URL:

steamrip.com

Full analysis: https://app.any.run/tasks/400237f3-04e5-42bc-9b35-33dfb4a1ac4a
Verdict: Malicious activity
Analysis date: April 29, 2026, 00:56:20
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
websocket
fingerprinting
MD5:

DCF79308244A98B21036EE0C408F4BD6

SHA1:

39AE2EE7505F946624F67962B59D611B9844C0F2

SHA256:

387AC6FC8ABE31EFC70CC63A2047CE95E86B2E9C3EC477111832435B05EBEBB9

SSDEEP:

3:kqMVyT:kqUyT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
239
Monitored processes
1
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
msedge.exe

Process information

PID
CMD
Path
Indicators
Parent process
7028"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --webtransport-developer-mode --string-annotations --always-read-main-dll --field-trial-handle=2256,i,13378875761215938322,9620771509043916482,262144 --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
4
Suspicious files
63
Text files
224
Unknown types
1

Dropped files

PID
Process
Filename
Type
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b8binary
MD5:E0B6AD099254EEF1B4AF5EBABC087E1C
SHA256:78989261AAA10D51836F6CB83425753FBE9284E5BD064BBFD711938A42003E76
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b6binary
MD5:D1BC672067674BADF9F9BA8DBE166E91
SHA256:32C587D7A371D10E6CD5FC907DFABEA9D6D233C8289FEA46FF7C34096EFF33A4
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b7text
MD5:27071D879D88E49DFC9E0E586E633ACF
SHA256:90FE9531D28822B4F51D2C5B7B18FED059195D3FC9D47E940310DA82635D891B
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b9binary
MD5:A06DA7F0950F9DD366FC9DB9D56D618A
SHA256:5D9190292ACDD48BA0FC35080F7E7448F3CDF0D79199A4D23F0F49B5341FDF29
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000babinary
MD5:B15DB15F746F29FFA02638CB455B8EC0
SHA256:7F4D3FD0A705DBF8403298AAD91D5DE6972E6B5D536068EBA8B24954A5A0A8C7
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b5text
MD5:0302DED9EEDD0B8C916FA6E13B0E6BB5
SHA256:94B3B774E94F16C733EEDA3B911ACB05708BE38BAA68DD8870ED492430295B4E
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bfimage
MD5:85DB79BA2983FC1589976256466D0F66
SHA256:37513CB0E755E2832D8DD3F27F8F53289D9A374A956F5AB435CB46F1EFB142B5
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bebinary
MD5:403329226E74C7EE1E8F25F300672C07
SHA256:AF2783E116827CFD6E14284CC9D428173F53A27C3183FB4F8D43F1A925AC1FFB
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bdbinary
MD5:F4F8F939CD19B7D3FA19B4BBCC21A1F6
SHA256:C187F8135BBA78F31CC83CCDAD95BF03ED96A8D0D6331DB2EF3A72C59718E21A
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c8image
MD5:9281CA9D095A23F66B2CF2EB583BD7F3
SHA256:9D7E56055E39059269EF7AB2781D5AA3F990CFD0BCB0B244AC3C95D3316DBEB7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4 149
TCP/UDP connections
510
DNS requests
452
Threats
93

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
172.67.70.25:443
https://steamrip.com/
US
html
173 Kb
unknown
5512
RUXIMICS.exe
GET
304
20.72.205.209:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/RUXIM?os=Windows&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3623&OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&FlightRing=Retail&AttrDataVer=188&App=RUXIM&AppVer=&DeviceFamily=Windows.Desktop
US
whitelisted
7368
svchost.exe
GET
200
20.72.205.209:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/WaasMedic?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&appVer=10.0.19041.3758&ring=Retail&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4
US
text
3.41 Kb
whitelisted
7368
svchost.exe
GET
200
184.24.77.35:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
5512
RUXIMICS.exe
GET
200
184.24.77.35:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
5336
MoUsoCoreWorker.exe
GET
304
20.72.205.209:443
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3593&FlightIds=&UpdateOfferedDays=344&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%206%20Model%2014%20Stepping%203&sku=48&ActivationChannel=Retail&AttrDataVer=188&IsMDMEnrolled=0&ProcessorCores=4&ProcessorModel=Intel%28R%29%20Core%28TM%29%20i5-6400%20CPU%20%40%202.70GHz&TotalPhysicalRAM=4096&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260246&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30
US
whitelisted
7028
msedge.exe
GET
200
172.67.70.25:443
https://steamrip.com/cdn-cgi/speculation
US
text
128 b
unknown
7028
msedge.exe
GET
200
2.16.204.141:443
https://www.bing.com/bloomfilterfiles/ExpandedDomainsFilterGlobal.json
unknown
text
665 Kb
whitelisted
7028
msedge.exe
GET
200
172.67.70.25:443
https://steamrip.com/wp-content/themes/jannah/assets/css/base.min.css?ver=7.6.5
US
text
39.7 Kb
unknown
7028
msedge.exe
GET
200
172.67.70.25:443
https://steamrip.com/wp-content/themes/jannah/assets/css/style.min.css?ver=7.6.5
US
text
131 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
7368
svchost.exe
20.72.205.209:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5512
RUXIMICS.exe
20.72.205.209:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5336
MoUsoCoreWorker.exe
20.72.205.209:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4296
msedge.exe
224.0.0.251:5353
whitelisted
7028
msedge.exe
2.16.241.218:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
7028
msedge.exe
104.26.2.12:443
steamrip.com
CLOUDFLARENET
US
whitelisted
7368
svchost.exe
184.24.77.35:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5512
RUXIMICS.exe
184.24.77.35:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5336
MoUsoCoreWorker.exe
184.24.77.35:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
7028
msedge.exe
142.251.127.95:443
ajax.googleapis.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.72.205.209
  • 20.73.194.208
  • 40.127.240.158
whitelisted
google.com
  • 142.251.14.100
  • 142.251.14.101
  • 142.251.14.139
  • 142.251.14.138
  • 142.251.14.113
  • 142.251.14.102
whitelisted
www.bing.com
  • 2.16.241.218
  • 2.16.241.201
  • 2.16.204.141
  • 2.16.204.135
  • 184.86.251.22
  • 184.86.251.27
whitelisted
steamrip.com
  • 104.26.2.12
  • 104.26.3.12
  • 172.67.70.25
whitelisted
crl.microsoft.com
  • 184.24.77.35
  • 184.24.77.37
whitelisted
ajax.googleapis.com
  • 142.251.127.95
  • 142.250.154.95
whitelisted
cdnjs.cloudflare.com
  • 104.17.24.14
  • 104.17.25.14
whitelisted
fonts.googleapis.com
  • 142.251.14.95
  • 142.251.110.95
whitelisted
www.google-analytics.com
  • 142.251.14.100
  • 142.251.14.113
  • 142.251.14.101
  • 142.251.14.138
  • 142.251.14.139
  • 142.251.14.102
whitelisted
s.gravatar.com
  • 192.0.73.2
whitelisted

Threats

PID
Process
Class
Message
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
7368
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
steamrip.com