URL:

http://shnyhntww34phqoa6dcgnvps2yu7dlwzmy5lkvejwjdo6z7bmgshzayd.onion/

Full analysis: https://app.any.run/tasks/74932500-0760-45be-8cb3-45eb9d88dfcd
Verdict: Malicious activity
Analysis date: April 29, 2026, 15:36:40
OS: Windows 10 Professional (build: 19044, 64 bit)
MD5:

67DC7A0111A7C6A68A7C429C4015239A

SHA1:

F2AEBE970624D77AAEC66D5DC2A2324BC0D59A7E

SHA256:

2FC5943481605DCA9FCE27DDD733B5EE24071D978F3CA116F7325FA3784DA83E

SSDEEP:

3:N1KNNjRT6BVTVpQiJKen:CFqVTVpbJZn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Potential Corporate Privacy Violation

      • svchost.exe (PID: 2180)
      • msedge.exe (PID: 7028)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
170
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
svchost.exe msedge.exe

Process information

PID
CMD
Path
Indicators
Parent process
2180C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
7028"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --webtransport-developer-mode --string-annotations --always-read-main-dll --field-trial-handle=2256,i,13378875761215938322,9620771509043916482,262144 --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
14
Suspicious files
6
Text files
8
Unknown types
0

Dropped files

PID
Process
Filename
Type
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b5binary
MD5:4DEEA38E2B38F2F4B93BDFDCD16B359A
SHA256:03FBF1E58DBBBAEDECC2C10E7D728D5C416299855CCD0BB0B1F5F917576176CD
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b6compressed
MD5:F504F8114DC24E2F46BB031240102182
SHA256:266DA3069A00AE9193AC11AE63771F5AEEFA18B1862A441E03D319FDE7BC1680
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF129c86.TMPtext
MD5:8CA6AC4CD0D4F8B2EA5A9FC6FD4311D7
SHA256:EE810A451AEA499C3D6F89EDB840ED025DF0937874485A211A3BB39F915F4EA0
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b7binary
MD5:EE1EBE10DB135D3B548AC590D9004745
SHA256:CD347596A47263AFE619AD7EE58737BDD5069A9261405FC4C67A78DFA733F711
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent Statetext
MD5:F054A7D6E382DF24018FE84986B710A2
SHA256:4E5235C6B40BCE6C5FD0554D554FCDB38E8016DCDDFA9CAB63103407CAF8DAEB
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\ac341eb4-11b3-4164-980e-35a09b10a92b.tmptext
MD5:F054A7D6E382DF24018FE84986B710A2
SHA256:4E5235C6B40BCE6C5FD0554D554FCDB38E8016DCDDFA9CAB63103407CAF8DAEB
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000batext
MD5:A5DF8D4EA3F834AD3BBADEC40EEB38B6
SHA256:AEFD05F4A194FDE186877D586FC902495EE1FB5DEE2261CDF7B2C18994D5A944
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c5image
MD5:7057304E8D8C9BB855E6FE3ADF145C79
SHA256:A5CFC0640FE49AA272A959AD7AE95D3CA0408556DC1AAB2A7FC449C2BE064143
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bftext
MD5:79BF416D7342DAA36FD9FAC63CBAF057
SHA256:898DE9A92AD5CBFA67B250D71824358A5A0493B856B2B0BF4B190F7587094CEE
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c0text
MD5:951E77A2D3F939E8BC477A45F227CCB9
SHA256:687847D99812F29CB5C465A970A16DA6D39B5B69D6FE760DE929C29CE44D5DB8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
589
TCP/UDP connections
124
DNS requests
98
Threats
26

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4612
svchost.exe
GET
51.104.136.2:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/WaasMedic?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&appVer=10.0.19041.3758&ring=Retail&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4
US
whitelisted
7592
RUXIMICS.exe
GET
304
51.104.136.2:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/RUXIM?os=Windows&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3623&OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&FlightRing=Retail&AttrDataVer=188&App=RUXIM&AppVer=&DeviceFamily=Windows.Desktop
US
whitelisted
5336
MoUsoCoreWorker.exe
GET
304
51.104.136.2:443
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3593&FlightIds=&UpdateOfferedDays=344&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%206%20Model%2014%20Stepping%203&sku=48&ActivationChannel=Retail&AttrDataVer=188&IsMDMEnrolled=0&ProcessorCores=4&ProcessorModel=Intel%28R%29%20Core%28TM%29%20i5-6400%20CPU%20%40%202.70GHz&TotalPhysicalRAM=4096&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260246&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30
US
whitelisted
7760
svchost.exe
HEAD
200
23.197.142.186:443
https://fs.microsoft.com/fs/windows/config.json
US
whitelisted
7592
RUXIMICS.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
5336
MoUsoCoreWorker.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
7028
msedge.exe
GET
200
150.171.28.11:443
https://edge.microsoft.com/autofillservice/core/page/-2721196816053152909/5193700706065528150?CIdAlgoVersion=2
US
text
20 b
whitelisted
7028
msedge.exe
POST
200
150.171.28.11:443
https://edge.microsoft.com/linkDoctor/api/v1/getCorrections
US
text
276 b
whitelisted
7028
msedge.exe
POST
200
150.171.28.11:443
https://edge.microsoft.com/linkDoctor/api/v1/getCorrections
US
text
276 b
whitelisted
5336
MoUsoCoreWorker.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4612
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7592
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5336
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
224.0.0.251:5353
whitelisted
7028
msedge.exe
92.123.104.52:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
7028
msedge.exe
150.171.28.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7028
msedge.exe
8.8.8.8:53
GOOGLE
US
whitelisted
4612
svchost.exe
2.16.164.49:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
7592
RUXIMICS.exe
2.16.164.49:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5336
MoUsoCoreWorker.exe
2.16.164.49:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
  • 20.73.194.208
whitelisted
google.com
  • 142.251.14.101
  • 142.251.14.100
  • 142.251.14.102
  • 142.251.14.139
  • 142.251.14.113
  • 142.251.14.138
  • 142.251.13.138
  • 142.251.13.101
  • 142.251.13.139
  • 142.251.13.113
  • 142.251.13.102
  • 142.251.13.100
whitelisted
www.bing.com
  • 92.123.104.52
  • 92.123.104.53
  • 92.123.104.59
  • 92.123.104.50
  • 92.123.104.65
  • 92.123.104.61
  • 92.123.104.56
  • 92.123.104.62
  • 92.123.104.58
  • 92.123.104.19
  • 92.123.104.12
  • 92.123.104.13
  • 92.123.104.18
  • 92.123.104.17
  • 92.123.104.9
  • 92.123.104.16
  • 92.123.104.6
  • 92.123.104.14
  • 92.123.104.55
  • 92.123.104.63
  • 92.123.104.39
  • 92.123.104.49
  • 92.123.104.30
  • 92.123.104.29
  • 92.123.104.32
  • 92.123.104.34
  • 92.123.104.33
  • 2.16.241.206
  • 2.16.241.207
  • 2.16.241.205
  • 2.16.241.218
  • 2.16.241.222
  • 2.16.241.219
  • 2.21.245.28
  • 2.21.245.27
  • 2.21.245.21
  • 2.21.245.23
  • 2.21.245.26
  • 2.21.245.22
  • 2.21.245.31
  • 2.21.245.30
  • 2.21.245.29
whitelisted
shnyhntww34phqoa6dcgnvps2yu7dlwzmy5lkvejwjdo6z7bmgshzayd.onion
unknown
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
crl.microsoft.com
  • 2.16.164.49
  • 2.16.164.120
whitelisted
www.microsoft.com
  • 23.52.181.212
whitelisted
fs.microsoft.com
  • 23.197.142.186
whitelisted
login.live.com
  • 20.190.160.20
  • 20.190.160.130
  • 20.190.160.14
  • 40.126.32.140
  • 20.190.160.5
  • 20.190.160.65
  • 20.190.160.132
  • 40.126.32.133
  • 20.190.160.64
  • 40.126.32.134
  • 40.126.32.136
  • 40.126.32.74
  • 40.126.32.138
  • 20.190.160.67
whitelisted
msedge.b.tlu.dl.delivery.mp.microsoft.com
  • 2.16.168.108
  • 2.16.168.102
  • 2.16.168.112
  • 199.232.214.172
  • 199.232.210.172
whitelisted

Threats

PID
Process
Class
Message
7028
msedge.exe
Potential Corporate Privacy Violation
ET INFO DNS Query for TOR Hidden Domain .onion Accessible Via TOR
2180
svchost.exe
Potential Corporate Privacy Violation
ET INFO DNS Query for TOR Hidden Domain .onion Accessible Via TOR
7028
msedge.exe
Potential Corporate Privacy Violation
ET INFO DNS Query for TOR Hidden Domain .onion Accessible Via TOR
7028
msedge.exe
Potential Corporate Privacy Violation
ET INFO DNS Query for TOR Hidden Domain .onion Accessible Via TOR
7028
msedge.exe
Potential Corporate Privacy Violation
ET INFO DNS Query for TOR Hidden Domain .onion Accessible Via TOR
7028
msedge.exe
Potential Corporate Privacy Violation
ET INFO DNS Query for TOR Hidden Domain .onion Accessible Via TOR
7028
msedge.exe
Potential Corporate Privacy Violation
ET INFO DNS Query for TOR Hidden Domain .onion Accessible Via TOR
4612
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
7028
msedge.exe
Potential Corporate Privacy Violation
ET INFO DNS Query for TOR Hidden Domain .onion Accessible Via TOR
7028
msedge.exe
Potential Corporate Privacy Violation
ET INFO DNS Query for TOR Hidden Domain .onion Accessible Via TOR
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://shnyhntww34phqoa6dcgnvps2yu7dlwzmy5lkvejwjdo6z7bmgshzayd.onion/