URL:

https://searchbriefing.com/response.aspx?type=3&action=y1c8e8VBGr6u0JaqrEWBDVN3l37brud1zPJcWtJ8vzZ6vmqwawaWyoBaMKKGfTkfOZU5roft6WzCwCsHWrAgADkmpY84s620XouyKaejFEjjkoPh5Iar4ePvb1uIVqDztfUBlvEn1wwupvOklyCdPzTqAhnUSyRUGYdjeflXb0t68myQKPITvdAd4kgOEwzxaWllc4sKyGA=&url=https://monitor.ppcprotect.com/v3.0/template?accid=16173&kw=lld%20dacia%20sandero&mt=e&nw=a&cpn=391224736&devi=c&devm=&locp=125683&loci=&pl=&cr=&adp=&sadt=&url=https://almofadda.com/o/?c3Y9bzM2NV8xX25vbSZtPXhnJnVpZD1VU0VSMDEwNzIwMjVVMzUwNzAxNTQmdD1qTg==N0123Nestimatingteam@speedwellconstruction.com

Full analysis: https://app.any.run/tasks/4b840a6a-e534-4f04-88e5-46617164d35a
Verdict: Malicious activity
Threats:

Mamba 2FA is an advanced phishing-as-a-service (PhaaS) platform designed to bypass multi-factor authentication (MFA) and target Microsoft 365 accounts. It focuses on intercepting authentication flows in real-time and enables threat actors to hijack user sessions and access sensitive systems even when additional security measures are in place.

Malware Trends Tracker     >>>
Analysis date: March 27, 2026, 16:11:22
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
phishing
mamba
mamba2fa
fingerprinting
obfuscated-js
phishing-ml
websocket
Indicators:
MD5:

B4E9621EA75926134F42DEB6B36A4736

SHA1:

8B865F71B021753F191687A70AA2CC5D81CCBBA5

SHA256:

55CD5788E698AA23896E5A153490BBE10759A6C0D4D8C809398FF57992FE63D1

SSDEEP:

12:2Q6udWUZCf9DcteW1JdPAVAaj2YAB1mYyNBIiBhIlMm:2HOZJeUJd4Vbj/AB1mlNNYn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Phishing has been detected

      • msedge.exe (PID: 7224)

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 4684)

    • PHISHING has been detected (ML)

      • msedge.exe (PID: 7224)

    • Fake Microsoft Authentication Page has been detected

      • msedge.exe (PID: 7224)

    • Mamba 2FA phishing kit has been detected

      • msedge.exe (PID: 7224)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Application launched itself

      • msedge.exe (PID: 7224)

    • Reads Environment values

      • identity_helper.exe (PID: 8312)

    • Checks supported languages

      • identity_helper.exe (PID: 8312)

    • Reads the computer name

      • identity_helper.exe (PID: 8312)

    • Page contains obfuscated JavaScript

      • msedge.exe (PID: 7224)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
158
Monitored processes
21
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start #PHISHING msedge.exe msedge.exe no specs msedge.exe no specs #PHISHING msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs slui.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1180"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3604,i,18132986308926515926,7348347204115591898,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=3620 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1268"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3612,i,18132986308926515926,7348347204115591898,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=3852 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2204"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2760,i,18132986308926515926,7348347204115591898,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=2788 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2432"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.92 --initial-client-data=0x294,0x298,0x29c,0x28c,0x2a4,0x7ffe2392f208,0x7ffe2392f214,0x7ffe2392f220C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4684"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2296,i,18132986308926515926,7348347204115591898,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=2508 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5200"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5300,i,18132986308926515926,7348347204115591898,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=5264 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5220"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6104,i,18132986308926515926,7348347204115591898,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=6188 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5384"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5912,i,18132986308926515926,7348347204115591898,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=5920 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5892"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4688,i,18132986308926515926,7348347204115591898,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=4852 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
7224"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --disable-features=HttpsUpgrades,HttpsFirstModeV2,HttpsOnlyMode,HttpsFirstBalancedMode --no-first-run --no-default-browser-check https://searchbriefing.com/response.aspx?type=3&action=y1c8e8VBGr6u0JaqrEWBDVN3l37brud1zPJcWtJ8vzZ6vmqwawaWyoBaMKKGfTkfOZU5roft6WzCwCsHWrAgADkmpY84s620XouyKaejFEjjkoPh5Iar4ePvb1uIVqDztfUBlvEn1wwupvOklyCdPzTqAhnUSyRUGYdjeflXb0t68myQKPITvdAd4kgOEwzxaWllc4sKyGA=&url=https://monitor.ppcprotect.com/v3.0/template?accid=16173&kw=lld%20dacia%20sandero&mt=e&nw=a&cpn=391224736&devi=c&devm=&locp=125683&loci=&pl=&cr=&adp=&sadt=&url=https://almofadda.com/o/?c3Y9bzM2NV8xX25vbSZtPXhnJnVpZD1VU0VSMDEwNzIwMjVVMzUwNzAxNTQmdD1qTg==N0123Nestimatingteam@speedwellconstruction.comC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
467
Read events
466
Write events
1
Delete events
0

Modification events

(PID) Process:(8588) slui.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\3d\52C64B7E
Operation:writeName:@%SystemRoot%\System32\sppcomapi.dll,-3200
Value:
Software Licensing
Executable files
0
Suspicious files
22
Text files
204
Unknown types
55

Dropped files

PID
Process
Filename
Type
7224msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RFe02f9.TMP
MD5:
SHA256:
7224msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
7224msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RFe02f9.TMP
MD5:
SHA256:
7224msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
7224msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RFe0318.TMP
MD5:
SHA256:
7224msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RFe0318.TMP
MD5:
SHA256:
7224msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
7224msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
7224msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RFe0318.TMP
MD5:
SHA256:
7224msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
116
TCP/UDP connections
89
DNS requests
82
Threats
39

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4684
msedge.exe
GET
200
104.18.22.222:443
https://copilot.microsoft.com/c/api/user/eligibility
US
text
25 b
whitelisted
4684
msedge.exe
GET
200
150.171.28.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:1ue7Ehe42K__6JKUIgmmZuMy5Q_KrGhbyiKPEim3YR8&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
US
binary
102 b
whitelisted
4684
msedge.exe
GET
200
72.32.14.113:443
https://searchbriefing.com/response.aspx?type=3&action=y1c8e8VBGr6u0JaqrEWBDVN3l37brud1zPJcWtJ8vzZ6vmqwawaWyoBaMKKGfTkfOZU5roft6WzCwCsHWrAgADkmpY84s620XouyKaejFEjjkoPh5Iar4ePvb1uIVqDztfUBlvEn1wwupvOklyCdPzTqAhnUSyRUGYdjeflXb0t68myQKPITvdAd4kgOEwzxaWllc4sKyGA=&url=https://monitor.ppcprotect.com/v3.0/template?accid=16173&kw=lld%20dacia%20sandero&mt=e&nw=a&cpn=391224736&devi=c&devm=&locp=125683&loci=&pl=&cr=&adp=&sadt=&url=https://almofadda.com/o/?c3Y9bzM2NV8xX25vbSZtPXhnJnVpZD1VU0VSMDEwNzIwMjVVMzUwNzAxNTQmdD1qTg==N0123Nestimatingteam@speedwellconstruction.com
US
binary
1.04 Kb
unknown
4684
msedge.exe
GET
200
150.171.28.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
US
text
314 b
whitelisted
4684
msedge.exe
GET
200
52.123.243.193:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=Edge%2CEdgeConfig%2CEdgeServices%2CEdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=67&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1766135237&lafgdate=0
US
binary
4.60 Kb
whitelisted
4684
msedge.exe
GET
200
72.32.14.113:443
https://searchbriefing.com/Assets/Stylesheets/normalize.min.css?ver=2.1.1.1
US
binary
1.89 Kb
unknown
4684
msedge.exe
GET
200
72.32.14.113:443
https://searchbriefing.com/Assets/Stylesheets/shell.min.css?ver=2.1.1.1
US
binary
168 Kb
unknown
4684
msedge.exe
GET
200
72.32.14.113:443
https://searchbriefing.com/Assets/JS/jquery-ui.min.js
US
binary
283 Kb
unknown
4684
msedge.exe
GET
200
72.32.14.113:443
https://searchbriefing.com/Assets/JS/modernizr.js
US
binary
51.5 Kb
unknown
4684
msedge.exe
GET
200
72.32.14.113:443
https://searchbriefing.com/Assets/JS/jquery-3.7.0.js
US
binary
288 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
3044
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5276
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
8152
slui.exe
48.192.1.64:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5532
SearchApp.exe
92.123.104.52:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
23.11.41.157:80
ocsp.digicert.com
AKAMAI-AMS
NL
whitelisted
204.79.197.203:80
oneocsp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
4684
msedge.exe
52.123.243.193:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4684
msedge.exe
150.171.28.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.124.78.146
  • 40.127.240.158
whitelisted
activation-v2.sls.microsoft.com
  • 48.192.1.64
whitelisted
www.bing.com
  • 92.123.104.52
  • 92.123.104.34
  • 92.123.104.47
  • 92.123.104.33
  • 92.123.104.31
  • 92.123.104.45
  • 92.123.104.39
  • 92.123.104.32
  • 92.123.104.37
  • 2.16.241.225
  • 2.16.241.201
  • 2.16.241.216
  • 2.16.241.207
  • 2.16.241.204
  • 2.16.241.222
  • 2.16.241.218
  • 2.16.241.205
whitelisted
ocsp.digicert.com
  • 23.11.41.157
whitelisted
oneocsp.microsoft.com
  • 204.79.197.203
whitelisted
google.com
  • 142.251.110.102
  • 142.251.110.100
  • 142.251.110.113
  • 142.251.110.138
  • 142.251.110.101
  • 142.251.110.139
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 52.123.243.193
  • 52.123.243.71
  • 52.123.243.76
  • 52.123.243.88
whitelisted
searchbriefing.com
  • 72.32.14.113
unknown
api.edgeoffer.microsoft.com
  • 13.107.226.44
  • 13.107.253.44
whitelisted

Threats

PID
Process
Class
Message
4684
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Mamba2FA HTTP URL Observed (sv= b64-encoded)
4684
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Mamba2FA HTTP URL Observed (sv= b64-encoded)
4684
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Bidirectional and low-latency communication CDN (cdn .socket .io)
4684
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
4684
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Bidirectional and low-latency communication CDN (cdn .socket .io)
4684
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
4684
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing URL
4684
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Mamba2FA HTTP URL Observed (sv= b64-encoded)
4684
msedge.exe
Attempted Information Leak
PHISHING [ANY.RUN] Browser Fingerprinting related to Phishing Kits observed
4684
msedge.exe
Information Leak
SUSPICIOUS [ANY.RUN] FingerprintJS Collected Data observed in HTTP POST request
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://searchbriefing.com/response.aspx?type=3&action=y1c8e8VBGr6u0JaqrEWBDVN3l37brud1zPJcWtJ8vzZ6vmqwawaWyoBaMKKGfTkfOZU5roft6WzCwCsHWrAgADkmpY84s620XouyKaejFEjjkoPh5Iar4ePvb1uIVqDztfUBlvEn1wwupvOklyCdPzTqAhnUSyRUGYdjeflXb0t68myQKPITvdAd4kgOEwzxaWllc4sKyGA=&url=https://monitor.ppcprotect.com/v3.0/template?accid=16173&kw=lld%20dacia%20sandero&mt=e&nw=a&cpn=391224736&devi=c&devm=&locp=125683&loci=&pl=&cr=&adp=&sadt=&url=https://almofadda.com/o/?c3Y9bzM2NV8xX25vbSZtPXhnJnVpZD1VU0VSMDEwNzIwMjVVMzUwNzAxNTQmdD1qTg==N0123Nestimatingteam@speedwellconstruction.com