Malware analysis https://track.pstmrk.it/3s/gamma.app/JjV-/TTK9AQ/AQ/d9adaaf6-21d0-466b-87f9-e410baa278f1/1/BIO0SOp7OI Malicious activity

Add for printing

URL:	https://track.pstmrk.it/3s/gamma.app/JjV-/TTK9AQ/AQ/d9adaaf6-21d0-466b-87f9-e410baa278f1/1/BIO0SOp7OI
Full analysis:	https://app.any.run/tasks/133a3f1d-d994-4c8d-b2d3-ebf3295f3262
Verdict:	Malicious activity
Analysis date:	May 10, 2025, 01:10:57
OS:	Windows 10 Professional (build: 19044, 64 bit)
Tags:	phishing
MD5:	CA378926E307A3E422E3302AB3DD30FF
SHA1:	515C66A447FA5221079E23743A6C4DF06CDAAA3F
SHA256:	CCA7870F91AB1959D85E2E0D157AEC21572836C18B5770AF265866EF0141A89F
SSDEEP:	3:N8fv83WwV0K9HrTeRU2El0gdX:2n8d0KUTwDdX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
No suspicious indicators.
INFO
No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

155

Monitored processes

1

Malicious processes

0

Suspicious processes

0

Behavior graph

Click at the process to see the details

Process information

PID	CMD	Path	Indicators	Parent process
1396	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --webtransport-developer-mode --no-appcompat-clear --mojo-platform-channel-handle=2532 --field-trial-handle=2372,i,8504447382059928769,14367336096275567116,262144 --variations-seed-version /prefetch:3	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe		msedge.exe
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Version: 122.0.2365.59

Add for printing

Total events

0

Read events

0

Write events

0

Delete events

0

Modification events

No data

Add for printing

Executable files

5

Suspicious files

97

Text files

30

Unknown types

0

Dropped files

PID	Process	Filename		Type
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\805b608f-32e8-42c4-b484-0ee3ac35cdbb.tmp		binary
		MD5:3140CB797498137E330D3CAE1AD5970A	SHA256:B4C87E65FB18FF2E4028E934653089C7DE70D854E7D861D9A1063189C5212119
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bc		binary
		MD5:AB632DA2E04EA311E078D0456E185873	SHA256:63E996CE464BC817E49F5116FA2A1B2A2CA25340768E92157EEE4E889C7C8A90
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000be		binary
		MD5:C5D7E80F7C76F707B76846A20B28907C	SHA256:1F482A1F82A4A00C308A9DAFC7B40E043B7180ADB2D1468297167FC9DFCE695F
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bf		binary
		MD5:F6852936326156C86AD25E8848F1BE85	SHA256:E4DF300DE4AB671A293859B9795E182038CB1D7DEAB72261BA31FE298435282E
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c2		binary
		MD5:671E5511F5F667E1102B5C1E04D4190A	SHA256:1E654302AF010F94C994F3980F582B7748E727771C6492A7EEB14BB400D8DC2A
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bd		binary
		MD5:654EAE5525B1401F85AA3C569BC0F618	SHA256:E3055DEA6937170965A30C2C42306FE77DD8E8A6A1D58736B60506A576FBF3FD
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c1		binary
		MD5:0C3E693586754A02975071A720746336	SHA256:2C608D956FB5138EF176B125E04E3E4961799E92C2928DFFCD9BA05BBF812565
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ca		image
		MD5:8F2558AAF771F9C93B0DDAEE19315D7C	SHA256:67E69495065DE2F68680E71E954D1B3ADD9A9C7FB477E7A75F07260ABDAB34A2
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c0		binary
		MD5:764B65B8EAF71782F3B389974BE9EA7E	SHA256:4D127F796E8889D049DA1719E0C1EB38A5D76E1F48B785B0A2811E941490BC0C
1396	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c9		image
		MD5:F750142F4C092C12F32254D4E4110F19	SHA256:B1E116A1FD29C2420F6161CAB446E720377AE1B8A1A4060D0E1882F2DF234632

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

177

TCP/UDP connections

313

DNS requests

182

Threats

11

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
—	—	GET	302	3.13.46.171:443	https://track.pstmrk.it/3s/gamma.app/JjV-/TTK9AQ/AQ/d9adaaf6-21d0-466b-87f9-e410baa278f1/1/BIO0SOp7OI	unknown	—	—	—
—	—	GET	302	3.13.46.171:443	https://track.pstmrk.it/3s/gamma.app/JjV-/TTK9AQ/AQ/d9adaaf6-21d0-466b-87f9-e410baa278f1/1/BIO0SOp7OI	unknown	—	—	—
—	—	GET	200	23.35.229.160:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
—	—	GET	200	23.35.229.160:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
—	—	GET	200	23.48.23.156:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
—	—	GET	200	23.48.23.156:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
—	—	GET	200	92.123.104.34:443	https://www.bing.com/bloomfilterfiles/ExpandedDomainsFilterGlobal.json	unknown	binary	654 Kb	whitelisted
—	—	GET	200	104.18.94.41:443	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/ms5bd/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/	unknown	html	27.5 Kb	whitelisted
—	—	GET	200	104.18.94.41:443	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1	unknown	image	61 b	whitelisted
—	—	GET	200	104.18.95.41:443	https://challenges.cloudflare.com/turnstile/v0/b/701fd2559006/api.js?onload=OUxOl5&render=explicit	unknown	binary	47.0 Kb	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
—	—	239.255.255.250:1900	—	—	—	whitelisted
5080	RUXIMICS.exe	40.127.240.158:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
3080	MoUsoCoreWorker.exe	40.127.240.158:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
2984	svchost.exe	40.127.240.158:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
1396	msedge.exe	54.155.60.93:443	track.pstmrk.it	AMAZON-02	IE	shared
1396	msedge.exe	104.18.10.200:443	gamma.app	CLOUDFLARENET	—	suspicious
1396	msedge.exe	92.123.104.32:443	www.bing.com	Akamai International B.V.	DE	whitelisted
—	—	104.18.94.41:443	challenges.cloudflare.com	—	—	whitelisted
—	—	104.18.10.200:443	gamma.app	CLOUDFLARENET	—	suspicious
—	—	23.48.23.156:80	crl.microsoft.com	Akamai International B.V.	DE	whitelisted

DNS requests

Domain	IP	Reputation
settings-win.data.microsoft.com	40.127.240.158 4.231.128.59	whitelisted
google.com	142.250.185.174	whitelisted
track.pstmrk.it	54.155.60.93 52.18.252.197 54.154.85.144	shared
gamma.app	104.18.10.200 104.18.11.200	unknown
www.bing.com	92.123.104.32 92.123.104.38 92.123.104.34 2.23.227.215 2.23.227.208	whitelisted
crl.microsoft.com	23.48.23.156 23.48.23.166 23.48.23.143	whitelisted
challenges.cloudflare.com	104.18.94.41 104.18.95.41	whitelisted
www.microsoft.com	23.35.229.160	whitelisted
optimizely-edge.gamma.app	104.18.11.200 104.18.10.200	unknown
fonts.googleapis.com	216.58.206.42	whitelisted

Threats

PID	Process	Class	Message
—	—	Possible Social Engineering Attempted	PHISHING [ANY.RUN] Suspected Phishing Gamma app
—	—	Possible Social Engineering Attempted	PHISHING [ANY.RUN] Suspected Phishing Gamma app
—	—	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
—	—	Possible Social Engineering Attempted	PHISHING [ANY.RUN] Suspected Phishing Gamma app
—	—	Possible Social Engineering Attempted	PHISHING [ANY.RUN] Suspected Phishing Gamma app
—	—	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
—	—	Possible Social Engineering Attempted	PHISHING [ANY.RUN] Suspected Phishing Gamma app
—	—	Possible Social Engineering Attempted	PHISHING [ANY.RUN] Suspected Phishing Gamma app
—	—	Not Suspicious Traffic	INFO [ANY.RUN] An application monitoring request to sentry .io
—	—	Not Suspicious Traffic	INFO [ANY.RUN] An application monitoring request to sentry .io

Add for printing

No debug info

General Info

https://track.pstmrk.it/3s/gamma.app/JjV-/TTK9AQ/AQ/d9adaaf6-21d0-466b-87f9-e410baa278f1/1/BIO0SOp7OI

CA378926E307A3E422E3302AB3DD30FF

515C66A447FA5221079E23743A6C4DF06CDAAA3F

CCA7870F91AB1959D85E2E0D157AEC21572836C18B5770AF265866EF0141A89F

3:N8fv83WwV0K9HrTeRU2El0gdX:2n8d0KUTwDdX

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

INFO

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings