| URL: | Www.google.com |
| Full analysis: | https://app.any.run/tasks/7f013f08-ceca-47e6-82fd-67a1c578c3df |
| Verdict: | Malicious activity |
| Analysis date: | December 14, 2024, 02:33:14 |
| OS: | Windows 10 Professional (build: 19045, 64 bit) |
| MD5: | BD6CBA3DEF4501ECEC0CD849AC0BF345 |
| SHA1: | 422239DD4D6C992445D1AB8BE8DF829B5432C4D9 |
| SHA256: | A20F61D619B4A116E8AB9CCADAE0B3AC116E1C4C05B9402695C21A222B0F80FA |
| SSDEEP: | 3:8+K:DK |
MALICIOUS
No malicious indicators.SUSPICIOUS
Potential Corporate Privacy Violation
- msedge.exe (PID: 4792)
INFO
No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
170
Monitored processes
1
Malicious processes
1
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process |
|---|---|---|---|---|
| 4792 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2604 --field-trial-handle=2320,i,16194277592197507296,15814343983252007256,262144 --variations-seed-version /prefetch:3 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | msedge.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Version: 122.0.2365.59 | ||||
Total events
0
Read events
0
Write events
0
Delete events
0
Modification events
Executable files
3
Suspicious files
116
Text files
24
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 4792 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c3 | compressed | |
MD5:D4C2E6DC5DF547E5D0D7C7202746A2BD | SHA256:B49954CA2713366FBBA0731D2F6857D6287034F1D44A4306699741FFBBB1E48F | |||
| 4792 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF2b6272.TMP | binary | |
MD5:15D26FA4E16467BE658F42074AC0DBAA | SHA256:D287407BD901A32E3F38F4392984507184D596C3694FAA69DD0B2E68F9F3A8FE | |||
| 4792 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF2b8377.TMP | binary | |
MD5:214DB11D1917A8AD87DA24A4B2375117 | SHA256:9F13946E0B48EAE740DCE5DE0CB0D86C4C933B99D011A9A824082505DFE89487 | |||
| 4792 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity | binary | |
MD5:214DB11D1917A8AD87DA24A4B2375117 | SHA256:9F13946E0B48EAE740DCE5DE0CB0D86C4C933B99D011A9A824082505DFE89487 | |||
| 4792 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State | binary | |
MD5:ED74D0CC3CAB53CA501F3CD6C50FAA1A | SHA256:331BB0DA5A3BE7843A14503DA9547E7309F3631916C6112882FF36D75025E7EE | |||
| 4792 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bb | image | |
MD5:55653D73F359016F5BCB0B90183F61DF | SHA256:050CA6FB6DBFD30B004B5013CEF04BEF2739C3E8ED0D9D83B0DE95A9B3E4FEC5 | |||
| 4792 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c2 | compressed | |
MD5:6F9BCBD9790889389F52578F0C27177E | SHA256:F83E87421CDA34647DBBBD00CD215A7F86445AF8B2E550FC88413A757B89CAA6 | |||
| 4792 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF2b687c.TMP | binary | |
MD5:2A21453795942FD88CBB06714604B9FD | SHA256:5DFE0384325B556EE4B8668E502312B9BA6ADC298CD9213DDFA528CB959ADC06 | |||
| 4792 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\15e2a036-d483-4370-991a-b6b65452bde1.tmp | binary | |
MD5:ED74D0CC3CAB53CA501F3CD6C50FAA1A | SHA256:331BB0DA5A3BE7843A14503DA9547E7309F3631916C6112882FF36D75025E7EE | |||
| 4792 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c0 | compressed | |
MD5:E9528E9F7C4C58CADB41BCC54A7AFE0F | SHA256:0162D2E2C1F4B0469D1BA258EAA4AA674F48EE99F2E49A63D851EC7ACBE66155 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
319
TCP/UDP connections
188
DNS requests
187
Threats
14
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
— | — | HEAD | 200 | 184.30.17.174:443 | https://fs.microsoft.com/fs/windows/config.json | unknown | — | — | — |
— | — | GET | 200 | 2.16.164.106:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
6608 | RUXIMICS.exe | GET | 200 | 2.16.164.106:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
6608 | RUXIMICS.exe | GET | 200 | 95.101.149.131:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
4304 | MoUsoCoreWorker.exe | GET | 200 | 95.101.149.131:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
— | — | OPTIONS | 200 | 216.58.206.74:443 | https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData | unknown | — | — | — |
— | — | OPTIONS | 200 | 142.250.181.238:443 | https://play.google.com/log?format=json&hasfast=true | unknown | — | — | — |
— | — | GET | 200 | 184.30.17.174:443 | https://fs.microsoft.com/fs/windows/config.json | unknown | binary | 55 b | whitelisted |
— | — | GET | 200 | 142.250.185.68:443 | https://www.google.com/ | unknown | html | 213 Kb | whitelisted |
— | — | GET | 200 | 216.58.212.142:443 | https://ogs.google.com/widget/callout?prid=19045670&pgid=19045668&puid=14124244910555aa&eom=1&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=538&hl=en | unknown | html | 49.7 Kb | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
— | — | 224.0.0.251:5353 | — | — | — | unknown |
4792 | msedge.exe | 104.208.16.91:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | US | unknown |
6608 | RUXIMICS.exe | 20.73.194.208:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4304 | MoUsoCoreWorker.exe | 20.73.194.208:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6700 | svchost.exe | 20.73.194.208:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4792 | msedge.exe | 142.250.184.196:443 | www.google.com | — | — | whitelisted |
4792 | msedge.exe | 2.23.209.187:443 | www.bing.com | Akamai International B.V. | GB | whitelisted |
2740 | svchost.exe | 184.28.90.27:443 | fs.microsoft.com | AKAMAI-AS | US | whitelisted |
5988 | svchost.exe | 239.255.255.250:1900 | — | — | — | whitelisted |
4792 | msedge.exe | 142.250.185.67:443 | www.gstatic.com | GOOGLE | US | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
google.com |
| whitelisted |
www.bing.com |
| whitelisted |
www.google.com |
| whitelisted |
fs.microsoft.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
xpaywalletcdn.azureedge.net |
| whitelisted |
edge.microsoft.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
ogs.google.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com) |
— | — | Potential Corporate Privacy Violation | ET POLICY DNS Query For XXX Adult Site Top Level Domain |
— | — | Potential Corporate Privacy Violation | ET POLICY DNS Query For XXX Adult Site Top Level Domain |
— | — | Potential Corporate Privacy Violation | ET POLICY DNS Query For XXX Adult Site Top Level Domain |
— | — | Potential Corporate Privacy Violation | ET POLICY DNS Query For XXX Adult Site Top Level Domain |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net) |
— | — | Potential Corporate Privacy Violation | ET POLICY DNS Query For XXX Adult Site Top Level Domain |
— | — | Potential Corporate Privacy Violation | ET POLICY DNS Query For XXX Adult Site Top Level Domain |