File name:

QuarantineMessage (4).zip

Full analysis: https://app.any.run/tasks/94e1489f-510a-4ec8-9e16-bf1b29e255cd
Verdict: Malicious activity
Threats:

Tycoon 2FA is a phishing-as-a-service (PhaaS) platform designed to bypass multi-factor authentication (MFA) protections, particularly targeting Microsoft 365 and Gmail accounts. Its advanced evasion techniques and modular architecture make it a significant threat to organizations relying on MFA for security.

Malware Trends Tracker     >>>
Analysis date: April 29, 2025, 11:24:32
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
attachments
attc-doc
phishing-ml
phishing
tycoon
phishing
Indicators:
MIME: application/zip
File info: Zip archive data, at least v4.5 to extract, compression method=deflate
MD5:

9FED7559B4B2670F268C7C3209D0F384

SHA1:

B04C024B7388F5327FD7CDF727F9AEAB84032EC8

SHA256:

8372F3A26708C36681DF43966CDC94232FEC20E41036CC42E6054841C3999E2D

SSDEEP:

6144:LW/9ZyaieMz/bVAhjSv9Mh/UcRvrmpR1zspV4NaR:LW/9ZKeMPVojxh/Ucdrmp/z0ONG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 7204)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 7352)

    • Reads Microsoft Outlook installation path

      • WinRAR.exe (PID: 7352)

  • INFO

    • Reads Microsoft Office registry keys

      • WinRAR.exe (PID: 7352)

    • Reads the software policy settings

      • slui.exe (PID: 7504)

    • Application launched itself

      • msedge.exe (PID: 1096)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 45
ZipBitFlag: 0x0009
ZipCompression: Deflated
ZipModifyDate: 2025:04:29 11:24:00
ZipCRC: 0xd73d2507
ZipCompressedSize: 4294967295
ZipUncompressedSize: 4294967295
ZipFileName: 3280a15b-dc97-424e-020d-08dd87058b2c/99843a9e-371f-edb0-9919-8086b68b20ea.eml
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
197
Monitored processes
58
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs sppextcomobj.exe no specs slui.exe outlook.exe ai.exe no specs excel.exe no specs slui.exe excel.exe msedge.exe msedge.exe no specs msedge.exe no specs #PHISHING msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs splwow64.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
472"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4224 --field-trial-handle=2484,i,14276604384196599674,17543658737031870319,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
864"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4448 --field-trial-handle=2484,i,14276604384196599674,17543658737031870319,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
872"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5948 --field-trial-handle=2484,i,14276604384196599674,17543658737031870319,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
968"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6240 --field-trial-handle=2484,i,14276604384196599674,17543658737031870319,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1072"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3924 --field-trial-handle=2484,i,14276604384196599674,17543658737031870319,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1072"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=2484,i,14276604384196599674,17543658737031870319,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1096"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://newetthodocu.chisholmtrailchurch.com/C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
EXCEL.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1324"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4236 --field-trial-handle=2484,i,14276604384196599674,17543658737031870319,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1760"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2468 --field-trial-handle=2484,i,14276604384196599674,17543658737031870319,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2092"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2764 --field-trial-handle=2484,i,14276604384196599674,17543658737031870319,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
29 578
Read events
27 963
Write events
1 411
Delete events
204

Modification events

(PID) Process:(7352) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(7352) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(7352) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(7352) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\QuarantineMessage (4).zip
(PID) Process:(7352) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(7352) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(7352) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(7352) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(7352) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
(PID) Process:(7352) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Operation:writeName:{5FA29220-36A1-40F9-89C6-F4B384B7642E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF
Value:
010000000000000047F23754F9B8DB01
Executable files
5
Suspicious files
496
Text files
98
Unknown types
1

Dropped files

PID
Process
Filename
Type
7932OUTLOOK.EXEC:\Users\admin\Documents\Outlook Files\Outlook1.pst
MD5:
SHA256:
7932OUTLOOK.EXEC:\Users\admin\AppData\Local\Temp\olkF9E2.tmpbinary
MD5:97A0C45A03DA7567D7BD74BC9240A4CF
SHA256:2C18216F09B83D92DE11A31EBF55FC96596EE09D01D83514BA43B10BF5C18078
7932OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bintext
MD5:CC90D669144261B198DEAD45AA266572
SHA256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
7932OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_TableViewPreviewPrefs_2_A57B1DA2552D774DBD4AEB75994C26BD.datxml
MD5:0E092DB99AEE99FDFF9B5B222C732CFD
SHA256:D1614AD99ADED9F6F5C1BE7FE7FFA5124BD04A526580DA3818EA8A954E852AA6
7932OUTLOOK.EXEC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9binary
MD5:2FB587A27E2322A990F25D8CA4BCC9E1
SHA256:5A3B9A808AB236BB9B832D12FC9959BDE36B931533E54570CBA8D405A25CC155
7932OUTLOOK.EXEC:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotmbinary
MD5:F93F32772BF884114521E94B25B1D53D
SHA256:4060C887B4C2EDB247B8389670C413DE6D1B3535627FCFA9BCF8775AE449BB3E
7932OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\A76D5E40-A627-44DE-8188-581B63697C27xml
MD5:2DAC568B54C52C883DBFB9BF3FBCA8F3
SHA256:FF2401AAD0D92DF78C1764680AD65C36DEA1978DC2F357B9E16B00990900AA6E
7352WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIb7352.19661\99843a9e-371f-edb0-9919-8086b68b20ea.emlbinary
MD5:E54F8589D0277F06F9BCE50748FF91D5
SHA256:A20DAFB438312FE460FB0732F04F8C7802E30DC20CEE37FFA06A0AA619B4A56A
7932OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\B3271E0.datbinary
MD5:3130674361801338990A94180D2C5B7A
SHA256:39A22E5A302E0C5694EF743495D7879C165D8343252AC7DF50D8ECE5D64958F6
7932OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbresbinary
MD5:BB85AB41084D9FE87CE170748C6FF16B
SHA256:22C9D98A9C9DDA743B7414B4B14300D2B9325FC8412DFF9CEE85384D8D04CBB1
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
29
TCP/UDP connections
110
DNS requests
124
Threats
18

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6544
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
23.48.23.145:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7932
OUTLOOK.EXE
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
2316
svchost.exe
HEAD
200
2.16.168.108:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/52f29a75-af43-43c2-b5ad-ab8c4b266a65?P1=1746520664&P2=404&P3=2&P4=ZpTCNH2Hc88hP8EYKlKGlKG%2fAmv0y1K5w5GhueVA2BSM3eajdw4tK42Qwu8GalN9blDa4LdLCpx8I98R0wBTpA%3d%3d
unknown
whitelisted
5124
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5124
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
2316
svchost.exe
GET
206
2.16.168.108:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/52f29a75-af43-43c2-b5ad-ab8c4b266a65?P1=1746520664&P2=404&P3=2&P4=ZpTCNH2Hc88hP8EYKlKGlKG%2fAmv0y1K5w5GhueVA2BSM3eajdw4tK42Qwu8GalN9blDa4LdLCpx8I98R0wBTpA%3d%3d
unknown
whitelisted
2316
svchost.exe
GET
206
2.16.168.108:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/52f29a75-af43-43c2-b5ad-ab8c4b266a65?P1=1746520664&P2=404&P3=2&P4=ZpTCNH2Hc88hP8EYKlKGlKG%2fAmv0y1K5w5GhueVA2BSM3eajdw4tK42Qwu8GalN9blDa4LdLCpx8I98R0wBTpA%3d%3d
unknown
whitelisted
2316
svchost.exe
GET
206
2.16.168.108:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/52f29a75-af43-43c2-b5ad-ab8c4b266a65?P1=1746520664&P2=404&P3=2&P4=ZpTCNH2Hc88hP8EYKlKGlKG%2fAmv0y1K5w5GhueVA2BSM3eajdw4tK42Qwu8GalN9blDa4LdLCpx8I98R0wBTpA%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2104
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5496
MoUsoCoreWorker.exe
23.48.23.145:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5496
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
2112
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3216
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
20.190.159.130:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
whitelisted
google.com
  • 216.58.212.142
whitelisted
crl.microsoft.com
  • 23.48.23.145
  • 23.48.23.193
  • 23.48.23.158
  • 23.48.23.180
  • 23.48.23.156
  • 23.48.23.190
  • 23.48.23.194
  • 23.48.23.147
  • 23.48.23.143
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
client.wns.windows.com
  • 172.211.123.250
  • 172.211.123.248
whitelisted
login.live.com
  • 20.190.159.130
  • 40.126.31.71
  • 40.126.31.0
  • 20.190.159.73
  • 20.190.159.2
  • 40.126.31.67
  • 20.190.159.71
  • 40.126.31.2
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
officeclient.microsoft.com
  • 52.109.89.18
whitelisted
ecs.office.com
  • 52.123.129.14
  • 52.123.128.14
whitelisted
roaming.officeapps.live.com
  • 52.109.76.243
whitelisted

Threats

PID
Process
Class
Message
7204
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
7204
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
7204
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
7204
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
7204
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
7204
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
7204
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
7204
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
7204
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
7204
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
QuarantineMessage (4).zip