URL:

http://shared.regionofwaterloo.schunn-service.ro

Full analysis: https://app.any.run/tasks/5635ccaa-e3de-446d-8158-1ccb194b010b
Verdict: Malicious activity
Analysis date: April 15, 2025, 18:21:07
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
phishing
Indicators:
MD5:

66603851A80B67B20C8D5B5D16C722F4

SHA1:

75719EF360209DCE8A585C01EDD35C092C1E1A5D

SHA256:

4F46828B7A894B19CCD311BD220F31852E55CF301B7E7A6912CD42E43D8A8219

SSDEEP:

3:N1KNNJvL/NZRLWm:CBvRZQm

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 1396)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
149
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
#PHISHING msedge.exe

Process information

PID
CMD
Path
Indicators
Parent process
1396"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --webtransport-developer-mode --no-appcompat-clear --mojo-platform-channel-handle=2532 --field-trial-handle=2372,i,8504447382059928769,14367336096275567116,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
66
Text files
7
Unknown types
0

Dropped files

PID
Process
Filename
Type
1396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bbbinary
MD5:8F1635A737B1044B1E8D376D3A181E10
SHA256:5AE030C71FE16DAD3842266B09AB56C07DD638376704A1FEE2EB458D9ECC4FC5
1396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bcbinary
MD5:F1E5F282564F3C3CC0287399E7D4849F
SHA256:33F666C1C1EABDFDEC77AF89ABF7B5A201FF6F4EED72DA7BECF572357BF8E143
1396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bebinary
MD5:08C88A586DC67600D91CA1629CD10762
SHA256:D68641B8BC9F8E77257ADCAC5BA5AD4C612EFE221E07FC5DDC253050143A6568
1396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c0binary
MD5:D42624AFD9732F8D877D10FFA4DD1024
SHA256:696FBFE1923945C4AC9887CB6A96FE3FB8FA95DB7D83D9509678D8EC34CE77BB
1396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c1binary
MD5:8C00601DB72DC7DB6DCCC6357134B9F8
SHA256:43B2602FA1FD4200A7DEF2EA95708F66321798F587CD4B37511367086C077241
1396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bdbinary
MD5:3B42EA76FF510206B306853C8A9FBA80
SHA256:DD0A823E799A9E6B255397AC3C8ABFCECC46A2126A1959F608A9041417F5DB99
1396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c4compressed
MD5:EB265C418133ECABA2E42B1A859EB1AD
SHA256:C364DB620026DB2F109FA93042A1022C837DC86B5730929BC40E3FC961D597A8
1396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c5binary
MD5:7BBAACA02EF4FC1028808B25AAB2E06A
SHA256:F1D1366E9FCA684FF628AB2DA52CEC88F6DAE10653BB340FF60D4BE3EBA3B1FB
1396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000cacompressed
MD5:B25765E3F3AFB40003308A4A0C6874F5
SHA256:07165FB24FB1E690DF8702FFA3506CD4C278D083A4DFB319C03E5B34613F730C
1396msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c7binary
MD5:8E33AD8575EC464C1640C4FFBB96DFB3
SHA256:FA2D589AEAABE59783B522ED7529A025D82C76053C69DE392E4647F0B3309DB9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
187
TCP/UDP connections
127
DNS requests
104
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4800
RUXIMICS.exe
GET
200
2.19.11.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1396
msedge.exe
GET
200
89.35.77.25:80
http://shared.regionofwaterloo.schunn-service.ro/
unknown
1396
msedge.exe
GET
200
89.35.77.25:80
http://shared.regionofwaterloo.schunn-service.ro/files/images/Logo.png
unknown
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1396
msedge.exe
POST
302
89.35.77.25:80
http://shared.regionofwaterloo.schunn-service.ro/
unknown
1396
msedge.exe
GET
200
89.35.77.25:80
http://shared.regionofwaterloo.schunn-service.ro/files/images/Logo.png
unknown
POST
200
40.126.32.68:443
https://login.live.com/RST2.srf
unknown
xml
1.24 Kb
whitelisted
GET
200
3.33.186.135:443
https://www.docusign.com/_marketing/_next/static/chunks/webpack-f72aec58699d1949.js
unknown
binary
5.32 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4800
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
239.255.255.250:1900
whitelisted
3080
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3464
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1396
msedge.exe
2.16.241.201:443
www.bing.com
Akamai International B.V.
DE
whitelisted
1396
msedge.exe
89.35.77.25:80
shared.regionofwaterloo.schunn-service.ro
Activ Net Srl
RO
unknown
1652
svchost.exe
40.126.31.129:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3080
MoUsoCoreWorker.exe
2.19.11.120:80
crl.microsoft.com
Elisa Oyj
NL
whitelisted
3464
svchost.exe
2.19.11.120:80
crl.microsoft.com
Elisa Oyj
NL
whitelisted
4800
RUXIMICS.exe
2.19.11.120:80
crl.microsoft.com
Elisa Oyj
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
google.com
  • 142.250.186.110
whitelisted
www.bing.com
  • 2.16.241.201
  • 2.16.241.218
  • 2.16.241.205
  • 92.123.104.31
  • 92.123.104.21
  • 92.123.104.26
  • 92.123.104.27
  • 92.123.104.29
  • 92.123.104.25
  • 92.123.104.20
  • 92.123.104.23
  • 92.123.104.18
  • 92.123.104.43
  • 92.123.104.38
  • 92.123.104.33
  • 92.123.104.40
  • 92.123.104.37
  • 92.123.104.34
  • 92.123.104.42
  • 92.123.104.32
  • 92.123.104.36
whitelisted
shared.regionofwaterloo.schunn-service.ro
  • 89.35.77.25
unknown
login.live.com
  • 40.126.31.129
  • 20.190.159.0
  • 40.126.31.128
  • 20.190.159.2
  • 40.126.31.131
  • 20.190.159.131
  • 40.126.31.71
  • 20.190.159.75
whitelisted
crl.microsoft.com
  • 2.19.11.120
  • 2.19.11.105
  • 23.53.40.185
  • 23.53.41.81
  • 23.53.40.186
  • 23.53.41.82
  • 23.53.40.200
  • 23.53.41.98
  • 23.53.40.179
whitelisted
www.microsoft.com
  • 2.23.246.101
  • 23.35.229.160
whitelisted
go.microsoft.com
  • 95.100.186.9
whitelisted
docusign.com
  • 3.33.186.135
  • 15.197.167.90
whitelisted
www.docusign.com
  • 15.197.167.90
  • 3.33.186.135
whitelisted

Threats

PID
Process
Class
Message
Possible Social Engineering Attempted
ET PHISHING Javascript Browser Fingerprinting POST Request
Possible Social Engineering Attempted
ET PHISHING Possible Docusign Phishing Landing - Title over non SSL
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://shared.regionofwaterloo.schunn-service.ro