CC9E5640C868AEDD3B0B6EC79E6513970504124E417922D8AAAB7C3
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State		binary
		MD5:3140CB797498137E330D3CAE1AD5970A	SHA256:B4C87E65FB18FF2E4028E934653089C7DE70D854E7D861D9A1063189C5212119

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

57

TCP/UDP connections

64

DNS requests

41

Threats

5

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
3080	MoUsoCoreWorker.exe	GET	200	2.16.164.49:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
4052	RUXIMICS.exe	GET	200	2.16.164.49:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
4208	svchost.exe	GET	200	2.16.164.49:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
3080	MoUsoCoreWorker.exe	GET	200	2.23.246.101:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
4052	RUXIMICS.exe	GET	200	2.23.246.101:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
4208	svchost.exe	GET	200	2.23.246.101:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
—	—	GET	200	8.220.212.37:443	https://track.dsqlpt.asia/utils/common.js	unknown	—	—	—
—	—	GET	—	8.220.212.37:443	https://track.dsqlpt.asia/utils/common.js	unknown	—	—	—
—	—	GET	304	163.181.131.208:443	https://cdn.51wheatsearch.com/assets/images/email_marketing.svg	unknown	—	—	—
—	—	GET	304	163.181.131.216:443	https://cdn.51wheatsearch.com/assets/images/email_marketing.svg	unknown	—	—	—

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4052	RUXIMICS.exe	4.231.128.59:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
—	—	239.255.255.250:1900	—	—	—	whitelisted
3080	MoUsoCoreWorker.exe	4.231.128.59:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
4208	svchost.exe	4.231.128.59:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
1396	msedge.exe	8.220.212.37:443	track.dsqlpt.asia	—	SG	unknown
5848	svchost.exe	20.190.160.17:443	login.live.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
3080	MoUsoCoreWorker.exe	2.16.164.49:80	crl.microsoft.com	Akamai International B.V.	NL	whitelisted
4052	RUXIMICS.exe	2.16.164.49:80	crl.microsoft.com	Akamai International B.V.	NL	whitelisted
4208	svchost.exe	2.16.164.49:80	crl.microsoft.com	Akamai International B.V.	NL	whitelisted
3080	MoUsoCoreWorker.exe	2.23.246.101:80	www.microsoft.com	Ooredoo Q.S.C.	QA	whitelisted

DNS requests

Domain	IP	Reputation
settings-win.data.microsoft.com	4.231.128.59 20.73.194.208	whitelisted
google.com	216.58.206.78	whitelisted
track.dsqlpt.asia	8.220.212.37	unknown
login.live.com	20.190.160.17 20.190.160.22 40.126.32.133 40.126.32.68 20.190.160.4 20.190.160.130 40.126.32.136 20.190.160.14	whitelisted
crl.microsoft.com	2.16.164.49 2.16.164.120 2.16.168.124 2.16.168.114	whitelisted
www.microsoft.com	2.23.246.101	whitelisted
go.microsoft.com	95.100.186.9	whitelisted
www.bing.com	2.16.241.218 2.16.241.201 104.126.37.130 104.126.37.139 104.126.37.163 104.126.37.131 104.126.37.145 104.126.37.128	whitelisted
cdn.51wheatsearch.com	163.181.131.212 163.181.131.211 163.181.131.216 163.181.131.209 163.181.131.217 163.181.131.215 163.181.131.210 163.181.131.208	unknown
edge.microsoft.com	150.171.28.11 150.171.27.11	whitelisted

Threats

PID	Process	Class	Message
—	—	Potentially Bad Traffic	ET INFO HTTP Request to a *.asia domain
—	—	Potentially Bad Traffic	ET INFO HTTP Request to a *.asia domain
—	—	Potentially Bad Traffic	ET INFO HTTP Request to a *.asia domain
—	—	Potentially Bad Traffic	ET INFO HTTP Request to a *.asia domain
—	—	Potentially Bad Traffic	ET INFO HTTP Request to a *.asia domain

Add for printing

No debug info

General Info

https://track.dsqlpt.asia/unsubscribe-v2.html?token=eyJlbnYiOiJwcm8iLCJlbWFpbElkIjoiMTI2MjA0NTM1MCJ9

766B2F5BA69F37246B499EA5948E56D2

7A6AAF838AB8A9F94E493205A439F8B10DF22E3F

2BEABF2B4AAA981D8D8218BC92BC01DCD8594B7C53173A440B8F245D7D0EEB13

3:N8fvsVRMeWFLRKTgJxqhGdOJOsPXs36mx:2n0RMeWxsTg2GdOAsPXs3T

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

INFO

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings