URL:

https://linkprotect.cudasvc.com/url?a=https%3a%2f%2furl.us.m.mimecastprotect.com%2fr%2fdjvuL7mYUbLSjWrnnlMRak7HYIVt7LW7QsholS5SlvrqYU17B4sptqDUK2SgHv7jDfwvov53gTs6-iDuRNFhCxW0-TYMmpUXVVLl083BaG1jmRayCo3p7vcoOj8e-lMPCOKBKICagIlYUWaL3g-Cypx5I_gTCVbP0qj6BfQhfawg1TNMvuucXQzheEm0sMCiOTPqpw-_DgysY8geDQVcWTroqaFafxY9omu3A0pNIFv62I71hgPcBvFZA6ipGNGsuaWIIBpGfcaDPaQ2K-PJ9yWWSajFssru-rGh0dUe3qhYvbFnToxVtVjUJ8ZDtmhOKaKjlMa06RrW0BWfPKH10XWe1gmj8kEJxJXgzBC7W5afT-5-KWvvXYWt9HXvkJONTgTspEAvrSVr-xPesX6CaOWopCxl55BGJZOskVLVYBTQ4scuczogFZjNf8IuHe9zjxhQoshIScZA1eiuh0VotFMXT7smCFdJAEXePmi3Wu74TUA7VAwtJ503UilFutTD3OZOXrXAKlsO8Wz0AbpyM0Zphp0qsCDu0WSzrZqF3eVgjBIPHOcE680jm0lBVwJXHOEYDyyUuyDhGTk__Khs5k3MjBE8Yogi0N2CoyEYHITF33ckjg5FdKAmX2I6F7WgFed8Bwy2gThf2fKufSLevxAibFs9-cYsTLFVVfgvmLqtfBe6HbNm_VrdLhKFvahHQz_UnLLkgMA_QSq6WFwq0O6uIppgoTUnTrWkHIEWxlR9fqRCF4S2TBTaIeuW_RN00vCnSwIM30BPEYdExRmBzSxk1jPR9ouKyTE5GTE9armIkeyDNdxY256w27TNTuTD8pUXDqwtB2x9BARHhXyl3R9heI7FbXeb4_QrHvOVM3khGUzcj1nPRJL1g9W-mC0kpK6-gSDx-tjgBBMJqG-JTW-W14ON3IojsLA3H965NTuIqcJWDh4mLU8lBIAubuXj4G3KTLZba9yMECapb3YIlN6Nxji7PL-x7K4SrSPmiwti_CKd9Jl0clY-OD0P9vxKhwELkCfSYHcHFiraWUAf6OcM31GqYnEoq7sQvGc5VAe2Vug8ibEzeuvxEyNxiHRTbhw1driD8Vo2PPKZWD2Cj0w_ou8_vTZwHDcsrRghXhTw7vMiFhHl12WEd2GnkJvRn_StyNyqGyFlW_vLIFFrGCKoAHjeX_q-sWUimsCrYbTvbVRioD0GXmpMXDqUBVw0DhB1ySCAZxg7T2RgLN8DtlOBvpY825e2zpLTYW9PA-976jzNmjUKHJUJKKToDV5jfKZGWdLEHE35Sj-lGn8sc48bYRlG7u8iMTUn3IUM9zUYPTDma_Mo5dtTjKMjmmdyNhb-1z6w8Uj8VuhOkZj68F38rksxr7o7QUeIJ0cxANVevU1x-X1208l61tSFrqt0a6P1AG4VoAYBBHp6EdPzVFJGvePezUWKTFPPZWT828unMzOfAV04DxzYP36ANk69mw71MGCvILEdFxYz2A7kcah_i9-Zmbf4Kkw_QpNjYz7UHq-TKeJ5XdZBDnT4CZ9U00lDqjwxegD3q9c_A7S5pEcmtnuHtTsWDxYINERQSPsCb00-mH_Twc8nSn53pDjpkL37NyCkygzAqpQuLtvygKL83qUMvcwimFiy9iRX1ON3dc7xsiOV12mjItRXbMcA6y2A8zYl-4m81UqZwcstwNfqFCSN1YxibfldEWM-TxddViKUUqDgmSQe8l7FUCQAWT2ROrvES9hGiVZxSuHRdux5eEfyrwodyNdpMiWtiMjumEPjMadjuViIQ8XQrH__l8yt7Z-APZGaTt7o-II6JxIX_mt9EWmf81uo2r9l8UYk7mBoe9V9fyb2Tk6frMb1Lfm016xjshRHwR2qOMDUYfr4VwF3BQeYhYh19j3ZbDjGZf3_i_CIEjhl1braRj9jnpU_c_lT_8IVNQ6adiktEviSzELzx6NipTTbmbZjSvfXhb3FuYntqAHNXM4x9acRc8qRo5_n-OaVXe7KSGWTERjK-LQcsSl9wLZyRTS8s26vP-s3urztAYJaZGuz2z-EvkQzWZ_EPb44_4lcN9Z2SWwnD2dd98pv5PdMJdr37kWvGKz1EfHxBjHuOgOLRpsQ8nJBrCo7PVL0jUth2V1b-rGoM3X-E1pleex7mPJcnDVZQSnE6vyAhV6ebdBFhvczag3Nd4dX6wxlWjMBTpqFy-ppGdryXUoOjpcdhJHyVtPrGr2lBOttsA8trXF9Kk8VNoJi7LYsxhqAAcA67px_tjmQ1UF33mLM46kPG3NQsTP4oYODvSMWIEWsTMUR7znvbwKCtjNBUluJKJk0LyxPMjk6q2s011KGYLhj7qdX9y2H2MdHUvzRCGDOSkW9fBhv1tXSbmQ8PK_Ul8qsJBqqX5mCauLKTvYEU-VV9z6xMeUAXVsofZie5n1gAh_tONLPonI6WFiWXldDev6sX-ePfxYAkg1FiuYF4lDprbBVDajD1syI3fcKmXyL4OtoDU5soRXs15xG4mBI9rxwCx6qUcHDDhsA3yGcIoUwCo0h3jd94POUkjXUHnQPxI21YU1OlseHRc_4i-5oGwNil7HGSFa05x6XjgyMxE1dJrBksMG3EMkPm5JDXV6F_01Id4zemaoZgzooEh_7fv1E4Zv3mE1qdYUsorfnHlmQs7ASpv9l3gGSRkrARskqTZ4x_y5oew6kflzRIj7-a8xMPESmp4Ss4ysUv0BYOs7qyz50af3NUaft_ZHoHG2omhT0-m5SUZLO8eFxJgYR9B0LCmtaUlxE_zhrf65vPvj09uu_9ooIQn0SOUz2XzNOSUcB1SfIUxSHGuQHxx1mdUOV-kWq8gjzkXPH7o5rqzHT440EE1bZFO2-dB69WZuGRGhCwR8-6fUNe9sHEcfVFJZMRfCDRJpyBddQR3k1d8xLEdt69UQ8jzdsPhXcIwHXohaHCZWkpb_nU1LGnWmoNTXTf2ObuXuNkoJVECqkDMWrTJpoVasChvrWli5pAPEY5soALmEjeoGMIF6Hz-pmEREulECXlldG9gpC2XP0Y4VyOKzA4A2j3sPDWBZC62iJqmJf5AIRgEqUQ75KriJKCgRA-j7HsVGUyukVsrYpzyQeagJuEe96BbYbFIPdEpzxack4vbeBgqvtnggnsxgF6vrUASb9x4Hiw1JdCBLx7bQU__qfy4q_mQ4OCFse4Xn7fNOq-1FmaOKDr0qjVUnKBCh9lQzt3rRixmtEMdnhubhUSEzxHkmdwIh8BkYJOkx2w62wwFirwUPMCVPy94lVPWLW-uHrOleEAaa20xNsBKGYcAs4GmCVU8dKkztp32GnfJf1ydkOAPm6oUBJzWgwMrd6ebt1C1kdJCeSxdSXCaG8aSdYOu1iQDa7TNMP4FuPQvkUrx90mAYbmuDzb856LqJN-dk7k8yv2iuQf1yml0Dy0YXCH3HVt_J0Nvjqr1WjpDG4OcBQSYf_5dDSLS4TBwsFEt8CRAVf3fSScBMvf12-OPaEFL9B2ZE7N76zHl8f5c4nHhkqDBzwGJ0px8X3HVRFS8J5DaMRwDBlloXGiTUd-r0ms57AGjDPw0rxEixXmFze18TpWk0zceCxayfhK6rk-Jt1IFOY8Hirr6zmmatyXGOR9qgY9WFjNTUY71f06Fy5uFStzAtypUxhRb-qodzz05uTmDcyB4I7MAKvEHNI_QPxkG2VkZTY02PaVAB75TS9i2yr0AGoQwGwSxuOPBeNjO9xBZwJT80rqoHp457sjFwvk9sXTQNlkE2riskMYltJuy7NHur3-6adW7QSBeBpOpK8D3lwb_bC4mqTO95om6yDs-lZznTHl6Aez5IlXeRKpRxt0Zv5MGUttISwU72GosppeZ8qjEwuwbtj4t-hsdSOMNkvt_ZdxCwGVRt6yjK09IYiGhUdJd8nybTtrFnb7khWVflBalY2f3qGnBrbQWTopeL9anXmEe3I1yFnpcfk5xmu4sVg0QFFcr8oZO67xLIktFogmRtIOl-xn7-BtuzITk6B1eBCv5q3s5aMdiZDXO0v0giI3YF0LV9yxkvoqJsPu3xhvvvoqrHX1Qc-nuZ5g2WBbCfSvLRjCi7Ig5sVYNrI9C091UFB1OTyJuVShC_ORmikKLXzdjq9GeQqNt8wQ5I3ucg-NqlxhR1hTkdz-eUu42tA6eCQivymiE8aEEzASdk6BL_jNnksjLRhIdaMZXZAeaLWaRIEevaL788X1E3KMC74O6JTzxXPbqLh5swqgjtRQoGbzeosjQgZ1lciwso249Ti1Gesgqc8_Dhj4f2rM8flFSk_zuGTj0HgImdgTrvkvqsRovKGVQC_Gh1LJTy6jJCGo2heH5-_d6ljCqSo0D8OT4GQmjWzniqkisLVAZqfrnfHz2gtOJQIMw5dR6yi1x39xqAtXg-5bRN5uVmz86Oj6Il0fNRVgSs3URoyTeIZdkVBjiN3qW_nF32rOxV09OQGiF_LD9lvWs2yU39EG7pwRJL0aY1rOBqNWwvnJMsHGWNAF-fd7mZsgakkfGUSuN1-LPgK6UgsBx2_it92NnPZzS7gNNrZTx_09DpaxN1QBKhkRDmNV10HEtS_Nzo&c=E,1,irTh2YpVF8i9o4lJpLfZrVLhu82kfCJAWITv4QABV6b7mbSQSkUuHimVpVZLdGv1Do7G9nEJXmPhfVq7jh9Uoa0Fk1fOcLgmGx1ZbAOn2E_b7z7zrWgibg,,&typo=1

Full analysis: https://app.any.run/tasks/bd3f52c7-73ab-4203-962c-7d95c2b50196
Verdict: Malicious activity
Analysis date: April 15, 2025, 18:13:53
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
phishing
tycoon
43
42
Indicators:
MD5:

8CE775B617BFB67932AB671FFCEE2D22

SHA1:

5830B82096642226C5EFA097CDE4144F3043968F

SHA256:

77471D61304A178A06E0234ED0227CAD10058906DE3D7C3C067B692AF9A0E801

SSDEEP:

96:+/WpdZCKbkMD7EXkQfalYmN6RDTebB+/hk8jvdzBhR/lAAQb8Wa2OXPB:+8CKbV7EwNQq4JFBjeA69Op

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 7344)
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Application launched itself

      • msedge.exe (PID: 5256)
    • Reads the computer name

      • identity_helper.exe (PID: 7660)
    • Checks supported languages

      • identity_helper.exe (PID: 7660)
    • Reads Environment values

      • identity_helper.exe (PID: 7660)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
169
Monitored processes
39
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs #PHISHING msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs sppextcomobj.exe no specs slui.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1040"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5684 --field-trial-handle=2340,i,17522358863576620294,1778083384937028428,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1188"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4400 --field-trial-handle=2340,i,17522358863576620294,1778083384937028428,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1228"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5216 --field-trial-handle=2340,i,17522358863576620294,1778083384937028428,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1660"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3596 --field-trial-handle=2340,i,17522358863576620294,1778083384937028428,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1760"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6400 --field-trial-handle=2340,i,17522358863576620294,1778083384937028428,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
2108"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --no-appcompat-clear --mojo-platform-channel-handle=3680 --field-trial-handle=2340,i,17522358863576620294,1778083384937028428,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4000"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6648 --field-trial-handle=2340,i,17522358863576620294,1778083384937028428,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4120"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5404 --field-trial-handle=2340,i,17522358863576620294,1778083384937028428,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4244"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5504 --field-trial-handle=2340,i,17522358863576620294,1778083384937028428,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4652"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6780 --field-trial-handle=2340,i,17522358863576620294,1778083384937028428,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
4 713
Read events
4 666
Write events
29
Delete events
18

Modification events

(PID) Process:(5256) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(5256) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(5256) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(5256) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(5256) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
64AB826A6B912F00
(PID) Process:(5256) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328322
Operation:writeName:WindowTabManagerFileMappingId
Value:
{BCA366EF-1EC5-4991-8C81-BA101C602A2D}
(PID) Process:(5256) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328322
Operation:writeName:WindowTabManagerFileMappingId
Value:
{C1505864-3270-4B92-B152-4ECDD6612FB0}
(PID) Process:(5256) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
767A8B6A6B912F00
(PID) Process:(5256) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328322
Operation:writeName:WindowTabManagerFileMappingId
Value:
{7C6C10E5-C840-4D63-99C3-6B399C6812C3}
(PID) Process:(5256) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328322
Operation:writeName:WindowTabManagerFileMappingId
Value:
{3E83AE59-3439-48C8-A45E-1D16460E0739}
Executable files
6
Suspicious files
87
Text files
38
Unknown types
1

Dropped files

PID
Process
Filename
Type
5256msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF10bb24.TMP
MD5:
SHA256:
5256msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
5256msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF10bb24.TMP
MD5:
SHA256:
5256msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
5256msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF10bb34.TMP
MD5:
SHA256:
5256msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
5256msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF10bb34.TMP
MD5:
SHA256:
5256msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF10bb34.TMP
MD5:
SHA256:
5256msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
5256msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
72
DNS requests
93
Threats
14

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
2.19.11.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4652
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
4652
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
2.19.11.120:80
crl.microsoft.com
Elisa Oyj
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
5256
msedge.exe
239.255.255.250:1900
whitelisted
7344
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7344
msedge.exe
13.107.246.45:443
edge-mobile-static.azureedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7344
msedge.exe
150.171.27.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7344
msedge.exe
13.107.6.158:443
business.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7344
msedge.exe
3.76.92.228:443
linkprotect.cudasvc.com
AMAZON-02
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 2.19.11.120
  • 2.19.11.105
whitelisted
google.com
  • 142.250.186.46
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted
linkprotect.cudasvc.com
  • 3.76.92.228
  • 18.192.180.120
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
bzib.nelreports.net
  • 2.22.242.105
  • 2.22.242.11
whitelisted
url.us.m.mimecastprotect.com
  • 205.139.111.117
  • 205.139.111.113
  • 207.211.31.106
  • 207.211.31.113
  • 205.139.111.12
  • 207.211.31.64
whitelisted

Threats

PID
Process
Class
Message
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing Domain (doghouse .com .tr)
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing Domain (doghouse .com .tr)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
No debug info