Malware analysis https://voile150.zyvoes.com/incipience781/*cGF1bGV0dGUuZ3JhaGFtQGdvbGRmaWVsZHMuY29t Malicious activity

Add for printing

URL:	https://voile150.zyvoes.com/incipience781/*cGF1bGV0dGUuZ3JhaGFtQGdvbGRmaWVsZHMuY29t
Full analysis:	https://app.any.run/tasks/774740b7-8333-48e9-8d43-4d301bff6091
Verdict:	Malicious activity
Analysis date:	September 23, 2025, 11:39:12
OS:	Windows 10 Professional (build: 19044, 64 bit)
Tags:	phishing fingerprinting
Indicators:
MD5:	2E06D8CEAC0FB084DFBFCEC93FEC6817
SHA1:	9BC5E951D25404D9507C0FC421D16F947B6C4F35
SHA256:	AEBB6D252BFCF4127D46A0E5EA275A28FC45CBE75B66F296F60B7F0655F02D27
SSDEEP:	3:N8YUQMKIXfVcWKdjUHQ2levlt0iLUYQGgn:2YUNXWLow2uPJLSn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Add for printing

MALICIOUS
- PHISHING has been detected (SURICATA)
  - msedge.exe (PID: 6888)
SUSPICIOUS
No suspicious indicators.
INFO
No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

136

Monitored processes

1

Malicious processes

1

Suspicious processes

0

Behavior graph

Click at the process to see the details

Process information

PID	CMD	Path	Indicators	Parent process
6888	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --webtransport-developer-mode --string-annotations --always-read-main-dll --field-trial-handle=2268,i,5563634417838714164,2438233923621497815,262144 --variations-seed-version --mojo-platform-channel-handle=2560 /prefetch:3	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe		msedge.exe
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Version: 133.0.3065.92

Add for printing

Total events

0

Read events

0

Write events

0

Delete events

0

Modification events

No data

Add for printing

Executable files

0

Suspicious files

17

Text files

0

Unknown types

0

Dropped files

PID	Process	Filename		Type
6888	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b8		binary
		MD5:2B0A06DD07E1A297581B343F15B295A0	SHA256:F3928DA805119CB3F310435B80C6E74DB4D98AD6D39751DB05D29072E70D772E
6888	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State		binary
		MD5:F054A7D6E382DF24018FE84986B710A2	SHA256:4E5235C6B40BCE6C5FD0554D554FCDB38E8016DCDDFA9CAB63103407CAF8DAEB
6888	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\640c5d3b-1180-49a7-ba4a-0f2966fb9a92.tmp		binary
		MD5:F054A7D6E382DF24018FE84986B710A2	SHA256:4E5235C6B40BCE6C5FD0554D554FCDB38E8016DCDDFA9CAB63103407CAF8DAEB
6888	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b9		binary
		MD5:9436AFFC97843765A966B3568FA7E5EC	SHA256:7165713D3E1A610399471A5E93D5677508F62EF072C1151E72273BF4BD54F916
6888	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bb		binary
		MD5:1D124EB57DD72A38D3B42F67877D275C	SHA256:31F8769C523B6D1864DFFED5CF90BB92B1DD47C64A091BF721ECB2892E8DAB57
6888	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b5		binary
		MD5:74C3D8502CE54D31552705115DF89AC1	SHA256:CC4F82BA96E3825165503E44CA506FAD696416BD54C38D3BD46E71790633D584
6888	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bd		binary
		MD5:8985FBB141D23E9AA45DBCAA2D4BF6B1	SHA256:D95404A82799AE0C411D0E35F64F22D3278DF4E0A9685C3888F1762398EA1F9B
6888	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b6		compressed
		MD5:F3AD19FDBD15A27B32A4D25E49CC266E	SHA256:3A657EDDEC2905CE29950E37A3CC78C6839AFC858FE26A89490A1502BE032D13
6888	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bc		compressed
		MD5:D198ACAE18B09D0FC035CA4797BD01E6	SHA256:15F388DC0A8C736E682A6E49FD905EB66F07FD21E7516597404CDA98A3FAB78F
6888	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bf		binary
		MD5:4C435578EE61228590D18DD45F6C80F2	SHA256:08CF31251C25477625D50636C9B02DF04C9C5D92CCAB337A60D8AE2703849C3E

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

84

TCP/UDP connections

69

DNS requests

48

Threats

5

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
—	—	HEAD	200	104.103.102.195:443	https://fs.microsoft.com/fs/windows/config.json	unknown	—	—	—
—	—	GET	200	172.67.152.10:443	https://voile150.zyvoes.com/incipience781/*cGF1bGV0dGUuZ3JhaGFtQGdvbGRmaWVsZHMuY29t	unknown	html	673 b	—
6888	msedge.exe	GET	403	199.232.210.172:80	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/4c4fdee0-d69c-42b7-bf5c-3ec046e9dfc9?P1=1753186353&P2=404&P3=2&P4=JctxgV%2fBzu58lG09sot5gGnCe%2fY1hwdAjsjhuzjzxTQ2YzQOHr%2fJXcKzV3SdbfHgQEdRSVQGHksTHkDx0nQLkQ%3d%3d	unknown	—	—	whitelisted
—	—	GET	200	104.16.79.73:443	https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015	unknown	—	—	—
—	—	GET	200	92.123.104.32:443	https://www.bing.com/bloomfilterfiles/ExpandedDomainsFilterGlobal.json	unknown	binary	656 Kb	—
—	—	POST	200	150.171.28.11:443	https://edge.microsoft.com/componentupdater/api/v1/update	unknown	text	1.46 Kb	—
5812	RUXIMICS.exe	GET	200	2.16.168.124:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
5336	MoUsoCoreWorker.exe	GET	200	2.16.168.124:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
3040	svchost.exe	GET	200	2.16.168.124:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
5812	RUXIMICS.exe	GET	200	95.101.149.131:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
3040	svchost.exe	20.73.194.208:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
7100	msedge.exe	224.0.0.251:5353	—	—	—	whitelisted
5812	RUXIMICS.exe	20.73.194.208:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
5336	MoUsoCoreWorker.exe	20.73.194.208:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
6888	msedge.exe	199.232.210.172:80	msedge.b.tlu.dl.delivery.mp.microsoft.com	FASTLY	US	whitelisted
5008	svchost.exe	104.102.63.189:443	fs.microsoft.com	AKAMAI-AS	US	whitelisted
6888	msedge.exe	104.21.41.218:443	voile150.zyvoes.com	CLOUDFLARENET	—	unknown
6888	msedge.exe	104.16.79.73:443	static.cloudflareinsights.com	CLOUDFLARENET	—	whitelisted
6888	msedge.exe	2.16.241.211:443	www.bing.com	Akamai International B.V.	DE	whitelisted
3040	svchost.exe	2.16.168.124:80	crl.microsoft.com	Akamai International B.V.	RU	whitelisted

DNS requests

Domain	IP	Reputation
settings-win.data.microsoft.com	20.73.194.208 40.127.240.158	whitelisted
msedge.b.tlu.dl.delivery.mp.microsoft.com	199.232.210.172 199.232.214.172	whitelisted
google.com	216.58.206.46	whitelisted
fs.microsoft.com	104.102.63.189	whitelisted
voile150.zyvoes.com	104.21.41.218 172.67.152.10	unknown
static.cloudflareinsights.com	104.16.79.73 104.16.80.73	whitelisted
www.bing.com	2.16.241.211 2.16.241.212 2.16.241.208 2.16.241.216 2.16.241.207 2.16.241.209 2.16.241.215 2.16.241.206 2.16.241.214	whitelisted
crl.microsoft.com	2.16.168.124 2.16.168.114	whitelisted
b2967dc962-49b1c4aa8f-1eeb128-7df104e4-d7ffb53.zyvoes.com	104.21.41.218 172.67.152.10	unknown
edge.microsoft.com	150.171.28.11 150.171.27.11	whitelisted

Threats

PID	Process	Class	Message
—	—	Possible Social Engineering Attempted	PHISHING [ANY.RUN] Suspected Phishing Domain (zyvoes .com)
—	—	Unknown Traffic	ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
—	—	Information Leak	SUSPICIOUS [ANY.RUN] FingerprintJS Collected Data observed in HTTP POST request

2 ETPRO signatures available at the full report

Add for printing

No debug info

General Info

https://voile150.zyvoes.com/incipience781/*cGF1bGV0dGUuZ3JhaGFtQGdvbGRmaWVsZHMuY29t

2E06D8CEAC0FB084DFBFCEC93FEC6817

9BC5E951D25404D9507C0FC421D16F947B6C4F35

AEBB6D252BFCF4127D46A0E5EA275A28FC45CBE75B66F296F60B7F0655F02D27

3:N8YUQMKIXfVcWKdjUHQ2levlt0iLUYQGgn:2YUNXWLow2uPJLSn

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

PHISHING has been detected (SURICATA)

SUSPICIOUS

INFO

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings