URL:

g0ogle.com

Full analysis: https://app.any.run/tasks/5e1728d7-f8be-47d6-ba38-2d4dd94c5e45
Verdict: Malicious activity
Analysis date: May 15, 2026, 07:39:17
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
evasion
scan
obfuscated-js
MD5:

A4793DE728D37B4D573C8A80C87304B9

SHA1:

2C056168F9BE299B082F499C50E5AF0EDC966E80

SHA256:

DC6342A95BF81F50B66B9C40CA6096AA46D0D49775F7CEBA28A3A40D12C85D6A

SSDEEP:

3:WKb2:WKb2

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Checks for external IP

      • svchost.exe (PID: 2180)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
230
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
msedge.exe svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
2180C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2520"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --webtransport-developer-mode --string-annotations --always-read-main-dll --field-trial-handle=2252,i,8077098380523853904,16506114237413727361,262144 --variations-seed-version --mojo-platform-channel-handle=2680 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
42
Suspicious files
109
Text files
45
Unknown types
2

Dropped files

PID
Process
Filename
Type
2520msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\9f309c6c-3071-4439-95ce-4c3ca419d91e.tmptext
MD5:D751713988987E9331980363E24189CE
SHA256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
2520msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\790ec193-6ebe-4ba0-a6f6-641d1488a502.tmptext
MD5:D751713988987E9331980363E24189CE
SHA256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
2520msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RFef49d.TMPtext
MD5:D751713988987E9331980363E24189CE
SHA256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
2520msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reportstext
MD5:D751713988987E9331980363E24189CE
SHA256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
2520msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RFef48d.TMPtext
MD5:D751713988987E9331980363E24189CE
SHA256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
2520msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b6compressed
MD5:D89500281177415A9060E9EF4E280F9A
SHA256:37AE995A17F795BF5DF82036C83D2FB8F94AA5479D24A527F7163927884064BA
2520msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\3dd2e34d-3be6-4217-b40e-bbc383211c9b.tmptext
MD5:20D4B8FA017A12A108C87F540836E250
SHA256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
2520msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries~RFf1ac2.TMPtext
MD5:20D4B8FA017A12A108C87F540836E250
SHA256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
2520msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bacompressed
MD5:F3AD19FDBD15A27B32A4D25E49CC266E
SHA256:3A657EDDEC2905CE29950E37A3CC78C6839AFC858FE26A89490A1502BE032D13
2520msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bdcompressed
MD5:2FDB08BBC852CBC6C02A66AB4B2749E3
SHA256:A287E6D0CFB4E7AF57CE3B153652963DF17E8A9F0045A27872F5044514506287
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5 676
TCP/UDP connections
1 355
DNS requests
969
Threats
122

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6888
RUXIMICS.exe
GET
304
48.209.138.189:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/RUXIM?os=Windows&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3623&OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&FlightRing=Retail&AttrDataVer=188&App=RUXIM&AppVer=&DeviceFamily=Windows.Desktop
US
whitelisted
5336
MoUsoCoreWorker.exe
GET
304
48.209.138.189:443
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3593&FlightIds=&UpdateOfferedDays=344&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%206%20Model%2014%20Stepping%203&sku=48&ActivationChannel=Retail&AttrDataVer=188&IsMDMEnrolled=0&ProcessorCores=4&ProcessorModel=Intel%28R%29%20Core%28TM%29%20i5-6400%20CPU%20%40%202.70GHz&TotalPhysicalRAM=4096&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260246&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30
US
whitelisted
7760
svchost.exe
HEAD
200
23.197.142.186:443
https://fs.microsoft.com/fs/windows/config.json
US
whitelisted
6888
RUXIMICS.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
2216
msedge.exe
GET
150.171.22.17:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4286224394064939872&agents=EdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=51&mngd=0&installdate=1662378849&edu=0&soobedate=1504771245&bphint=0&fg=0&lbfgdate=1740055917&lafgdate=0
US
whitelisted
5336
MoUsoCoreWorker.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
488
svchost.exe
GET
200
48.209.138.189:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/WaasMedic?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&appVer=10.0.19041.3758&ring=Retail&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4
US
text
3.41 Kb
whitelisted
7028
msedge.exe
GET
200
172.237.146.18:443
https://g0ogle.com/
US
text
4.55 Kb
unknown
7028
msedge.exe
GET
200
92.123.104.17:443
https://www.bing.com/bloomfilterfiles/ExpandedDomainsFilterGlobal.json
unknown
text
666 Kb
whitelisted
488
svchost.exe
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6888
RUXIMICS.exe
48.209.138.189:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5336
MoUsoCoreWorker.exe
48.209.138.189:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
488
svchost.exe
48.209.138.189:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1288
msedge.exe
224.0.0.251:5353
whitelisted
7028
msedge.exe
92.123.104.17:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
7028
msedge.exe
172.237.146.39:443
g0ogle.com
AKAMAI-LINODE-AP Akamai Connected Cloud
SG
suspicious
7028
msedge.exe
172.237.146.39:80
g0ogle.com
AKAMAI-LINODE-AP Akamai Connected Cloud
SG
suspicious
488
svchost.exe
2.16.241.12:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
6888
RUXIMICS.exe
2.16.241.12:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5336
MoUsoCoreWorker.exe
2.16.241.12:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.154.102
  • 142.250.154.101
  • 142.250.154.100
  • 142.250.154.113
  • 142.250.154.139
  • 142.250.154.138
whitelisted
www.bing.com
  • 92.123.104.17
  • 92.123.104.11
  • 92.123.104.12
  • 92.123.104.15
  • 92.123.104.16
  • 92.123.104.24
  • 92.123.104.29
  • 92.123.104.13
  • 92.123.104.30
  • 92.123.104.58
  • 92.123.104.44
  • 92.123.104.60
  • 92.123.104.39
  • 92.123.104.51
  • 92.123.104.59
  • 92.123.104.62
  • 92.123.104.63
  • 92.123.104.57
  • 92.123.104.27
  • 92.123.104.37
  • 92.123.104.32
  • 92.123.104.35
  • 92.123.104.48
  • 92.123.104.41
  • 92.123.104.61
  • 92.123.104.56
  • 92.123.104.53
  • 92.123.104.50
  • 92.123.104.52
  • 92.123.104.8
  • 92.123.104.67
  • 92.123.104.14
  • 92.123.104.10
  • 92.123.104.9
  • 92.123.104.66
  • 92.123.104.7
  • 92.123.104.54
  • 92.123.104.65
whitelisted
g0ogle.com
  • 172.237.146.39
  • 172.237.146.46
  • 172.237.146.18
unknown
crl.microsoft.com
  • 2.16.241.12
  • 2.16.241.19
whitelisted
www.microsoft.com
  • 23.52.181.212
whitelisted
settings-win.data.microsoft.com
  • 48.209.138.189
whitelisted
router.parklogic.com
  • 172.234.216.100
whitelisted
fs.microsoft.com
  • 23.197.142.186
whitelisted
embla-icz.com
  • 35.153.35.20
  • 23.21.73.1
unknown
ravin-obu.com
unknown

Threats

PID
Process
Class
Message
488
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
2520
msedge.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (whatismyipaddress .com)
2520
msedge.exe
Device Retrieving External IP Address Detected
ET INFO Known External IP Lookup Service Domain in SNI
2520
msedge.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (whatismyipaddress .com)
2520
msedge.exe
Device Retrieving External IP Address Detected
ET INFO Known External IP Lookup Service Domain in SNI
2520
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2520
msedge.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (whatismyipaddress .com)
2520
msedge.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (whatismyipaddress .com)
2520
msedge.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (whatismyipaddress .com)
2520
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
g0ogle.com