File name:

jjsploit_8.14.4_x64_en-US.msi

Full analysis: https://app.any.run/tasks/b133762f-8d7c-4746-accf-6a6ff8ceb365
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: June 02, 2025, 20:03:50
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
generated-doc
loader
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: jjsploit, Author: wearedevs, Keywords: Installer, Comments: This installer database contains the logic and data required to install jjsploit., Template: x64;0, Revision Number: {78647BD7-A6F9-441C-8198-F83F1E9F555E}, Create Time/Date: Sun May 11 16:25:20 2025, Last Saved Time/Date: Sun May 11 16:25:20 2025, Number of Pages: 450, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
MD5:

07BFE4CEF3BE354020BBF50205ECAD9B

SHA1:

286AAB63F0174A1D5B01E794AEF1E2A13786C6F0

SHA256:

05A0CC8F1FBB4A7479734159822511A534BC65766B9A01B0D01450391A7D7711

SSDEEP:

98304:HVigAXvy/XuMQNHEpW4pabtGpp9SeNbQfK4rpRkxQp6qUykuxiBZ4/6MDVYDJhND:8QC27E4MKZ1h/n

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Run PowerShell with an invisible window

      • powershell.exe (PID: 456)

  • SUSPICIOUS

    • Executes as Windows Service

      • VSSVC.exe (PID: 4068)

    • Downloads file from URI via Powershell

      • powershell.exe (PID: 456)

    • The process bypasses the loading of PowerShell profile settings

      • msiexec.exe (PID: 6700)

    • Manipulates environment variables

      • powershell.exe (PID: 456)

    • Starts POWERSHELL.EXE for commands execution

      • msiexec.exe (PID: 6700)

    • Starts process via Powershell

      • powershell.exe (PID: 456)

    • Executable content was dropped or overwritten

      • powershell.exe (PID: 456)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7748)
      • MicrosoftEdgeUpdate.exe (PID: 7452)
      • MicrosoftEdge_X64_137.0.3296.58.exe (PID: 5428)
      • setup.exe (PID: 4208)

    • Process drops legitimate windows executable

      • powershell.exe (PID: 456)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7748)
      • MicrosoftEdgeUpdate.exe (PID: 7452)
      • MicrosoftEdge_X64_137.0.3296.58.exe (PID: 5428)
      • setup.exe (PID: 4208)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 7748)
      • MicrosoftEdgeUpdate.exe (PID: 7452)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 7452)

    • Application launched itself

      • setup.exe (PID: 4208)
      • setup.exe (PID: 6644)

  • INFO

    • An automatically generated document

      • msiexec.exe (PID: 6476)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 6476)
      • msiexec.exe (PID: 6700)

    • Reads the computer name

      • msiexec.exe (PID: 6700)
      • msiexec.exe (PID: 3192)

    • Checks supported languages

      • msiexec.exe (PID: 6700)
      • msiexec.exe (PID: 3192)

    • Manages system restore points

      • SrTasks.exe (PID: 8068)

    • The sample compiled with english language support

      • powershell.exe (PID: 456)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7748)
      • MicrosoftEdgeUpdate.exe (PID: 7452)
      • MicrosoftEdge_X64_137.0.3296.58.exe (PID: 5428)
      • setup.exe (PID: 4208)

    • The executable file from the user directory is run by the Powershell process

      • MicrosoftEdgeWebview2Setup.exe (PID: 7748)

    • Manual execution by a user

      • jjsploit.exe (PID: 4200)
      • jjsploit.exe (PID: 3132)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Windows Installer (98.5)
.msi | Microsoft Installer (100)

EXIF

FlashPix

CodePage: Windows Latin 1 (Western European)
Title: Installation Database
Subject: jjsploit
Author: wearedevs
Keywords: Installer
Comments: This installer database contains the logic and data required to install jjsploit.
Template: x64;0
RevisionNumber: {78647BD7-A6F9-441C-8198-F83F1E9F555E}
CreateDate: 2025:05:11 16:25:20
ModifyDate: 2025:05:11 16:25:20
Pages: 450
Words: 2
Software: Windows Installer XML Toolset (3.14.1.8722)
Security: Read-only recommended
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
153
Monitored processes
25
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msiexec.exe msiexec.exe msiexec.exe no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs powershell.exe conhost.exe no specs microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe slui.exe jjsploit.exe no specs jjsploit.exe no specs microsoftedge_x64_137.0.3296.58.exe setup.exe setup.exe no specs setup.exe no specs setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
456powershell.exe -NoProfile -windowstyle hidden try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 } catch {}; Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" ; Start-Process -FilePath "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" -ArgumentList ('/silent', '/install') -WaitC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
840C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{881924D9-2E9A-43C5-9151-D33E4244F91C}\EDGEMITMP_A8F8F.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=137.0.7151.56 --annotation=exe=C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{881924D9-2E9A-43C5-9151-D33E4244F91C}\EDGEMITMP_A8F8F.tmp\setup.exe --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=137.0.3296.58 --initial-client-data=0x22c,0x234,0x238,0x160,0x23c,0x7ff7db1353f8,0x7ff7db135404,0x7ff7db135410C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{881924D9-2E9A-43C5-9151-D33E4244F91C}\EDGEMITMP_A8F8F.tmp\setup.exesetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
137.0.3296.58
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{881924d9-2e9a-43c5-9151-d33e4244f91c}\edgemitmp_a8f8f.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1176"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=false" /installsource otherinstallcmd /sessionid "{454A234B-3102-49C3-805E-5B5CB395E547}" /silentC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Version:
1.3.195.61
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
2320\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2600"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" -EmbeddingC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Version:
1.3.195.61
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
3132"C:\Program Files\jjsploit\jjsploit.exe" C:\Program Files\jjsploit\jjsploit.exeexplorer.exe
User:
admin
Company:
wearedevs
Integrity Level:
MEDIUM
Description:
jjsploit
Version:
8.14.4
Modules
Images
c:\program files\jjsploit\jjsploit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
3192C:\Windows\syswow64\MsiExec.exe -Embedding BC40BEF32C6EF5FE3B734BA12191E2F2 CC:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
4068C:\WINDOWS\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4200"C:\Program Files\jjsploit\jjsploit.exe" C:\Program Files\jjsploit\jjsploit.exeexplorer.exe
User:
admin
Company:
wearedevs
Integrity Level:
MEDIUM
Description:
jjsploit
Version:
8.14.4
Modules
Images
c:\program files\jjsploit\jjsploit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
4208"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{881924D9-2E9A-43C5-9151-D33E4244F91C}\EDGEMITMP_A8F8F.tmp\setup.exe" --install-archive="C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{881924D9-2E9A-43C5-9151-D33E4244F91C}\MicrosoftEdge_X64_137.0.3296.58.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --user-levelC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{881924D9-2E9A-43C5-9151-D33E4244F91C}\EDGEMITMP_A8F8F.tmp\setup.exe
MicrosoftEdge_X64_137.0.3296.58.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
137.0.3296.58
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{881924d9-2e9a-43c5-9151-d33e4244f91c}\edgemitmp_a8f8f.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
Total events
18 040
Read events
15 000
Write events
2 983
Delete events
57

Modification events

(PID) Process:(6700) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
480000000000000053009687F9D3DB012C1A000060170000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6700) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
480000000000000053009687F9D3DB012C1A000060170000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6700) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
48000000000000007A1DDB87F9D3DB012C1A000060170000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6700) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
48000000000000007A1DDB87F9D3DB012C1A000060170000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6700) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
48000000000000008B82DD87F9D3DB012C1A000060170000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6700) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\VssapiPublisher
Operation:writeName:IDENTIFY (Enter)
Value:
4800000000000000E7895988F9D3DB012C1A0000E01A0000E80300000100000000000000000000001D04DC8D0F6CAD4994592B966AB865C200000000000000000000000000000000
(PID) Process:(4068) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Shadow Copy Optimization Writer
Operation:writeName:IDENTIFY (Leave)
Value:
4800000000000000C3926C88F9D3DB01E40F0000440C0000E80300000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6700) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
4800000000000000CE4AE287F9D3DB012C1A000060170000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6700) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:writeName:LastIndex
Value:
11
(PID) Process:(6700) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Enter)
Value:
48000000000000002F265788F9D3DB012C1A000060170000D30700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
206
Suspicious files
20
Text files
22
Unknown types
7

Dropped files

PID
Process
Filename
Type
6700msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
6700msiexec.exeC:\Windows\Installer\128d25.msi
MD5:
SHA256:
6700msiexec.exeC:\Windows\Temp\~DF31B11A59F798876B.TMPbinary
MD5:4C9FDB6F8914CCDBAA68D4A81E00B2DB
SHA256:3B29135F7B3E7A7BE04D22007166A90D661F42A3E6B023CA0C7ACA8C437179F6
6700msiexec.exeC:\Windows\Installer\inprogressinstallinfo.ipibinary
MD5:4C9FDB6F8914CCDBAA68D4A81E00B2DB
SHA256:3B29135F7B3E7A7BE04D22007166A90D661F42A3E6B023CA0C7ACA8C437179F6
6700msiexec.exeC:\Windows\Temp\~DF107E22E2B2B9F3FE.TMPgmc
MD5:BF619EAC0CDF3F68D496EA9344137E8B
SHA256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
6700msiexec.exeC:\Program Files\jjsploit\resources\luascripts\general\god.luatext
MD5:121A9CE65D07175515C986D40502F1A5
SHA256:DBFBB0B80576AA03C66CA23D4510C5B5EB33FCA8AB2031BE75556073230DE323
6700msiexec.exeC:\Program Files\jjsploit\resources\luascripts\general\aimbot.luatext
MD5:54BCD5AEABEFCF23BE6CD1C2A96CEEA7
SHA256:C7E9F86AE5FE8787B3E690E13B463B00FE5D56AFF2C1ED029C64183AEC48DB34
6476msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI3F91.tmpexecutable
MD5:CFBB8568BD3711A97E6124C56FCFA8D9
SHA256:7F47D98AB25CFEA9B3A2E898C3376CC9BA1CD893B4948B0C27CAA530FD0E34CC
6700msiexec.exeC:\Windows\Installer\MSI918A.tmpbinary
MD5:EACD316576FF4A227E701AF8C88FFEBF
SHA256:D294DB62EFF0077377268BBEB44E7E7D4575C86E657B130190F5F7E9E4975A2D
6700msiexec.exeC:\System Volume Information\SPP\OnlineMetadataCache\{8ddc041d-6c0f-49ad-9459-2b966ab865c2}_OnDiskSnapshotPropbinary
MD5:271304A226739BD4287CD8D2AF678BE5
SHA256:FA9D91465AB747ADA8F7152FD84FBAEA7697B5D9D7D82A3E12F6E3A9587D3DA7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
34
DNS requests
19
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
2.20.245.139:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7708
SIHClient.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7708
SIHClient.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
772
svchost.exe
HEAD
200
208.89.74.17:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/55242085-f612-4ab8-9d05-6426b10c7b09?P1=1749499488&P2=404&P3=2&P4=G0m%2fOjbqYi9Gma3vz2vs5JcqTeK%2bDNUSceUNVmLkOoc3isRr0pFXiEbezZjdg4EB90oNhlg1j3dIx0N%2bJnu4FA%3d%3d
unknown
whitelisted
772
svchost.exe
GET
200
208.89.74.17:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/55242085-f612-4ab8-9d05-6426b10c7b09?P1=1749499488&P2=404&P3=2&P4=G0m%2fOjbqYi9Gma3vz2vs5JcqTeK%2bDNUSceUNVmLkOoc3isRr0pFXiEbezZjdg4EB90oNhlg1j3dIx0N%2bJnu4FA%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
192.168.100.255:137
whitelisted
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2.20.245.139:80
crl.microsoft.com
Akamai International B.V.
SE
whitelisted
5496
MoUsoCoreWorker.exe
23.219.150.101:80
www.microsoft.com
AKAMAI-AS
CL
whitelisted
7864
RUXIMICS.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
6544
svchost.exe
40.126.32.74:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
7708
SIHClient.exe
4.245.163.56:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.184.206
whitelisted
crl.microsoft.com
  • 2.20.245.139
  • 2.20.245.137
whitelisted
www.microsoft.com
  • 23.219.150.101
whitelisted
login.live.com
  • 40.126.32.74
  • 40.126.32.138
  • 40.126.32.136
  • 20.190.160.66
  • 20.190.160.17
  • 20.190.160.131
  • 20.190.160.67
  • 20.190.160.65
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
slscr.update.microsoft.com
  • 4.245.163.56
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.95.31.18
whitelisted
go.microsoft.com
  • 95.100.186.9
whitelisted
msedge.sf.dl.delivery.mp.microsoft.com
  • 2.16.168.212
  • 2.16.168.217
whitelisted

Threats

PID
Process
Class
Message
772
svchost.exe
Misc activity
ET INFO Packed Executable Download
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
jjsploit_8.14.4_x64_en-US.msi