URL:

https://pan.huang1111.cn/s/mxVzDT1

Full analysis: https://app.any.run/tasks/23d2fc59-871a-4ba8-9b43-d30bdfd0fcb2
Verdict: Malicious activity
Analysis date: August 04, 2024, 08:13:38
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
sharepoint
possible-phishing
Indicators:
MD5:

F1F53241004A446FD9C10BB421AA39A2

SHA1:

7EEF558C294D2BD75FA3CE21C4FA0772E9A031CF

SHA256:

D1200FEED6DEA476385FE9FDC2B4D94D92F31E9A64DB2C9B6C090BCB6B39EC85

SSDEEP:

3:N8A/NQiX7NTxc:2A/CiX7I

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • sogou_pinyin_guanwang_14.7.exe (PID: 2064)
      • msiexec.exe (PID: 5144)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • cookie_exporter.exe (PID: 5744)
      • WinRAR.exe (PID: 7160)

    • Possible Social Engineering Attempted

      • msedge.exe (PID: 6716)

    • Executable content was dropped or overwritten

      • sogou_pinyin_guanwang_14.7.exe (PID: 2064)

    • Process drops legitimate windows executable

      • sogou_pinyin_guanwang_14.7.exe (PID: 2064)

    • Reads the Windows owner or organization settings

      • sogou_pinyin_guanwang_14.7.exe (PID: 2064)
      • msiexec.exe (PID: 5144)

  • INFO

    • Reads Microsoft Office registry keys

      • msedge.exe (PID: 6464)
      • msedge.exe (PID: 7464)

    • Checks supported languages

      • cookie_exporter.exe (PID: 5744)
      • identity_helper.exe (PID: 4344)
      • sogou_pinyin_guanwang_14.7.exe (PID: 2064)
      • msiexec.exe (PID: 5052)
      • identity_helper.exe (PID: 876)
      • msiexec.exe (PID: 5484)
      • msiexec.exe (PID: 5144)

    • Reads the computer name

      • cookie_exporter.exe (PID: 5744)
      • identity_helper.exe (PID: 4344)
      • sogou_pinyin_guanwang_14.7.exe (PID: 2064)
      • msiexec.exe (PID: 5144)
      • msiexec.exe (PID: 5052)
      • identity_helper.exe (PID: 876)
      • msiexec.exe (PID: 5484)

    • Reads Environment values

      • cookie_exporter.exe (PID: 5744)
      • identity_helper.exe (PID: 4344)
      • sogou_pinyin_guanwang_14.7.exe (PID: 2064)
      • msiexec.exe (PID: 5052)
      • identity_helper.exe (PID: 876)

    • Checks proxy server information

      • cookie_exporter.exe (PID: 5744)

    • The process uses the downloaded file

      • msedge.exe (PID: 3376)
      • WinRAR.exe (PID: 7160)
      • msedge.exe (PID: 6464)

    • Application launched itself

      • msedge.exe (PID: 6464)
      • msedge.exe (PID: 7464)

    • Creates files or folders in the user directory

      • sogou_pinyin_guanwang_14.7.exe (PID: 2064)

    • Create files in a temporary directory

      • sogou_pinyin_guanwang_14.7.exe (PID: 2064)
      • msiexec.exe (PID: 1568)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 5144)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
205
Monitored processes
68
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start iexplore.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs cookie_exporter.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe no specs msedge.exe no specs msedge.exe no specs sogou_pinyin_guanwang_14.7.exe msiexec.exe msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
872"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6564 --field-trial-handle=2344,i,9275430355130465710,6160645172626797360,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
876"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3280 --field-trial-handle=2312,i,17180293661059389945,5688975294822503889,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1168"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5828 --field-trial-handle=2344,i,9275430355130465710,6160645172626797360,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1488"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --no-appcompat-clear --mojo-platform-channel-handle=5440 --field-trial-handle=2344,i,9275430355130465710,6160645172626797360,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1492"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5824 --field-trial-handle=2344,i,9275430355130465710,6160645172626797360,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1568"C:\WINDOWS\system32\msiexec.exe" /i "C:\Users\admin\AppData\Roaming\Sogou.com\搜狗输入法 14.7.0.9739\install\sogou_pinyin_guanwang.msi" AI_SETUPEXEPATH=C:\Users\admin\AppData\Local\Temp\Rar$EXb7160.15715\sogou_pinyin_guanwang_14.7.exe SETUPEXEDIR=C:\Users\admin\AppData\Local\Temp\Rar$EXb7160.15715\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1722758284 " AI_EUIMSI=""C:\Windows\SysWOW64\msiexec.exesogou_pinyin_guanwang_14.7.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
1603
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
1640"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=7244 --field-trial-handle=2344,i,9275430355130465710,6160645172626797360,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2064"C:\Users\admin\AppData\Local\Temp\Rar$EXb7160.15715\sogou_pinyin_guanwang_14.7.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXb7160.15715\sogou_pinyin_guanwang_14.7.exe
WinRAR.exe
User:
admin
Company:
Sogou.com
Integrity Level:
MEDIUM
Description:
搜狗输入法 Installer
Exit code:
1603
Version:
14.7.0.9739
Modules
Images
c:\users\admin\appdata\local\temp\rar$exb7160.15715\sogou_pinyin_guanwang_14.7.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
2132"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3280 --field-trial-handle=2312,i,17180293661059389945,5688975294822503889,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
2136"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5432 --field-trial-handle=2344,i,9275430355130465710,6160645172626797360,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
28 028
Read events
27 792
Write events
207
Delete events
29

Modification events

(PID) Process:(6264) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\UrlBlock
Operation:writeName:L1WatermarkLowPart
Value:
0
(PID) Process:(6264) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\UrlBlock
Operation:writeName:L1WatermarkHighPart
Value:
0
(PID) Process:(6264) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\UrlBlock
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
0
(PID) Process:(6264) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\UrlBlock
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
0
(PID) Process:(6264) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\UrlBlock
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(6264) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\UrlBlock
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31123014
(PID) Process:(6264) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6264) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6264) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6264) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
Executable files
16
Suspicious files
261
Text files
94
Unknown types
5

Dropped files

PID
Process
Filename
Type
6464msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RFe558e.TMP
MD5:
SHA256:
6464msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RFe558e.TMP
MD5:
SHA256:
6464msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
6464msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
6464msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RFe558e.TMP
MD5:
SHA256:
6464msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
6464msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RFe558e.TMP
MD5:
SHA256:
6464msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
6464msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RFe559d.TMP
MD5:
SHA256:
6464msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
32
TCP/UDP connections
119
DNS requests
108
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
2044
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7460
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
7396
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
4708
svchost.exe
HEAD
200
152.199.19.161:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/369e8e41-5ce3-4eb8-9826-427d58ae27b0?P1=1723185658&P2=404&P3=2&P4=V%2fAnj5BBWFdEBvyNe4jXkrqdUGmrLsT6z5NMjFyCrWANZZpaxdTOxJBQ3vE%2f4KdH0M1p%2b1vACP0GpEp2yDVrRQ%3d%3d
unknown
whitelisted
4708
svchost.exe
GET
206
152.199.19.161:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/369e8e41-5ce3-4eb8-9826-427d58ae27b0?P1=1723185658&P2=404&P3=2&P4=V%2fAnj5BBWFdEBvyNe4jXkrqdUGmrLsT6z5NMjFyCrWANZZpaxdTOxJBQ3vE%2f4KdH0M1p%2b1vACP0GpEp2yDVrRQ%3d%3d
unknown
whitelisted
4708
svchost.exe
GET
206
152.199.19.161:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/369e8e41-5ce3-4eb8-9826-427d58ae27b0?P1=1723185658&P2=404&P3=2&P4=V%2fAnj5BBWFdEBvyNe4jXkrqdUGmrLsT6z5NMjFyCrWANZZpaxdTOxJBQ3vE%2f4KdH0M1p%2b1vACP0GpEp2yDVrRQ%3d%3d
unknown
whitelisted
4708
svchost.exe
GET
206
152.199.19.161:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/369e8e41-5ce3-4eb8-9826-427d58ae27b0?P1=1723185658&P2=404&P3=2&P4=V%2fAnj5BBWFdEBvyNe4jXkrqdUGmrLsT6z5NMjFyCrWANZZpaxdTOxJBQ3vE%2f4KdH0M1p%2b1vACP0GpEp2yDVrRQ%3d%3d
unknown
whitelisted
4708
svchost.exe
GET
206
152.199.19.161:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/369e8e41-5ce3-4eb8-9826-427d58ae27b0?P1=1723185658&P2=404&P3=2&P4=V%2fAnj5BBWFdEBvyNe4jXkrqdUGmrLsT6z5NMjFyCrWANZZpaxdTOxJBQ3vE%2f4KdH0M1p%2b1vACP0GpEp2yDVrRQ%3d%3d
unknown
whitelisted
4708
svchost.exe
GET
206
152.199.19.161:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/369e8e41-5ce3-4eb8-9826-427d58ae27b0?P1=1723185658&P2=404&P3=2&P4=V%2fAnj5BBWFdEBvyNe4jXkrqdUGmrLsT6z5NMjFyCrWANZZpaxdTOxJBQ3vE%2f4KdH0M1p%2b1vACP0GpEp2yDVrRQ%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5028
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
3028
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2120
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6464
msedge.exe
239.255.255.250:1900
whitelisted
6716
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6716
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
6716
msedge.exe
188.114.97.3:443
pan.huang1111.cn
CLOUDFLARENET
NL
unknown
6716
msedge.exe
13.107.246.45:443
edge-mobile-static.azureedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 20.73.194.208
whitelisted
google.com
  • 142.250.184.206
whitelisted
pan.huang1111.cn
  • 188.114.97.3
  • 188.114.96.3
unknown
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
bzib.nelreports.net
  • 23.48.23.26
  • 23.48.23.51
whitelisted
a.h1static.cn
  • 172.67.213.7
  • 104.21.77.241
unknown
www.bing.com
  • 104.126.37.171
  • 104.126.37.162
  • 104.126.37.130
  • 104.126.37.168
  • 104.126.37.163
  • 104.126.37.184
  • 104.126.37.185
  • 104.126.37.136
  • 104.126.37.139
  • 104.126.37.144
  • 104.126.37.146
  • 2.23.209.135
  • 2.23.209.140
  • 2.23.209.187
  • 2.23.209.133
  • 2.23.209.150
  • 2.23.209.141
  • 2.23.209.143
  • 2.23.209.149
  • 2.23.209.189
  • 104.126.37.178
  • 104.126.37.153
  • 104.126.37.160
  • 104.126.37.176
  • 104.126.37.161
  • 104.126.37.170
  • 104.126.37.154
  • 104.126.37.155
whitelisted

Threats

PID
Process
Class
Message
6716
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Request to SharePoint public/private file sharing TLS SNI (.sharepoint .com)
6716
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Request to SharePoint public/private file sharing TLS SNI (.sharepoint .com)
6716
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Request to SharePoint public/private file sharing DNS (.sharepoint .com)
6716
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Request to SharePoint public/private file sharing DNS (.sharepoint .com)
6716
msedge.exe
Possible Social Engineering Attempted
SUSPICIOUS [ANY.RUN] Accessing SharePoint content without a legitimate Microsoft Sign-In
6716
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
6716
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
6716
msedge.exe
Possible Social Engineering Attempted
SUSPICIOUS [ANY.RUN] Accessing SharePoint content without a legitimate Microsoft Sign-In
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://pan.huang1111.cn/s/mxVzDT1