| URL: | moviesjoy-to.is |
| Full analysis: | https://app.any.run/tasks/05298a3b-ad71-47b5-9659-f7871a2e15f1 |
| Verdict: | Malicious activity |
| Analysis date: | March 31, 2026, 08:22:58 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Tags: | |
| Indicators: | |
| MD5: | 849C0C71C9476C2DC8317AB574D20B81 |
| SHA1: | 4A20508B3C5BD707B91B7A58A730B4EBFFDE18DB |
| SHA256: | 72EF438718EC750E2C9945B60D33691F42A8017F14DC6F072CBBE43ED6CD24F4 |
| SSDEEP: | 3:3TBsImn:jBpm |
MALICIOUS
PHISHING has been detected (SURICATA)
- msedge.exe (PID: 7028)
SUSPICIOUS
No suspicious indicators.INFO
No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
168
Monitored processes
1
Malicious processes
1
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 7028 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --webtransport-developer-mode --string-annotations --always-read-main-dll --field-trial-handle=2256,i,13378875761215938322,9620771509043916482,262144 --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:3 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | msedge.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Version: 133.0.3065.92 Modules
| |||||||||||||||
Total events
0
Read events
0
Write events
0
Delete events
0
Modification events
Executable files
23
Suspicious files
6
Text files
6
Unknown types
53
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b5 | text | |
MD5:E762FE48F237433248062D4C1D1ACB8B | SHA256:6D10FFE4E339CD38A2BFD67C3AB03510CD768C7010934ECC17C1B0504588005A | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b8 | binary | |
MD5:1385F20C8053E0E6C39720291AA9D3AA | SHA256:7EB4BBE8E9909D878953302033FC27A187FAD850A7BB9C0FB211536F782D1F67 | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000be | binary | |
MD5:3B12286A948862E11CE73E0C9D364737 | SHA256:108A31B79BA491E0A19D518E7B976E761912E77A06AC6E318468BAC327F1D66B | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bf | binary | |
MD5:4A9A11C88DD3A1F0983CF9360DABD8E9 | SHA256:CF3445AF6BD49510821AA82B8E5FE1BC230C495F83373D8FF7D4C6F7241B52C1 | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b9 | binary | |
MD5:F0AE5A1352926F0BEF09C3A5F2E78FA3 | SHA256:43E49DD2AC49D9712076802AE58CFF55056E16A1EFFB326CDBF82053DEBB12DB | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ba | binary | |
MD5:D97B0BEDC3EFB5D31CE057A4EBC7D16E | SHA256:56C3A47254EF4CF8D9DF116F9EC0374D92B46FE6A83CFD16C8C459CC56A20204 | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b7 | binary | |
MD5:21AD0BDC35C8AEC1364003FDB4FEE011 | SHA256:ABCC6EA2A48809CDDD125CD93C43F7352CC910B527CC2EE0B50FE4864B039ECC | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RFf045c.TMP | text | |
MD5:8CA6AC4CD0D4F8B2EA5A9FC6FD4311D7 | SHA256:EE810A451AEA499C3D6F89EDB840ED025DF0937874485A211A3BB39F915F4EA0 | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bc | binary | |
MD5:C0A1FA2FBA2EA9C9CDAFE7CEEE40B73F | SHA256:7BFFDEB324F5AD108D859DDF411C425E8B1A7E3458F0B5D247EF5B6B180208E4 | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bb | compressed | |
MD5:F3AD19FDBD15A27B32A4D25E49CC266E | SHA256:3A657EDDEC2905CE29950E37A3CC78C6839AFC858FE26A89490A1502BE032D13 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
857
TCP/UDP connections
487
DNS requests
483
Threats
35
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
6888 | RUXIMICS.exe | GET | 304 | 20.73.194.208:443 | https://settings-win.data.microsoft.com/settings/v3.0/WSD/RUXIM?os=Windows&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3623&OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&FlightRing=Retail&AttrDataVer=188&App=RUXIM&AppVer=&DeviceFamily=Windows.Desktop | unknown | — | — | whitelisted |
5336 | MoUsoCoreWorker.exe | GET | 304 | 20.73.194.208:443 | https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3593&FlightIds=&UpdateOfferedDays=344&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%206%20Model%2014%20Stepping%203&sku=48&ActivationChannel=Retail&AttrDataVer=188&IsMDMEnrolled=0&ProcessorCores=4&ProcessorModel=Intel%28R%29%20Core%28TM%29%20i5-6400%20CPU%20%40%202.70GHz&TotalPhysicalRAM=4096&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260246&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30 | unknown | — | — | whitelisted |
7760 | svchost.exe | HEAD | 200 | 23.197.142.186:443 | https://fs.microsoft.com/fs/windows/config.json | unknown | — | — | whitelisted |
5168 | svchost.exe | GET | 200 | 23.216.77.36:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
7028 | msedge.exe | OPTIONS | 200 | 35.190.80.1:443 | https://a.nel.cloudflare.com/report/v4?s=5loXrAKmF0pQnAgQ6PljFfpHXHrVx6g18ihntRYHfo20iGXBAHGvZWE5sX2qe3pd7zyoMp8%2FRuP8YjuQsCNMk0j5qKrHk6R6seGtqkzvToU48raLG4IRAeyhSsNCVtU%2FhLlklINp2tY0aTlt3Wo%3D | unknown | — | — | — |
6888 | RUXIMICS.exe | GET | 200 | 23.216.77.36:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
7028 | msedge.exe | POST | 200 | 35.190.80.1:443 | https://a.nel.cloudflare.com/report/v4?s=5loXrAKmF0pQnAgQ6PljFfpHXHrVx6g18ihntRYHfo20iGXBAHGvZWE5sX2qe3pd7zyoMp8%2FRuP8YjuQsCNMk0j5qKrHk6R6seGtqkzvToU48raLG4IRAeyhSsNCVtU%2FhLlklINp2tY0aTlt3Wo%3D | unknown | — | — | unknown |
7028 | msedge.exe | GET | 200 | 184.86.251.8:443 | https://www.bing.com/bloomfilterfiles/ExpandedDomainsFilterGlobal.json | unknown | text | 665 Kb | whitelisted |
7028 | msedge.exe | GET | 200 | 104.16.80.73:443 | https://static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516 | unknown | — | — | — |
5168 | svchost.exe | GET | 200 | 20.73.194.208:443 | https://settings-win.data.microsoft.com/settings/v3.0/WSD/WaasMedic?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&appVer=10.0.19041.3758&ring=Retail&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4 | unknown | — | 3.41 Kb | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
5168 | svchost.exe | 20.73.194.208:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
6888 | RUXIMICS.exe | 20.73.194.208:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
5336 | MoUsoCoreWorker.exe | 20.73.194.208:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
— | — | 224.0.0.251:5353 | — | — | — | whitelisted |
7028 | msedge.exe | 184.86.251.8:443 | www.bing.com | AKAMAI-ASN1 | NL | whitelisted |
7028 | msedge.exe | 172.67.192.110:443 | moviesjoy-to.is | CLOUDFLARENET | US | whitelisted |
5168 | svchost.exe | 23.216.77.36:80 | crl.microsoft.com | AKAMAI-ASN1 | NL | whitelisted |
7028 | msedge.exe | 35.190.80.1:443 | a.nel.cloudflare.com | GOOGLE-CLOUD-PLATFORM | US | whitelisted |
6888 | RUXIMICS.exe | 23.216.77.36:80 | crl.microsoft.com | AKAMAI-ASN1 | NL | whitelisted |
5336 | MoUsoCoreWorker.exe | 23.216.77.36:80 | crl.microsoft.com | AKAMAI-ASN1 | NL | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
www.bing.com |
| whitelisted |
moviesjoy-to.is |
| unknown |
crl.microsoft.com |
| whitelisted |
a.nel.cloudflare.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
static.cloudflareinsights.com |
| whitelisted |
challenges.cloudflare.com |
| whitelisted |
login.live.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
7028 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare Network Error Logging (NEL) |
7028 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare Network Error Logging (NEL) |
5168 | svchost.exe | Unknown Traffic | ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW) |
— | — | Potentially Bad Traffic | SUSPICIOUS [ANY.RUN] Challenge-Platform Page Request to cdn-cgi |
7028 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge |
7028 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge |
7028 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge |
— | — | Misc activity | SUSPICIOUS [ANY.RUN] JavaScript Obfuscation (ParseInt) |
— | — | Misc activity | SUSPICIOUS [ANY.RUN] JavaScript Obfuscation (ParseInt) |
— | — | Misc activity | SUSPICIOUS [ANY.RUN] JavaScript Obfuscation (ParseInt) |