Malware analysis https://sd.3sk.media/enaz/ Malicious activity

Add for printing

URL:	https://sd.3sk.media/enaz/
Full analysis:	https://app.any.run/tasks/ef7afd85-1b4f-431e-af38-d6d9c215e130
Verdict:	Malicious activity
Threats:	A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. Malware Trends Tracker >>>
Analysis date:	April 25, 2026, 04:34:27
OS:	Windows 10 Professional (build: 19044, 64 bit)
Tags:	obfuscated-js telegram loader phishing github
Indicators:
MD5:	72D04FF154414AA849B54B538C34A3D3
SHA1:	5D9129C35B2BFC62C2D2AA260A1350F74ACCDCED
SHA256:	B7895E9F7002486B76D5FD175D811ED80271EB2A5D93E8F11F2B4FC9EA623CB3
SSDEEP:	3:N8MdK:2MdK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Add for printing

MALICIOUS
- PHISHING has been detected (SURICATA)
  - msedge.exe (PID: 7028)
SUSPICIOUS
No suspicious indicators.
INFO
- Executable content was dropped or overwritten
  - msedge.exe (PID: 7028)
- Attempting to use instant messaging service
  - msedge.exe (PID: 7028)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

180

Monitored processes

1

Malicious processes

1

Suspicious processes

0

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

7028

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --webtransport-developer-mode --string-annotations --always-read-main-dll --field-trial-handle=2256,i,13378875761215938322,9620771509043916482,262144 --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Version:

133.0.3065.92

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

Add for printing

Total events

0

Read events

0

Write events

0

Delete events

0

Modification events

No data

Add for printing

Executable files

5

Suspicious files

141

Text files

17

Unknown types

0

Dropped files

PID	Process	Filename		Type
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b8		image
		MD5:B0F607B5EF085EDBF00AC4F61DF504A3	SHA256:5F15646E797C01073EC06FFAE111EBB7B75F85EB22AF91006C6BC87BF0B127E0
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b6		binary
		MD5:D5CD92C2654BBE101A7421521A3EEDB0	SHA256:FCBC815564B20799FFCF2AD582C5DE3D3E3FBCD4D61F58644D3A0AD7A4E564E2
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b5		binary
		MD5:A59D68402CF0970653FE6A8B7CD8607B	SHA256:791F70FAD5E83AC937DD37D25679425B78042F80C9060F0DA004E2ED80106046
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b7		binary
		MD5:C7499B9F972005BBFD8D894F47475E29	SHA256:BCEF950C16FA7A34A24661F98A83403E4EE11869D52F35B7FAF658D0DDA273A2
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b9		binary
		MD5:9F85EE151ED6C4DD898D819CF969ECAF	SHA256:CC33A2323991EDDC0B138A6736380472B0563B3F9EC5AE7902EDF840F6E5DC62
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000be		binary
		MD5:AB3BD559575569B6DE7EAEF764248490	SHA256:006FBA6FE32A900C60F154CC9E2E142BF075078DC97A94715DD9F1F5D4E4421E
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c3		image
		MD5:D997BDCC01CD84AB00A96BDBD3590CEC	SHA256:9D8FF1479E24DED3F014D6F0DB7B574A49B047D801269D5A14FD638AC06113C2
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ba		text
		MD5:34135C09CBF6258C636D8D439088570E	SHA256:F4953C024B3DE41FB478C8F75419C952E2A6513C3D714F7AF64C3729DB69F925
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bf		binary
		MD5:4756B35DE4E7E1F9E58FDDA1CBB8D2C7	SHA256:530903C9168CFC13D3EF363B71C042D5C887476C4454A91223309465AE89C87F
7028	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bd		binary
		MD5:967E63E5EB1F4D90CAA096C7B9622847	SHA256:6F289856F002502EA9CC6AA85C2FD509F8AA6C3A17B5ADF08F2CCC148CFEEA4F

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

627

TCP/UDP connections

375

DNS requests

343

Threats

37

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
6744	RUXIMICS.exe	GET	304	20.73.194.208:443	https://settings-win.data.microsoft.com/settings/v3.0/WSD/RUXIM?os=Windows&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3623&OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&FlightRing=Retail&AttrDataVer=188&App=RUXIM&AppVer=&DeviceFamily=Windows.Desktop	US	—	—	whitelisted
5336	MoUsoCoreWorker.exe	GET	304	20.73.194.208:443	https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3593&FlightIds=&UpdateOfferedDays=344&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%206%20Model%2014%20Stepping%203&sku=48&ActivationChannel=Retail&AttrDataVer=188&IsMDMEnrolled=0&ProcessorCores=4&ProcessorModel=Intel%28R%29%20Core%28TM%29%20i5-6400%20CPU%20%40%202.70GHz&TotalPhysicalRAM=4096&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260246&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30	US	—	—	whitelisted
8012	svchost.exe	GET	200	20.73.194.208:443	https://settings-win.data.microsoft.com/settings/v3.0/WSD/WaasMedic?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&appVer=10.0.19041.3758&ring=Retail&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4	US	text	3.41 Kb	whitelisted
8012	svchost.exe	GET	200	23.52.181.212:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	US	binary	814 b	whitelisted
7760	svchost.exe	HEAD	200	23.197.142.186:443	https://fs.microsoft.com/fs/windows/config.json	US	—	—	whitelisted
5336	MoUsoCoreWorker.exe	GET	200	23.52.181.212:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	US	binary	814 b	whitelisted
7028	msedge.exe	GET	200	142.251.156.119:443	https://termlank.com/5d91b0370e7cd41b60c3686e05c0fb17/invoke.js	US	text	50.1 Kb	unknown
7028	msedge.exe	GET	200	192.178.183.94:443	https://fonts.gstatic.com/s/almarai/v19/tssoApxBaigK_hnnS-agtn-Wow.woff2	US	binary	16.9 Kb	whitelisted
7028	msedge.exe	GET	200	192.0.73.2:443	https://secure.gravatar.com/avatar/?s=80&d=mm&r=g	US	image	1.23 Kb	unknown
7028	msedge.exe	GET	200	142.250.154.97:443	https://www.googletagmanager.com/gtag/js?id=G-DZ1FP1L3VG	US	text	460 Kb	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
8012	svchost.exe	20.73.194.208:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
6744	RUXIMICS.exe	20.73.194.208:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
5336	MoUsoCoreWorker.exe	20.73.194.208:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
—	—	224.0.0.251:5353	—	—	—	whitelisted
7028	msedge.exe	188.114.96.3:443	sd.3sk.media	CLOUDFLARENET	US	whitelisted
8012	svchost.exe	23.216.77.28:80	crl.microsoft.com	AKAMAI-ASN1	NL	whitelisted
6744	RUXIMICS.exe	23.216.77.28:80	crl.microsoft.com	AKAMAI-ASN1	NL	whitelisted
5336	MoUsoCoreWorker.exe	23.216.77.28:80	crl.microsoft.com	AKAMAI-ASN1	NL	whitelisted
8012	svchost.exe	23.52.181.212:80	www.microsoft.com	AKAMAI-AS	US	whitelisted
6744	RUXIMICS.exe	23.52.181.212:80	www.microsoft.com	AKAMAI-AS	US	whitelisted

DNS requests

Domain	IP	Reputation
settings-win.data.microsoft.com	20.73.194.208 4.231.128.59	whitelisted
google.com	142.250.154.101 142.250.154.113 142.250.154.139 142.250.154.100 142.250.154.138 142.250.154.102	whitelisted
sd.3sk.media	188.114.96.3 188.114.97.3	whitelisted
crl.microsoft.com	23.216.77.28 23.216.77.6	whitelisted
www.microsoft.com	23.52.181.212	whitelisted
fonts.googleapis.com	142.251.14.95	whitelisted
s.w.org	192.0.77.48	whitelisted
www.bing.com	92.123.104.33 92.123.104.32 92.123.104.34 92.123.104.38 92.123.104.60 92.123.104.59 92.123.104.63 92.123.104.28 92.123.104.49 92.123.104.52 92.123.104.62 92.123.104.43 92.123.104.31 92.123.104.67 2.16.241.201 2.16.241.218	whitelisted
termlank.com	172.240.127.234 172.240.253.132 172.240.127.242 172.240.127.243 172.240.127.244 172.240.108.76 172.240.108.68 172.240.108.84	unknown
fonts.gstatic.com	142.251.127.94	whitelisted

Threats

PID	Process	Class	Message
8012	svchost.exe	Unknown Traffic	ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
7028	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7028	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7028	msedge.exe	Potentially Bad Traffic	SUSPICIOUS [ANY.RUN] Possible Malicious CrossDomain (skinnycrawlinglax .com)
7028	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7028	msedge.exe	Potentially Bad Traffic	SUSPICIOUS [ANY.RUN] Possible Malicious CrossDomain (wayfarerorthodox .com)
—	—	Misc activity	SUSPICIOUS [ANY.RUN] JavaScript Obfuscation (ParseInt)
—	—	Misc activity	SUSPICIOUS [ANY.RUN] JavaScript Obfuscation (ParseInt)
—	—	Misc activity	SUSPICIOUS [ANY.RUN] JavaScript Obfuscation (ParseInt)
—	—	Misc activity	SUSPICIOUS [ANY.RUN] JavaScript Obfuscation (ParseInt)

Add for printing

No debug info

General Info

https://sd.3sk.media/enaz/

72D04FF154414AA849B54B538C34A3D3

5D9129C35B2BFC62C2D2AA260A1350F74ACCDCED

B7895E9F7002486B76D5FD175D811ED80271EB2A5D93E8F11F2B4FC9EA623CB3

3:N8MdK:2MdK

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

PHISHING has been detected (SURICATA)

SUSPICIOUS

INFO

Executable content was dropped or overwritten

Attempting to use instant messaging service

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings