URL:

steamunlocker.net

Full analysis: https://app.any.run/tasks/a9f03a93-df16-4550-a2ff-33ed52814fd3
Verdict: Malicious activity
Analysis date: June 10, 2025, 14:03:12
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
phishing
arch-exec
obfuscated-js
Indicators:
MD5:

03D369A72772D4FF7E031517AFABE3F0

SHA1:

3EC734440C07A5C46B6FA7534C5407731E2EEA05

SHA256:

6D45F5E38A611C85F7B56B9E261F71AB3344C5766DDA73D67B10C5946613BFE9

SSDEEP:

3:ktHo:kO

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 6472)

    • Registers / Runs the DLL via REGSVR32.EXE

      • EzExtractSetup.exe (PID: 7284)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • EzExtractSetup.exe (PID: 7284)

    • Executable content was dropped or overwritten

      • EzExtractSetup.exe (PID: 7284)

    • There is functionality for taking screenshot (YARA)

      • EzExtractSetup.exe (PID: 7284)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • EzExtractSetup.exe (PID: 7284)

    • Explorer used for Indirect Command Execution

      • explorer.exe (PID: 7956)

    • The process creates files with name similar to system file names

      • EzExtractSetup.exe (PID: 7284)

  • INFO

    • Reads Environment values

      • identity_helper.exe (PID: 7772)

    • Application launched itself

      • msedge.exe (PID: 2076)

    • Checks supported languages

      • identity_helper.exe (PID: 7772)
      • EzExtractSetup.exe (PID: 7284)

    • The sample compiled with english language support

      • msedge.exe (PID: 6472)
      • EzExtractSetup.exe (PID: 7284)
      • msedge.exe (PID: 2076)

    • Reads the computer name

      • identity_helper.exe (PID: 7772)
      • EzExtractSetup.exe (PID: 7284)

    • Connects to unusual port

      • msedge.exe (PID: 6472)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 2076)
      • msedge.exe (PID: 6472)

    • Launching a file from the Downloads directory

      • msedge.exe (PID: 2076)

    • Reads the machine GUID from the registry

      • EzExtractSetup.exe (PID: 7284)

    • Create files in a temporary directory

      • EzExtractSetup.exe (PID: 7284)

    • Reads the software policy settings

      • EzExtractSetup.exe (PID: 7284)

    • Checks proxy server information

      • EzExtractSetup.exe (PID: 7284)

    • Creates files or folders in the user directory

      • EzExtractSetup.exe (PID: 7284)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
218
Monitored processes
74
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs #PHISHING msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs ezextractsetup.exe no specs ezextractsetup.exe msedge.exe no specs rundll32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs explorer.exe no specs explorer.exe no specs ezextractproapp.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
592"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --disable-quic --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=7936,i,6928748322917992611,1532197521606479545,262144 --variations-seed-version --mojo-platform-channel-handle=7644 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
640"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3636,i,6928748322917992611,1532197521606479545,262144 --variations-seed-version --mojo-platform-channel-handle=3672 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1132"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=1844,i,6928748322917992611,1532197521606479545,262144 --variations-seed-version --mojo-platform-channel-handle=8380 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1232"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=7060,i,6928748322917992611,1532197521606479545,262144 --variations-seed-version --mojo-platform-channel-handle=7012 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1336"C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe" C:\Program Files (x86)\EzExtractPro\EzExtractProApp.exe
explorer.exe
User:
admin
Company:
Empire Security Services Inc
Integrity Level:
MEDIUM
Description:
EzExtractPro
Exit code:
0
Version:
1.0.0.1
Modules
Images
c:\program files (x86)\ezextractpro\ezextractproapp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1712C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2064"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=9036,i,6928748322917992611,1532197521606479545,262144 --variations-seed-version --mojo-platform-channel-handle=7916 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2076"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "steamunlocker.net"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2120"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6384,i,6928748322917992611,1532197521606479545,262144 --variations-seed-version --mojo-platform-channel-handle=7856 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2132"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2772,i,6928748322917992611,1532197521606479545,262144 --variations-seed-version --mojo-platform-channel-handle=2784 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
11 320
Read events
11 206
Write events
96
Delete events
18

Modification events

(PID) Process:(2076) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2076) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(2076) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(2076) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(2076) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
229E5A71CE952F00
(PID) Process:(2076) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\393992
Operation:writeName:WindowTabManagerFileMappingId
Value:
{98650510-B833-4951-B14A-8BBE1F2C304F}
(PID) Process:(2076) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\393992
Operation:writeName:WindowTabManagerFileMappingId
Value:
{DFBC2FA7-728A-40CD-8DBA-94C00884F8F2}
(PID) Process:(2076) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\393992
Operation:writeName:WindowTabManagerFileMappingId
Value:
{3EAC1C33-D9CC-416F-845A-1E89F2DC3A23}
(PID) Process:(2076) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
2BB19371CE952F00
(PID) Process:(2076) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\393992
Operation:writeName:WindowTabManagerFileMappingId
Value:
{1D331AB9-C363-44C8-9BBE-10C51D6271ED}
Executable files
19
Suspicious files
769
Text files
177
Unknown types
68

Dropped files

PID
Process
Filename
Type
2076msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF176e69.TMP
MD5:
SHA256:
2076msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF176e69.TMP
MD5:
SHA256:
2076msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF176e69.TMP
MD5:
SHA256:
2076msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
2076msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
2076msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
2076msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF176e79.TMP
MD5:
SHA256:
2076msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
2076msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF176e5a.TMP
MD5:
SHA256:
2076msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
29
TCP/UDP connections
216
DNS requests
263
Threats
28

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
DE
binary
868 b
whitelisted
6472
msedge.exe
GET
200
150.171.28.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:OOtYnS3tByPLvls6UOvlQOO6UjOPtCigOWegWSg8lt8&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
US
text
99 b
whitelisted
6472
msedge.exe
GET
200
103.224.182.206:80
http://dizoab.com/f.php?e=rLZVhNqiaBIHVKFyu4WU4H49fk84Uy8vNmhWYkczOG1ZNzJqckh5TXRHOWpTejBzS3V4N3lRRTRNd3ZCWTkwTTVuUHIwdUNEMFFBYU1vYVZFMnhJcy91OWFJUFkwVS9IMmFWb05tS2kvcDJNaFNuaXpScHFxWmtUdjc2UFd2aHhxaTJ1OEJYTTFnYXZDbVhGQlZHM29WQ3hyYUhoMkpIWGRwa1VYcTZCdENsY0pFYXh2T21SNjlCbThjMUsrQm93aGVEYUJXbUQ3WVc5MmNyL0xXRG91MHZ0dDd2VDVhV0hRbDF0ODRhMW55aEhvemlQcTAxNENDbnEycitQSXBoVlFsQkh5MTlaVDd6WHVKRVZIaVJBWTlCeDliVGxmRHdZQjRiUU8ySTJwTURRbm9XbVhXY2NoSU1kUnBjWGdzSU1tU2E1SkJOaDZieWJOOVRkVHVXa3ppcHhJbktZWTRhS084Y3ZtSldVbE11bmt5RFc0b0E4RGN6RWFTMmJtYVc4S0IraHNEb3R3bVFUckQ1aklwOG91Tm5HTHJOa0wrNW80UGFpMnhJZmZob0g1RTFHOVNudURIYk9IMW1kRklKS2Q0TWFkTnFpcHFTRXI0cmxVWStRS3gvOUVYTkxjYXE3ZDV5WHo0WldLbm9GMWJpZXFKZ25RRy8xeXZ5NmNCZmk4RmM2bU12TUk3S3NWRzZrTnR5
AU
compressed
1.18 Kb
unknown
2524
svchost.exe
GET
200
23.54.109.203:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
DE
binary
471 b
whitelisted
6472
msedge.exe
GET
302
103.224.182.206:80
http://dizoab.com/f2.php?e=wPn6YExAOMbFdPRVkAVc8X49fmExWi82MjZDczd6NjRTSHZhamo2YWZ0eHI1aU4wYmdrVVlxTHBPZ2VRbnJOYjNzUmx4aFpVQVRIdWhjSjAyaXlpWnRqWjRjamVCQkhnZXFKVFE5WUVjSlE3ZHlNQUk0NTBGaHR5NWxFRzdjRmJWK3czSUVtTnhzc2crem5IYlhsZDhOZmZPellBb2EzanFmNElkTS9YZFFYUko0dEhoa0JQSndvWWd1TEk4RHB5Z3AwUWtRMjVJaG1qMC9wRTN5Z0FhcnkvZHRPMFBnYWZrUlJORmRtOVdmZnF6QkVLcHJuNGdWUWJvekU5SS9TVW5UcFBZVHIzYjNRcy9pa0duUjhGY2pXV1QrQWtHODlnTEE2T0pyNlRJdjBQQU9wUWkweG84dnJTcDM1VVBZUDhtMDE1RWpqeE15dXdydVFCaXRoNk9CV3ZLYjh3TmZrNGRVOWMwb0dQUDFneWdkTE5vZmRUYmVuUGZnTmZ3TTNNYkxwQ2lLb05GTzE0azIrbFcycHVES2FsZzVsS2VST0d6aitVQjlta3J1cUZ0cElVYzdxcE51K1NTdG5UMXF5d1dlRnNPd3FlMUFReGpHd0pNNnozNVNPNzFtNS9zUWhZQUhYVkw3MFlmdkxPQzNkK0w2YlFUM2xnMmx1ZUZnVDJGN2hTS1J6TU9BTTlveGI5cm4rbWZrWUV1QmZ5SVdpTk1lRUNoYzBLYVVXRHAzc0JaTStJb0pNdy85clFRbz0%3D&vs=1272:602&ds=1280:720&sl=0:0&os=f&nos=f
AU
unknown
1268
svchost.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
DE
binary
825 b
whitelisted
6472
msedge.exe
GET
200
103.224.182.206:80
http://dizoab.com/js/fingerprint/iife.min.js
AU
compressed
14.0 Kb
unknown
3624
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bf8090eb-6e5c-4c51-9250-5bf9b46cf160?P1=1749577538&P2=404&P3=2&P4=kKhKtcCAknN4wuo1do%2ffCMniyFEBeBgH2%2fGnIYrNVQFrMicIJmfOD6mvoNN8N7GFOOi3SMQS6AcAn%2fsjKX4MlQ%3d%3d
US
binary
1.09 Kb
whitelisted
3624
svchost.exe
GET
200
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/4c4fdee0-d69c-42b7-bf5c-3ec046e9dfc9?P1=1749577539&P2=404&P3=2&P4=Sm7uddhF6FJwdTR4KVN%2bsWUXHriw%2fMubf3S3i%2b%2bW8YzArfNU6ll54iR4cOpspZqzv1mBeYFcrpmZ66%2bMbUzXGg%3d%3d
US
binary
2.98 Kb
whitelisted
3624
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bf8090eb-6e5c-4c51-9250-5bf9b46cf160?P1=1749577538&P2=404&P3=2&P4=kKhKtcCAknN4wuo1do%2ffCMniyFEBeBgH2%2fGnIYrNVQFrMicIJmfOD6mvoNN8N7GFOOi3SMQS6AcAn%2fsjKX4MlQ%3d%3d
US
compressed
764 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1268
svchost.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4960
RUXIMICS.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
6472
msedge.exe
52.123.243.85:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
DE
whitelisted
6472
msedge.exe
150.171.28.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6472
msedge.exe
150.171.28.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6472
msedge.exe
216.245.213.77:443
steamunlocker.net
LIMESTONENETWORKS
US
unknown
6472
msedge.exe
216.245.213.77:80
steamunlocker.net
LIMESTONENETWORKS
US
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.78
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 52.123.243.85
  • 52.123.243.75
  • 52.123.243.84
  • 52.123.243.193
whitelisted
steamunlocker.net
  • 216.245.213.77
unknown
copilot.microsoft.com
  • 92.123.104.45
  • 92.123.104.53
whitelisted
www.bing.com
  • 104.126.37.168
  • 104.126.37.178
  • 104.126.37.130
  • 104.126.37.123
  • 104.126.37.179
  • 104.126.37.176
  • 104.126.37.171
  • 104.126.37.170
  • 104.126.37.185
  • 92.123.104.13
  • 92.123.104.7
  • 92.123.104.19
  • 92.123.104.9
  • 92.123.104.11
  • 92.123.104.18
  • 92.123.104.21
  • 92.123.104.8
  • 92.123.104.17
  • 92.123.104.61
  • 92.123.104.66
  • 92.123.104.62
  • 92.123.104.67
  • 92.123.104.65
  • 92.123.104.5
  • 92.123.104.54
  • 104.126.37.155
  • 104.126.37.131
  • 104.126.37.144
  • 104.126.37.162
  • 104.126.37.137
  • 104.126.37.163
  • 104.126.37.139
  • 104.126.37.153
  • 104.126.37.160
whitelisted
login.live.com
  • 40.126.32.68
  • 20.190.160.17
  • 40.126.32.74
  • 20.190.160.22
  • 20.190.160.4
  • 20.190.160.20
  • 20.190.160.131
  • 40.126.32.138
whitelisted
ocsp.digicert.com
  • 23.54.109.203
whitelisted
dizoab.com
  • 103.224.182.206
unknown
client.wns.windows.com
  • 172.211.123.250
whitelisted

Threats

PID
Process
Class
Message
6472
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
6472
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
6472
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
6472
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
6472
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
6472
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
6472
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
6472
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
6472
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain (signamentswithd .com)
6472
msedge.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing domain by CrossDomain (signamentswithd .com)
Process
Message
EzExtractProApp.exe
End save config
EzExtractProApp.exe
Start save config
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
steamunlocker.net