URL: | https://nam04.safelinks.protection.outlook.com?url=https%3A%2F%2Funlimitedrs1.taplink.ws%2F&data=05%7C02%7Cmichaela.delaney%40everbridge.com%7C1b00e8fbe7d94d7b222708dd31a1fc8f%7C1fb05543802f4d46966230d6794b55c8%7C1%7C0%7C638721294011384351%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=hY8KHwMyXfJEy%2BEJ3Mr%2Fmrsyvi0PQpn0DJSb6kmm2Mg%3D&reserved=0 |
Full analysis: | https://app.any.run/tasks/8f4916c2-afa5-4304-8033-0ac28cfb1485 |
Verdict: | Malicious activity |
Analysis date: | January 10, 2025, 18:52:54 |
OS: | Windows 10 Professional (build: 19045, 64 bit) |
Tags: | |
Indicators: | |
MD5: | FC5BC68641431A8A8A27886B2F59BDFD |
SHA1: | 06640D02C55C46B050775DE55EE7773E26BC55FE |
SHA256: | D197E61A5BE86B79F74CC3BAA41D7D5BC44CA08F260DEF8E84361C60D2359D5C |
SSDEEP: | 12:2H5qQ5M/3sjcOnScmGI0bZAOxuN1SibhdFTS7:2H5qQ8cjvScmJ01AOEN1S+zFK |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
7172 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --webtransport-developer-mode --no-appcompat-clear --mojo-platform-channel-handle=2496 --field-trial-handle=2204,i,13280900864495260754,3672259324373187194,262144 --variations-seed-version /prefetch:3 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | msedge.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Version: 122.0.2365.59 |
PID | Process | Filename | Type | |
---|---|---|---|---|
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ff | binary | |
MD5:311F1298863858C8334BD7A8A0E34014 | SHA256:846351F83ED17838A1DE223EAD4E9900D1E127B3243695DAF5A4988E965C44CC | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity | binary | |
MD5:A45AAAC1E8797D235E3B43AA1642DE6A | SHA256:9ED6F666EA7730F2F96468A53D4683D0E2EED7E2C9F250152E4EBEF3D6BF1E9A | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000102 | binary | |
MD5:D17B5A55EC9D8608C1D2B531CCB6DE88 | SHA256:DC2A3600C7CDFAEA40DB03757D6915D67518215DB51397C8A5BB3F132AE89A49 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000104 | compressed | |
MD5:F33D6E6818001834C88FD1E807EA4BBA | SHA256:29F788BCB49AB612BA367B7201A0561667310D2801636813DBEA24784D38C357 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000103 | binary | |
MD5:15F64F8C8C77DD95C3DAFC1CE96AE834 | SHA256:3369330F43F7A65CC648F68F903D5F613FFFC9CC554A29095943D39761811F73 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000100 | binary | |
MD5:8655D20BBCC8CDBFAB17B6BE6CF55DF3 | SHA256:E7AF9D60D875EB1C1B1037BBBFDEC41FCB096D0EBCF98A48717AD8B07906CED6 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\84fbe63a-bf13-4e3a-ab17-80f88fb96253.tmp | binary | |
MD5:A45AAAC1E8797D235E3B43AA1642DE6A | SHA256:9ED6F666EA7730F2F96468A53D4683D0E2EED7E2C9F250152E4EBEF3D6BF1E9A | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000106 | compressed | |
MD5:7103CEB151FDB726A325CEE8269DC0C1 | SHA256:754CBFE91CD6DBF0DE9B4BACB3E4E604D3F9A9EB5BAC52B043B9064F0E759D94 | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fe | binary | |
MD5:867236A816D355AF41CE47A6454FFAAF | SHA256:86FB2F46DF4ADB6A5EF158CDFB59179C1EF1F2F05BC7415859C86CE8E294BAEA | |||
7172 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000fb | binary | |
MD5:EF6287C29BE60C344F958DE54CB327A6 | SHA256:6D569FB37B384216C2BCE650CB7ACB46E6B5C5B90C9B83D6B3512E12F62AAA16 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
— | — | POST | 302 | 87.250.251.119:443 | https://mc.yandex.ru/watch/84470437?page-ref=&page-url=https%3A%2F%2Ftaplink.cloud%2Fpages%2Fc40f3c%2Ff3ef4f%2F%3Ffrom%3Dbr&browser-info=la%3Aen-US&rn=0.5311176908299187 | unknown | — | — | — |
— | — | GET | 302 | 184.30.21.171:443 | https://go.microsoft.com/fwlink/?linkid=2133855&bucket=18 | unknown | — | — | — |
— | — | GET | 302 | 87.250.250.119:443 | https://mc.yandex.ru/watch/44929738?page-ref=&page-url=https%3A%2F%2Funlimitedrs1.taplink.ws%2F&browser-info=la%3Aen-US&rn=0.8748105241179884 | unknown | — | — | — |
3024 | svchost.exe | HEAD | 200 | 23.50.131.29:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736816725&P2=404&P3=2&P4=AQ9V5v6xyFY6FAPwzfm0W2uUkymmbb6EVRMNJrbjw3aFf6cfcvXMaw1JopKk8SfmBsm1zcn%2b3UA5ith44Qh4tQ%3d%3d | unknown | — | — | whitelisted |
— | — | GET | 302 | 87.250.250.119:443 | https://mc.yandex.ru/watch/44929738?page-ref=&page-url=https%3A%2F%2Funlimitedrs1.taplink.ws%2F&browser-info=la%3Aen-US&rn=0.8748105241179884 | unknown | — | — | — |
3024 | svchost.exe | GET | 206 | 23.50.131.29:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736816725&P2=404&P3=2&P4=AQ9V5v6xyFY6FAPwzfm0W2uUkymmbb6EVRMNJrbjw3aFf6cfcvXMaw1JopKk8SfmBsm1zcn%2b3UA5ith44Qh4tQ%3d%3d | unknown | — | — | whitelisted |
— | — | GET | 200 | 172.67.74.23:443 | https://unlimitedrs1.taplink.ws/ | unknown | html | 4.60 Kb | — |
— | — | GET | 200 | 204.79.197.239:443 | https://edge.microsoft.com/neededge/v1?bucket=18 | unknown | xml | 741 Kb | whitelisted |
— | — | POST | 200 | 13.107.21.239:443 | https://edge.microsoft.com/componentupdater/api/v1/update?cup2key=7:Y4FJoSZ-T0wV0dnWbWFdh5drTq0rqYak7opryBDMyXk&cup2hreq=4aa2f8ae05fa09aa4dcfbd5ab1827e44e412789fed1b56b70b14362f4c2a6346 | unknown | text | 18.4 Kb | whitelisted |
3024 | svchost.exe | GET | 206 | 23.50.131.29:80 | http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d50ccf3e-dd06-4e6f-bb20-931c8ce33527?P1=1736816725&P2=404&P3=2&P4=AQ9V5v6xyFY6FAPwzfm0W2uUkymmbb6EVRMNJrbjw3aFf6cfcvXMaw1JopKk8SfmBsm1zcn%2b3UA5ith44Qh4tQ%3d%3d | unknown | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 224.0.0.251:5353 | — | — | — | unknown |
5904 | RUXIMICS.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
— | — | 239.255.255.250:1900 | — | — | — | whitelisted |
3080 | MoUsoCoreWorker.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4724 | svchost.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
7172 | msedge.exe | 104.47.74.28:443 | nam04.safelinks.protection.outlook.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
3080 | MoUsoCoreWorker.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
7172 | msedge.exe | 104.26.11.47:443 | unlimitedrs1.taplink.ws | CLOUDFLARENET | US | unknown |
7172 | msedge.exe | 204.79.197.239:443 | edge.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
7172 | msedge.exe | 23.35.238.131:443 | go.microsoft.com | AKAMAI-AS | DE | whitelisted |
Domain | IP | Reputation |
---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
nam04.safelinks.protection.outlook.com |
| whitelisted |
unlimitedrs1.taplink.ws |
| unknown |
go.microsoft.com |
| whitelisted |
edge.microsoft.com |
| whitelisted |
www.bing.com |
| whitelisted |
mc.yandex.ru |
| whitelisted |
taplink.st |
| unknown |
msedge.b.tlu.dl.delivery.mp.microsoft.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Landing page creation service (.taplink .ws) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Landing page creation service (.taplink .ws) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Landing page creation service (.taplink .ws) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Landing page creation service (.taplink .ws) |
— | — | Misc activity | ET INFO Tencent Cloud Storage Domain in DNS Lookup (myqcloud .com) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] BootstrapCDN (maxcdn .bootstrapcdn .com) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] BootstrapCDN (stackpath .bootstrapcdn .com) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com) |
— | — | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com) |