URL:

https://extravaganzasorire.de/invite/index.html

Full analysis: https://app.any.run/tasks/632cc946-781f-4124-845e-f2e53f11892e
Verdict: Malicious activity
Analysis date: April 27, 2026, 23:55:59
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
arch-scr
screenconnect
tool
rmm-tool
remote
Indicators:
MD5:

4977EC55848121B74CA6A5A5D2393213

SHA1:

D0EC8FDBFB47EE72026CF73C87519564631E38D2

SHA256:

D2A6E31B35889E59402C0B250F91A66BC4A74285994FC04EF8D5EF7146E3D811

SSDEEP:

3:N89IC8EN2gML2d5G:2CC8EN2gK2DG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Accesses environment variables (SCRIPT)

      • wscript.exe (PID: 9212)
      • wscript.exe (PID: 8412)

    • Changes powershell execution policy (Bypass)

      • wscript.exe (PID: 9212)
      • wscript.exe (PID: 8412)

    • Gets TEMP folder path (SCRIPT)

      • wscript.exe (PID: 9212)
      • wscript.exe (PID: 8412)

    • Gets a file object corresponding to the file in a specified path (SCRIPT)

      • wscript.exe (PID: 9212)
      • wscript.exe (PID: 8412)

    • SCREENCONNECT has been detected

      • rundll32.exe (PID: 5404)
      • msiexec.exe (PID: 9000)
      • rundll32.exe (PID: 9080)

    • SCREENCONNECT has been detected (SURICATA)

      • ScreenConnect.ClientService.exe (PID: 9168)

    • Uses sleep, probably for evasion detection (SCRIPT)

      • wscript.exe (PID: 9212)

    • Deletes a file (SCRIPT)

      • wscript.exe (PID: 9212)

  • SUSPICIOUS

    • Application launched itself

      • wscript.exe (PID: 9116)
      • wscript.exe (PID: 8752)

    • Gets full path of the running script (SCRIPT)

      • wscript.exe (PID: 9116)
      • wscript.exe (PID: 8752)

    • Runs shell command (SCRIPT)

      • wscript.exe (PID: 9116)
      • wscript.exe (PID: 9212)
      • wscript.exe (PID: 8752)
      • wscript.exe (PID: 8412)

    • Creates FileSystem object to access computer's file system (SCRIPT)

      • wscript.exe (PID: 9116)
      • wscript.exe (PID: 9212)
      • wscript.exe (PID: 8412)
      • wscript.exe (PID: 8752)

    • The process bypasses the loading of PowerShell profile settings

      • wscript.exe (PID: 9212)
      • wscript.exe (PID: 8412)

    • Probably download files using WebClient

      • wscript.exe (PID: 9212)
      • wscript.exe (PID: 8412)

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 8308)
      • powershell.exe (PID: 9048)

    • Starts POWERSHELL.EXE for commands execution

      • wscript.exe (PID: 9212)
      • wscript.exe (PID: 8412)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 9000)

    • Uses RUNDLL32.EXE to run a file without a DLL extension

      • rundll32.exe (PID: 5404)
      • rundll32.exe (PID: 9080)

    • Screenconnect has been detected

      • msiexec.exe (PID: 9000)
      • ScreenConnect.ClientService.exe (PID: 9168)
      • ScreenConnect.ClientService.exe (PID: 9168)
      • rundll32.exe (PID: 9080)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 9000)

    • Creates/Modifies COM task schedule object

      • msiexec.exe (PID: 9000)

    • Executable content was dropped or overwritten

      • rundll32.exe (PID: 5404)
      • rundll32.exe (PID: 9080)

    • Executes as Windows Service

      • ScreenConnect.ClientService.exe (PID: 9168)

    • SCREENCONNECT mutex has been found

      • ScreenConnect.ClientService.exe (PID: 9168)

    • Creates or modifies Windows services

      • ScreenConnect.ClientService.exe (PID: 9168)

    • Potential Corporate Privacy Violation

      • ScreenConnect.ClientService.exe (PID: 9168)

  • INFO

    • Reads Environment values

      • identity_helper.exe (PID: 1652)

    • Application launched itself

      • msedge.exe (PID: 7804)

    • Checks supported languages

      • identity_helper.exe (PID: 1652)
      • msiexec.exe (PID: 9000)
      • msiexec.exe (PID: 9080)
      • msiexec.exe (PID: 9140)
      • ScreenConnect.ClientService.exe (PID: 9168)
      • ScreenConnect.WindowsClient.exe (PID: 7984)
      • ScreenConnect.WindowsClient.exe (PID: 3580)
      • msiexec.exe (PID: 9128)

    • Launching a file from the Downloads directory

      • msedge.exe (PID: 7804)

    • Reads the computer name

      • identity_helper.exe (PID: 1652)
      • msiexec.exe (PID: 9000)
      • msiexec.exe (PID: 9080)
      • msiexec.exe (PID: 9140)
      • ScreenConnect.ClientService.exe (PID: 9168)
      • ScreenConnect.WindowsClient.exe (PID: 7984)
      • msiexec.exe (PID: 9128)
      • ScreenConnect.WindowsClient.exe (PID: 3580)

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 8956)
      • ScreenConnect.ClientService.exe (PID: 9168)
      • ScreenConnect.WindowsClient.exe (PID: 7984)
      • ScreenConnect.WindowsClient.exe (PID: 3580)

    • Reads Microsoft Office registry keys

      • WinRAR.exe (PID: 8956)

    • CONNECTWISE has been detected

      • msiexec.exe (PID: 9000)
      • ScreenConnect.ClientService.exe (PID: 9168)
      • ScreenConnect.WindowsClient.exe (PID: 7984)
      • ScreenConnect.WindowsClient.exe (PID: 3580)

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 9000)
      • ScreenConnect.ClientService.exe (PID: 9168)
      • ScreenConnect.WindowsClient.exe (PID: 7984)
      • ScreenConnect.WindowsClient.exe (PID: 3580)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 9000)

    • SCREENCONNECT has been detected

      • msiexec.exe (PID: 9000)
      • ScreenConnect.ClientService.exe (PID: 9168)
      • ScreenConnect.ClientService.exe (PID: 9168)
      • rundll32.exe (PID: 9080)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 9000)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 9000)

    • Manual execution by a user

      • wscript.exe (PID: 8752)

    • Reads CPU info

      • ScreenConnect.WindowsClient.exe (PID: 3580)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
185
Monitored processes
47
Malicious processes
9
Suspicious processes
3

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe no specs wscript.exe no specs wscript.exe powershell.exe conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msiexec.exe no specs #SCREENCONNECT msiexec.exe msiexec.exe no specs #SCREENCONNECT rundll32.exe msiexec.exe no specs #SCREENCONNECT screenconnect.clientservice.exe screenconnect.windowsclient.exe no specs screenconnect.windowsclient.exe no specs wscript.exe no specs wscript.exe powershell.exe conhost.exe no specs msiexec.exe no specs msiexec.exe no specs #SCREENCONNECT rundll32.exe

Process information

PID
CMD
Path
Indicators
Parent process
1180"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3400,i,14399494521543090688,5749311289286199955,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=3628 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1652"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6136,i,14399494521543090688,5749311289286199955,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=4072 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2132\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2316"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4060,i,14399494521543090688,5749311289286199955,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3340"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.92 --initial-client-data=0x294,0x298,0x29c,0x28c,0x2a4,0x7ffe2392f208,0x7ffe2392f214,0x7ffe2392f220C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3580"C:\Program Files (x86)\ScreenConnect Client (4540bdb08fe4a553)\ScreenConnect.WindowsClient.exe" "RunRole" "88677e52-df25-47f6-a949-26dcea849050" "System"C:\Program Files (x86)\ScreenConnect Client (4540bdb08fe4a553)\ScreenConnect.WindowsClient.exeScreenConnect.ClientService.exe
User:
SYSTEM
Company:
ScreenConnect Software
Integrity Level:
SYSTEM
Description:
ScreenConnect Client
Exit code:
0
Version:
26.1.24.9579
Modules
Images
c:\program files (x86)\screenconnect client (4540bdb08fe4a553)\screenconnect.windowsclient.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
3996"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2128,i,14399494521543090688,5749311289286199955,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=2744 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4324"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2324,i,14399494521543090688,5749311289286199955,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=2344 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5404rundll32.exe "C:\WINDOWS\Installer\MSI7DB7.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_949828 2 ScreenConnect.InstallerActions!ScreenConnect.ClientInstallerActions.FixupServiceArgumentsC:\Windows\SysWOW64\rundll32.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
5616"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6480,i,14399494521543090688,5749311289286199955,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=6472 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
21 426
Read events
21 313
Write events
104
Delete events
9

Modification events

(PID) Process:(8956) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\3d\52C64B7E
Operation:writeName:@C:\WINDOWS\System32\wshext.dll,-4802
Value:
VBScript Script File
(PID) Process:(8956) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(8956) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(8956) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Downloads\chromium_build 1.zip
(PID) Process:(8956) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Downloads\xtravaganzas_IV.zip
(PID) Process:(8956) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(8956) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(8956) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(8956) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(8956) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vbs\OpenWithProgids
Operation:writeName:VBSFile
Value:
Executable files
31
Suspicious files
77
Text files
251
Unknown types
0

Dropped files

PID
Process
Filename
Type
7804msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RFdffad.TMP
MD5:
SHA256:
7804msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RFdffbd.TMP
MD5:
SHA256:
7804msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
7804msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RFdffbd.TMP
MD5:
SHA256:
7804msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
7804msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RFdffbd.TMP
MD5:
SHA256:
7804msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
7804msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RFdffbd.TMP
MD5:
SHA256:
7804msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
7804msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RFdfffc.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
84
TCP/UDP connections
68
DNS requests
66
Threats
14

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6472
msedge.exe
OPTIONS
200
35.190.80.1:443
https://a.nel.cloudflare.com/report/v4?s=74sYEfeZESc3EmgbwNJlpAZRFtd%2BuzaGVSE6n6bjKJrBoDAuNNzy9BfIHVChqBFVPG0rbs70y8m5zH%2FyzB9mzpyc99J0j0S5Y6s0spW4pGiMANJukxty7QNjaSXv2GVYdyIAGOCzYN4%3D
US
unknown
6472
msedge.exe
GET
302
188.114.96.3:443
https://extravaganzasorire.de/favicon.ico
US
unknown
6472
msedge.exe
GET
302
188.114.96.3:443
https://extravaganzasorire.de/favicon.ico
US
unknown
GET
200
162.159.142.9:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAjTxtAB8my1oj8MfWpz%2F7Y%3D
US
binary
312 b
whitelisted
GET
200
131.253.33.203:80
http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ3L3%2F%2Fa6ADK8NraY2GXzVaYrHG4AQUb6t%2B2v%2BXQ3LsO2d33oJhNYhHQoUCEzMAAAAGb6JMMcOVb6sAAAAAAAY%3D
US
binary
922 b
whitelisted
6472
msedge.exe
GET
403
188.114.96.3:443
https://extravaganzasorire.de/invite/index.html
US
html
5.88 Kb
unknown
6472
msedge.exe
GET
200
150.171.22.17:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=Edge%2CEdgeConfig%2CEdgeServices%2CEdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=67&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1777334166&lafgdate=0
US
text
4.45 Kb
whitelisted
6472
msedge.exe
GET
304
150.171.27.11:443
https://edge.microsoft.com/abusiveadblocking/api/v1/blocklist
US
whitelisted
6472
msedge.exe
GET
403
188.114.96.3:443
https://extravaganzasorire.de/invite/index.html
US
html
5.69 Kb
unknown
6472
msedge.exe
GET
200
104.18.23.222:443
https://copilot.microsoft.com/c/api/user/eligibility
US
text
25 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
5276
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
48.192.1.65:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
680
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2.16.204.141:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
162.159.142.9:80
ocsp.digicert.com
CLOUDFLARENET
US
whitelisted
131.253.33.203:80
oneocsp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
6472
msedge.exe
150.171.22.17:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6472
msedge.exe
150.171.28.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
activation-v2.sls.microsoft.com
  • 48.192.1.65
whitelisted
google.com
  • 142.251.13.101
  • 142.251.13.113
  • 142.251.13.139
  • 142.251.13.102
  • 142.251.13.100
  • 142.251.13.138
whitelisted
www.bing.com
  • 2.16.204.141
  • 2.16.204.161
whitelisted
ocsp.digicert.com
  • 162.159.142.9
  • 172.66.2.5
whitelisted
oneocsp.microsoft.com
  • 131.253.33.203
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
extravaganzasorire.de
  • 188.114.96.3
  • 188.114.97.3
unknown
api.edgeoffer.microsoft.com
  • 150.171.109.193
whitelisted
copilot.microsoft.com
  • 104.18.23.222
  • 104.18.22.222
whitelisted

Threats

PID
Process
Class
Message
6472
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
6472
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
6472
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
6472
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
6472
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare turnstile CAPTCHA challenge
6472
msedge.exe
Potentially Bad Traffic
SUSPICIOUS [ANY.RUN] Challenge-Platform Page Request to cdn-cgi
680
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
6472
msedge.exe
Misc activity
INFO [ANY.RUN] Possible short link service (u .to)
6472
msedge.exe
Misc activity
INFO [ANY.RUN] Possible short link service (u .to)
6472
msedge.exe
Misc activity
ET INFO URL Shortener Service Domain in DNS Lookup (u .to)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://extravaganzasorire.de/invite/index.html