Malware analysis https://streamingcommunityz.ooo/it/watch/77?e=1926 Malicious activity

Add for printing

URL:	https://streamingcommunityz.ooo/it/watch/77?e=1926
Full analysis:	https://app.any.run/tasks/93e0d9b9-a4e3-4d0e-9666-a4494b3283d1
Verdict:	Malicious activity
Analysis date:	April 25, 2026, 12:08:34
OS:	Windows 10 Professional (build: 19044, 64 bit)
Tags:	phishing
Indicators:
MD5:	1B2BA92D4BF0EDF2F1D7C9A344D69826
SHA1:	9ADFEB5F468A598F2A5F82ED15026666F2F88EE3
SHA256:	3B11C232879B5022008B8C3D66FF2BBB41C418FA4762C361A822B40D2F2B9875
SSDEEP:	3:N8cRNqQ4ZKKKINU5k:2cRgTZRKwUK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Add for printing

MALICIOUS
- PHISHING has been detected (SURICATA)
  - msedge.exe (PID: 7028)
SUSPICIOUS
No suspicious indicators.
INFO
No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

163

Monitored processes

1

Malicious processes

1

Suspicious processes

0

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

7028

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --webtransport-developer-mode --string-annotations --always-read-main-dll --field-trial-handle=2256,i,13378875761215938322,9620771509043916482,262144 --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Version:

133.0.3065.92

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

Add for printing

Total events

0

Read events

0

Write events

0

Delete events

0

Modification events

No data

Add for printing

Executable files

0

Suspicious files

28

Text files

68

Unknown types

0

Dropped files

PID	Process	Filename		Type
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b7		binary
		MD5:7CA490EC00F39EAEA923CBBAF7284244	SHA256:48C270A50EA7DF4EE2E88B189410D74875711817DD3202AFF8060BE81663C452
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b6		binary
		MD5:EA769921B0CFA4FC6D4D1A2E0B1FA5FF	SHA256:9AC2BD03FCDE501B3F30F47AB1FAE62161F87808EA6411F38E8FEAA4BBDDC42E
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b8		binary
		MD5:EEF593603F44A463A485BE7B6359A9FE	SHA256:5B27AF4455DA82D59D8A4FF27C908E46100AA2C4192BBFD961A6E790ADB52A3A
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c2		binary
		MD5:E31EB950866EF6DC0ED36F65A9A377AA	SHA256:7296B5591E2EE3A3A86CA67250383ADDE18EDCC49E418E99C972412BCE0EDE97
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c3		binary
		MD5:7FF84271F902FA4CA3747F0E624567C2	SHA256:3EB8DB1E94244C3DDBA943DDF41B2E8E5B98C2B5A4C6E0CC8010A825A2130F4B
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ba		text
		MD5:34135C09CBF6258C636D8D439088570E	SHA256:F4953C024B3DE41FB478C8F75419C952E2A6513C3D714F7AF64C3729DB69F925
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bc		binary
		MD5:870367B230866F8E5050FF439B3A757F	SHA256:C1D3DA4B7625CEB683DA23AD8F3CB8A869065E8B964A6C7A4E4AB87FA0363026
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b5		binary
		MD5:89DE291E8341B491F386FCD89736B5F6	SHA256:D6091BC43AFD60AC4CF73D11AB94004F179CFB8A9CFBB3FFD8FEF5911FFEB857
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c0		compressed
		MD5:A6C6BC2106D356B3F4E905FD5DDC9D2B	SHA256:473DC10B6A841360FBB2031316D2CB4E91BFCF9542796F87253D869C9D9D33D9
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bb		compressed
		MD5:A6C6BC2106D356B3F4E905FD5DDC9D2B	SHA256:473DC10B6A841360FBB2031316D2CB4E91BFCF9542796F87253D869C9D9D33D9

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

449

TCP/UDP connections

129

DNS requests

88

Threats

8

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
5188	svchost.exe	GET	—	51.124.78.146:443	https://settings-win.data.microsoft.com/settings/v3.0/WSD/WaasMedic?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&appVer=10.0.19041.3758&ring=Retail&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4	US	—	—	whitelisted
—	—	GET	200	188.114.97.3:443	https://streamingcommunityz.ooo/it/watch/77?e=1926	US	html	80.6 Kb	unknown
5188	svchost.exe	GET	200	23.216.77.28:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	NL	binary	825 b	whitelisted
7028	msedge.exe	GET	200	172.67.164.24:443	https://analytics.vixcloud.co/js/script.js	US	text	2.93 Kb	unknown
7028	msedge.exe	GET	200	92.123.104.8:443	https://www.bing.com/bloomfilterfiles/ExpandedDomainsFilterGlobal.json	unknown	text	665 Kb	whitelisted
7028	msedge.exe	GET	200	188.114.97.3:443	https://streamingcommunityz.ooo/build/assets/titles-entrypoint-BI8RmbUd.js	US	text	2.43 Kb	unknown
6152	RUXIMICS.exe	GET	304	51.124.78.146:443	https://settings-win.data.microsoft.com/settings/v3.0/WSD/RUXIM?os=Windows&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3623&OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&FlightRing=Retail&AttrDataVer=188&App=RUXIM&AppVer=&DeviceFamily=Windows.Desktop	US	—	—	whitelisted
5336	MoUsoCoreWorker.exe	GET	304	51.124.78.146:443	https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3593&FlightIds=&UpdateOfferedDays=344&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%206%20Model%2014%20Stepping%203&sku=48&ActivationChannel=Retail&AttrDataVer=188&IsMDMEnrolled=0&ProcessorCores=4&ProcessorModel=Intel%28R%29%20Core%28TM%29%20i5-6400%20CPU%20%40%202.70GHz&TotalPhysicalRAM=4096&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260246&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30	US	—	—	whitelisted
7028	msedge.exe	GET	200	188.114.97.3:443	https://streamingcommunityz.ooo/build/assets/titles--yOfksMy.css	US	text	23.1 Kb	unknown
7028	msedge.exe	GET	200	188.114.97.3:443	https://streamingcommunityz.ooo/build/assets/common-BdWCLAEh.css	US	text	28.0 Kb	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
5188	svchost.exe	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
6152	RUXIMICS.exe	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
5336	MoUsoCoreWorker.exe	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
—	—	224.0.0.251:5353	—	—	—	whitelisted
7028	msedge.exe	188.114.96.3:443	streamingcommunityz.ooo	CLOUDFLARENET	US	whitelisted
5188	svchost.exe	23.216.77.28:80	crl.microsoft.com	AKAMAI-ASN1	NL	whitelisted
6152	RUXIMICS.exe	23.216.77.28:80	crl.microsoft.com	AKAMAI-ASN1	NL	whitelisted
5336	MoUsoCoreWorker.exe	23.216.77.28:80	crl.microsoft.com	AKAMAI-ASN1	NL	whitelisted
7028	msedge.exe	104.21.65.144:443	analytics.vixcloud.co	CLOUDFLARENET	US	whitelisted
7028	msedge.exe	2.21.245.20:443	www.bing.com	AKAMAI-ASN1	NL	whitelisted

DNS requests

Domain	IP	Reputation
settings-win.data.microsoft.com	51.124.78.146 20.73.194.208	whitelisted
google.com	142.251.110.100 142.251.110.102 142.251.110.138 142.251.110.139 142.251.110.113 142.251.110.101	whitelisted
streamingcommunityz.ooo	188.114.96.3 188.114.97.3	unknown
crl.microsoft.com	23.216.77.28 23.216.77.6 2.16.164.49 2.16.164.120	whitelisted
analytics.vixcloud.co	104.21.65.144 172.67.164.24	unknown
www.bing.com	2.21.245.20 2.21.245.14 2.21.245.17 2.21.245.25 2.21.245.7 2.21.245.23 2.21.245.22 2.21.245.15 2.21.245.26 92.123.104.34 92.123.104.35 92.123.104.36 92.123.104.31 92.123.104.29 92.123.104.26 92.123.104.32 92.123.104.30 92.123.104.27	whitelisted
www.microsoft.com	88.221.169.152 23.52.181.212	whitelisted
sechw.com	104.21.18.29 172.67.179.173	whitelisted
static.cloudflareinsights.com	104.16.80.73 104.16.79.73	whitelisted
fs.microsoft.com	104.102.63.189	whitelisted

Threats

PID	Process	Class	Message
7028	msedge.exe	Possible Social Engineering Attempted	PHISHING [ANY.RUN] Suspected Phishing Fake Steam Domain 2
7028	msedge.exe	Possible Social Engineering Attempted	PHISHING [ANY.RUN] Suspected Phishing Fake Steam Domain 2
5188	svchost.exe	Unknown Traffic	ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
7028	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7028	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7028	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7028	msedge.exe	Possible Social Engineering Attempted	PHISHING [ANY.RUN] Suspected Phishing Fake Steam Domain 2
7028	msedge.exe	Possible Social Engineering Attempted	PHISHING [ANY.RUN] Suspected Phishing Fake Steam Domain 2

Add for printing

No debug info

General Info

https://streamingcommunityz.ooo/it/watch/77?e=1926

1B2BA92D4BF0EDF2F1D7C9A344D69826

9ADFEB5F468A598F2A5F82ED15026666F2F88EE3

3B11C232879B5022008B8C3D66FF2BBB41C418FA4762C361A822B40D2F2B9875

3:N8cRNqQ4ZKKKINU5k:2cRgTZRKwUK

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

PHISHING has been detected (SURICATA)

SUSPICIOUS

INFO

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings