URL:

https://redirect.viglink.com/?format=go&jsonp=vglnk_1528334718170259&key=172579b97fa4d5e8c1a3c2918a03e499&libId=ji37348e01012xfz000DA40uyjt16&loc=jamestowndeals.com/rq3dv?q=Blumenau&btnG=Pesquisar&v=1&out=https%3A%2F%2Fsecure-web.cisco.com%2F1TV2QVZYaExZgqwL6IOKlVQrr5ysTdIcfhgh7OYYi86svAP83T4HnveaQitxadVizvh4LJHFQHkBZ0SWQJXtEXFJ6pOiW45ZwNc_sZsb2RPg_Z0cdx7AbjzjSInXM4xa_OX2rXxOa2E0R6JIKqjwicD2fbjH-QEufNme5WEHuS5nN2XFMFxQ-5ckbFecO_sbo2YZn11GlR_zoIJBvYWlty9GmoUl-zSA_BjVG_HRrv4r7-TkKR8fdgg0z870xjJwJSDDl5xqYxbLIzZKIZMaJiHWiVJ0B30LW1o5i0ATgw9FzXvjNffXEP7wkYW7BNuKeg7iep36APjrJl6G9aM4h8-0svAzhBdKdTIepw4bpIwiCJtM6Bf9V1fKMjvm1Cui5Bq2sZ54idI6E7p78s3Rxl7ZrEjRSdIW7TY_N5Q42YHzHfS84qltzVvsCKbfP5fhgAyVXFThWjY6WmaIRCwkhQ3Q_Z8J536VnuuvG6XOV1mM%2Fhttps%253A%252F%252Freconnect564.clarify.in.net%252Fpeahen974%252F

Full analysis: https://app.any.run/tasks/b30e57f6-db39-4556-a714-6d52328acb7e
Verdict: Malicious activity
Threats:

FlowerStorm is a phishing-as-a-service (PhaaS) platform used by cybercriminals to steal Microsoft 365 credentials and bypass multi-factor authentication (MFA) protections through adversary-in-the-middle (AiTM) attacks. Emerging after the disruption of Rockstar2FA in late 2024, FlowerStorm rapidly gained popularity among attackers targeting enterprises across North America and Europe.

Malware Trends Tracker     >>>
Analysis date: April 29, 2026, 14:53:48
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
fingerprinting
phishing-ml
possible-phishing
phishing
storm1167
flowerstorm
Indicators:
MD5:

BEB37C97331C2B08FC08E8D4A0C183B2

SHA1:

BDA8C48367850E6442D6C74BB17565FFBC120AFA

SHA256:

732AC6151DF40227A275D49DBDA83D8986E039BD487585E2C0EB5476303FF84F

SSDEEP:

24:23Ubhc8eXOFRrtyGr/Wkk3RPC76UmGlttFN7W2:kUbhcfXzoOnUNtV7/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • PHISHING has been detected (ML)

      • msedge.exe (PID: 2652)

    • Fake Microsoft Authentication Page has been detected

      • msedge.exe (PID: 2652)

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 4504)

  • SUSPICIOUS

    • Possible Social Engineering Attempted

      • msedge.exe (PID: 4504)

  • INFO

    • Checks supported languages

      • identity_helper.exe (PID: 4480)

    • Application launched itself

      • msedge.exe (PID: 2652)

    • Reads the computer name

      • identity_helper.exe (PID: 4480)

    • Reads Environment values

      • identity_helper.exe (PID: 4480)

    • Possible Social Engineering Attempted

      • msedge.exe (PID: 4504)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
162
Monitored processes
26
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs #PHISHING msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1180"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2752,i,1314464223868048958,14944076531396943943,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=2792 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2160"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --disable-quic --onnx-enabled-for-ee --string-annotations --always-read-main-dll --field-trial-handle=5984,i,1314464223868048958,14944076531396943943,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=6040 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2528"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5836,i,1314464223868048958,14944076531396943943,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=5824 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2652"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --disable-features=HttpsUpgrades,HttpsFirstModeV2,HttpsOnlyMode,HttpsFirstBalancedMode --no-first-run --no-default-browser-check https://redirect.viglink.com/?format=go&jsonp=vglnk_1528334718170259&key=172579b97fa4d5e8c1a3c2918a03e499&libId=ji37348e01012xfz000DA40uyjt16&loc=jamestowndeals.com/rq3dv?q=Blumenau&btnG=Pesquisar&v=1&out=https%3A%2F%2Fsecure-web.cisco.com%2F1TV2QVZYaExZgqwL6IOKlVQrr5ysTdIcfhgh7OYYi86svAP83T4HnveaQitxadVizvh4LJHFQHkBZ0SWQJXtEXFJ6pOiW45ZwNc_sZsb2RPg_Z0cdx7AbjzjSInXM4xa_OX2rXxOa2E0R6JIKqjwicD2fbjH-QEufNme5WEHuS5nN2XFMFxQ-5ckbFecO_sbo2YZn11GlR_zoIJBvYWlty9GmoUl-zSA_BjVG_HRrv4r7-TkKR8fdgg0z870xjJwJSDDl5xqYxbLIzZKIZMaJiHWiVJ0B30LW1o5i0ATgw9FzXvjNffXEP7wkYW7BNuKeg7iep36APjrJl6G9aM4h8-0svAzhBdKdTIepw4bpIwiCJtM6Bf9V1fKMjvm1Cui5Bq2sZ54idI6E7p78s3Rxl7ZrEjRSdIW7TY_N5Q42YHzHfS84qltzVvsCKbfP5fhgAyVXFThWjY6WmaIRCwkhQ3Q_Z8J536VnuuvG6XOV1mM%2Fhttps%253A%252F%252Freconnect564.clarify.in.net%252Fpeahen974%252FC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4236"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6484,i,1314464223868048958,14944076531396943943,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=6436 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\identity_helper.exe
c:\windows\system32\ntdll.dll
4272"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6672,i,1314464223868048958,14944076531396943943,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=6808 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4480"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6484,i,1314464223868048958,14944076531396943943,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=6436 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\rpcrt4.dll
4504"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2328,i,1314464223868048958,14944076531396943943,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=2408 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4712"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3704,i,1314464223868048958,14944076531396943943,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=3964 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6212"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6904,i,1314464223868048958,14944076531396943943,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=6928 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
373
Read events
373
Write events
0
Delete events
0

Modification events

No data
Executable files
1
Suspicious files
45
Text files
278
Unknown types
3

Dropped files

PID
Process
Filename
Type
2652msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RFe01d0.TMP
MD5:
SHA256:
2652msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RFe01d0.TMP
MD5:
SHA256:
2652msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
2652msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RFe01d0.TMP
MD5:
SHA256:
2652msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
2652msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
2652msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RFe01f0.TMP
MD5:
SHA256:
2652msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RFe01e0.TMP
MD5:
SHA256:
2652msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
2652msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
111
TCP/UDP connections
104
DNS requests
169
Threats
54

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4504
msedge.exe
GET
302
54.73.101.17:443
https://redirect.viglink.com/?format=go&jsonp=vglnk_1528334718170259&key=172579b97fa4d5e8c1a3c2918a03e499&libId=ji37348e01012xfz000DA40uyjt16&loc=jamestowndeals.com/rq3dv?q=Blumenau&btnG=Pesquisar&v=1&out=https%3A%2F%2Fsecure-web.cisco.com%2F1TV2QVZYaExZgqwL6IOKlVQrr5ysTdIcfhgh7OYYi86svAP83T4HnveaQitxadVizvh4LJHFQHkBZ0SWQJXtEXFJ6pOiW45ZwNc_sZsb2RPg_Z0cdx7AbjzjSInXM4xa_OX2rXxOa2E0R6JIKqjwicD2fbjH-QEufNme5WEHuS5nN2XFMFxQ-5ckbFecO_sbo2YZn11GlR_zoIJBvYWlty9GmoUl-zSA_BjVG_HRrv4r7-TkKR8fdgg0z870xjJwJSDDl5xqYxbLIzZKIZMaJiHWiVJ0B30LW1o5i0ATgw9FzXvjNffXEP7wkYW7BNuKeg7iep36APjrJl6G9aM4h8-0svAzhBdKdTIepw4bpIwiCJtM6Bf9V1fKMjvm1Cui5Bq2sZ54idI6E7p78s3Rxl7ZrEjRSdIW7TY_N5Q42YHzHfS84qltzVvsCKbfP5fhgAyVXFThWjY6WmaIRCwkhQ3Q_Z8J536VnuuvG6XOV1mM%2Fhttps%253A%252F%252Freconnect564.clarify.in.net%252Fpeahen974%252F
US
unknown
4504
msedge.exe
GET
302
146.112.255.69:443
https://secure-web.cisco.com/1TV2QVZYaExZgqwL6IOKlVQrr5ysTdIcfhgh7OYYi86svAP83T4HnveaQitxadVizvh4LJHFQHkBZ0SWQJXtEXFJ6pOiW45ZwNc_sZsb2RPg_Z0cdx7AbjzjSInXM4xa_OX2rXxOa2E0R6JIKqjwicD2fbjH-QEufNme5WEHuS5nN2XFMFxQ-5ckbFecO_sbo2YZn11GlR_zoIJBvYWlty9GmoUl-zSA_BjVG_HRrv4r7-TkKR8fdgg0z870xjJwJSDDl5xqYxbLIzZKIZMaJiHWiVJ0B30LW1o5i0ATgw9FzXvjNffXEP7wkYW7BNuKeg7iep36APjrJl6G9aM4h8-0svAzhBdKdTIepw4bpIwiCJtM6Bf9V1fKMjvm1Cui5Bq2sZ54idI6E7p78s3Rxl7ZrEjRSdIW7TY_N5Q42YHzHfS84qltzVvsCKbfP5fhgAyVXFThWjY6WmaIRCwkhQ3Q_Z8J536VnuuvG6XOV1mM/https%3A%2F%2Freconnect564.clarify.in.net%2Fpeahen974%2F
US
whitelisted
5276
MoUsoCoreWorker.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
4504
msedge.exe
GET
200
150.171.28.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
US
text
132 b
whitelisted
4504
msedge.exe
GET
200
150.171.28.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:VpJEN5ZuJSG1cOgbEUvy6xcWy0OBz-K34vDi_cztUMg&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
US
text
100 b
whitelisted
5208
svchost.exe
GET
200
40.127.240.158:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/WaaSAssessment?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&ring=Retail&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=10.0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=WaaSAssessment&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&ServicingBranch=CB&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&HonorWUfBDeferrals=0&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
US
text
5.80 Kb
whitelisted
4504
msedge.exe
GET
429
150.171.22.17:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=Edge%2CEdgeConfig%2CEdgeServices%2CEdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=67&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1777474435&lafgdate=0
US
html
873 b
whitelisted
4504
msedge.exe
GET
304
150.171.28.11:443
https://edge.microsoft.com/abusiveadblocking/api/v1/blocklist
US
whitelisted
5276
MoUsoCoreWorker.exe
GET
200
40.127.240.158:443
https://settings-win.data.microsoft.com/settings/v3.0/FlightSettings/FSService?ProcessorClockSpeed=3094&IsRetailOS=1&OEMManufacturerName=DELL&FlightingPolicyValue=3&EnablePreviewBuilds=4294967295&OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&ManagePreviewBuilds=3&BranchReadinessLevelSource=0&AttrDataVer=186&ProcessorCores=6&BranchReadinessLevelRaw=16&TotalPhysicalRAM=6144&TPMVersion=0&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260281&DeviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&App=FSS&AppVer=10.0&SmartActiveHoursState=1&ActiveHoursStart=20&SecureBootCapable=0&ActiveHoursEnd=13&DeviceFamily=Windows.Desktop
US
text
87.3 Kb
whitelisted
4504
msedge.exe
GET
200
150.171.109.193:443
https://api.edgeoffer.microsoft.com/edgeoffer/pb/experiments?appId=edge-extensions&country=US
US
binary
82 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
48.192.1.64:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
680
svchost.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5276
MoUsoCoreWorker.exe
23.10.249.18:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5276
MoUsoCoreWorker.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
5276
MoUsoCoreWorker.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5208
svchost.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
4504
msedge.exe
150.171.28.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
activation-v2.sls.microsoft.com
  • 48.192.1.64
whitelisted
google.com
  • 192.178.183.102
whitelisted
crl.microsoft.com
  • 23.10.249.18
whitelisted
www.bing.com
  • 2.16.241.219
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted
edge.microsoft.com
  • 150.171.28.11
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
redirect.viglink.com
  • 54.73.101.17
whitelisted
api.edgeoffer.microsoft.com
  • 150.171.109.193
whitelisted
copilot.microsoft.com
  • 104.18.22.222
whitelisted

Threats

PID
Process
Class
Message
5208
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
4504
msedge.exe
Information Leak
SUSPICIOUS [ANY.RUN] FingerprintJS Collected Data observed in HTTP POST request
4504
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
4504
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
4504
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
4504
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
4504
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
4504
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
4504
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
4504
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://redirect.viglink.com/?format=go&jsonp=vglnk_1528334718170259&key=172579b97fa4d5e8c1a3c2918a03e499&libId=ji37348e01012xfz000DA40uyjt16&loc=jamestowndeals.com/rq3dv?q=Blumenau&btnG=Pesquisar&v=1&out=https%3A%2F%2Fsecure-web.cisco.com%2F1TV2QVZYaExZgqwL6IOKlVQrr5ysTdIcfhgh7OYYi86svAP83T4HnveaQitxadVizvh4LJHFQHkBZ0SWQJXtEXFJ6pOiW45ZwNc_sZsb2RPg_Z0cdx7AbjzjSInXM4xa_OX2rXxOa2E0R6JIKqjwicD2fbjH-QEufNme5WEHuS5nN2XFMFxQ-5ckbFecO_sbo2YZn11GlR_zoIJBvYWlty9GmoUl-zSA_BjVG_HRrv4r7-TkKR8fdgg0z870xjJwJSDDl5xqYxbLIzZKIZMaJiHWiVJ0B30LW1o5i0ATgw9FzXvjNffXEP7wkYW7BNuKeg7iep36APjrJl6G9aM4h8-0svAzhBdKdTIepw4bpIwiCJtM6Bf9V1fKMjvm1Cui5Bq2sZ54idI6E7p78s3Rxl7ZrEjRSdIW7TY_N5Q42YHzHfS84qltzVvsCKbfP5fhgAyVXFThWjY6WmaIRCwkhQ3Q_Z8J536VnuuvG6XOV1mM%2Fhttps%253A%252F%252Freconnect564.clarify.in.net%252Fpeahen974%252F