URL:

https://track.pstmrk.it/3s/track.pstmrk.it%2F3s%2Ftrack.pstmrk.it%252F3s%252Ftrack.pstmrk.it%25252F3s%25252Fbcfittesting.ca%2525252Fwp-css%25252FL8ju%25252FMEq9AQ%25252FAQ%25252F0644d138-98a3-4a48-adbf-d112a7e2cdf1%25252F1%25252FRFl7iDbmsR%252FL8ju%252FMUq9AQ%252FAQ%252F53e6fb78-4557-4bd8-88bf-668d67942db6%252F1%252Fc7-gwrH9-W%2FL8ju%2FMkq9AQ%2FAQ%2Ff6261e88-0fe3-4212-9efb-32e7ba052881%2F1%2FNCuojMlIGH/L8ju/Mkq9AQ/AQ/2f5897ef-9bba-41a7-a0c0-6729ca78fca8/1/anCovJwqef#cnlhbkB3ZXN0Y2FwLmNvbQ==

Full analysis: https://app.any.run/tasks/6712ffca-fef5-4c14-8014-015fc944294e
Verdict: Malicious activity
Threats:

Tycoon 2FA is a phishing-as-a-service (PhaaS) platform designed to bypass multi-factor authentication (MFA) protections, particularly targeting Microsoft 365 and Gmail accounts. Its advanced evasion techniques and modular architecture make it a significant threat to organizations relying on MFA for security.

Malware Trends Tracker     >>>
Analysis date: May 13, 2025, 15:10:46
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
possible-phishing
phish-url
phishing
storm1747
tycoon
Indicators:
MD5:

625A56C2B7E0A6F915769D195F9F938F

SHA1:

C6A8B390C5E3F3F76B6F57A83E3AB19DDD217125

SHA256:

545B61C8C1886655E055E280E8F1427949F184B6BCE0A9B6BD649212974BE79D

SSDEEP:

12:2nhck2/dTQWbUpBo4pyhTyl0uusV8YIjjNKFcE2VZ:2n2kG0pBr0uusWYo7E2f

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 2612)

  • SUSPICIOUS

    • Possibly a phishing URL contains email has been detected

      • msedge.exe (PID: 2448)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 2448)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
52
Monitored processes
20
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs #PHISHING msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
752"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1228 --field-trial-handle=1300,i,10994522799745348989,7887702228414535370,131072 --enable-features=msMicrosoftRootStoreUsed /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
1888"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1632 --field-trial-handle=1300,i,10994522799745348989,7887702228414535370,131072 --enable-features=msMicrosoftRootStoreUsed /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
1964"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6f57f598,0x6f57f5a8,0x6f57f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
109.0.1518.115
1980"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3220 --field-trial-handle=1300,i,10994522799745348989,7887702228414535370,131072 --enable-features=msMicrosoftRootStoreUsed /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
2384"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2212 --field-trial-handle=1300,i,10994522799745348989,7887702228414535370,131072 --enable-features=msMicrosoftRootStoreUsed /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
2416"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2180 --field-trial-handle=1300,i,10994522799745348989,7887702228414535370,131072 --enable-features=msMicrosoftRootStoreUsed /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
2448"C:\Program Files\Microsoft\Edge\Application\msedge.exe" "https://track.pstmrk.it/3s/track.pstmrk.it%2F3s%2Ftrack.pstmrk.it%252F3s%252Ftrack.pstmrk.it%25252F3s%25252Fbcfittesting.ca%2525252Fwp-css%25252FL8ju%25252FMEq9AQ%25252FAQ%25252F0644d138-98a3-4a48-adbf-d112a7e2cdf1%25252F1%25252FRFl7iDbmsR%252FL8ju%252FMUq9AQ%252FAQ%252F53e6fb78-4557-4bd8-88bf-668d67942db6%252F1%252Fc7-gwrH9-W%2FL8ju%2FMkq9AQ%2FAQ%2Ff6261e88-0fe3-4212-9efb-32e7ba052881%2F1%2FNCuojMlIGH/L8ju/Mkq9AQ/AQ/2f5897ef-9bba-41a7-a0c0-6729ca78fca8/1/anCovJwqef#cnlhbkB3ZXN0Y2FwLmNvbQ=="C:\Program Files\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
109.0.1518.115
2612"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1396 --field-trial-handle=1300,i,10994522799745348989,7887702228414535370,131072 --enable-features=msMicrosoftRootStoreUsed /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
109.0.1518.115
2808"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=3588 --field-trial-handle=1300,i,10994522799745348989,7887702228414535370,131072 --enable-features=msMicrosoftRootStoreUsed /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
3036"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3600 --field-trial-handle=1300,i,10994522799745348989,7887702228414535370,131072 --enable-features=msMicrosoftRootStoreUsed /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
68
Text files
25
Unknown types
3

Dropped files

PID
Process
Filename
Type
2448msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF182a95.TMP
MD5:
SHA256:
2448msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
2448msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF182ad4.TMP
MD5:
SHA256:
2448msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
2448msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF182ae3.TMP
MD5:
SHA256:
2448msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF182bce.TMP
MD5:
SHA256:
2448msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
1964msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics.pmabinary
MD5:886E82F2CA62ECCCE64601B30592078A
SHA256:E5E13D53601100FF3D6BB71514CBCCC4C73FE9B7EF5E930100E644187B42948E
2448msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Variationsbinary
MD5:961E3604F228B0D10541EBF921500C86
SHA256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
2448msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Last Versiontext
MD5:61FE7896F9494DCDF53480A325F4FB85
SHA256:ACFD3CD36E0DFCF1DCB67C7F31F2A5B9BA0815528A0C604D4330DFAA9E683E51
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
37
DNS requests
33
Threats
8

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
whitelisted
1080
svchost.exe
224.0.0.252:5355
whitelisted
4
System
192.168.100.255:138
whitelisted
2612
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2448
msedge.exe
239.255.255.250:1900
whitelisted
2612
msedge.exe
150.171.28.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2612
msedge.exe
54.154.85.144:443
track.pstmrk.it
AMAZON-02
IE
shared
2612
msedge.exe
192.185.129.84:443
bcfittesting.ca
UNIFIEDLAYER-AS-1
US
unknown
2612
msedge.exe
104.21.37.11:443
ljows.dfmsr.ru
CLOUDFLARENET
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.46
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
track.pstmrk.it
  • 54.154.85.144
  • 54.155.60.93
  • 52.18.224.130
shared
bcfittesting.ca
  • 192.185.129.84
unknown
ljows.dfmsr.ru
  • 104.21.37.11
  • 172.67.202.101
unknown
cdnjs.cloudflare.com
  • 104.17.25.14
  • 104.17.24.14
whitelisted
www.bing.com
  • 2.16.241.205
  • 2.16.241.222
  • 2.16.241.201
  • 2.16.241.206
  • 2.16.241.204
  • 2.16.241.218
  • 2.16.241.216
whitelisted
a.nel.cloudflare.com
  • 35.190.80.1
whitelisted
3s6b.vxdex.es
  • 104.21.7.201
  • 172.67.187.254
unknown

Threats

PID
Process
Class
Message
2612
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
2612
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
2612
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
2612
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
2612
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing Domain (vxdex .es)
2612
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing Domain (vxdex .es)
2612
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Domain was related with Tycoon Phishing
2612
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Domain was related with Tycoon Phishing
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://track.pstmrk.it/3s/track.pstmrk.it%2F3s%2Ftrack.pstmrk.it%252F3s%252Ftrack.pstmrk.it%25252F3s%25252Fbcfittesting.ca%2525252Fwp-css%25252FL8ju%25252FMEq9AQ%25252FAQ%25252F0644d138-98a3-4a48-adbf-d112a7e2cdf1%25252F1%25252FRFl7iDbmsR%252FL8ju%252FMUq9AQ%252FAQ%252F53e6fb78-4557-4bd8-88bf-668d67942db6%252F1%252Fc7-gwrH9-W%2FL8ju%2FMkq9AQ%2FAQ%2Ff6261e88-0fe3-4212-9efb-32e7ba052881%2F1%2FNCuojMlIGH/L8ju/Mkq9AQ/AQ/2f5897ef-9bba-41a7-a0c0-6729ca78fca8/1/anCovJwqef#cnlhbkB3ZXN0Y2FwLmNvbQ==