| URL: | hdtodayz.cc |
| Full analysis: | https://app.any.run/tasks/952c015e-445b-44d4-80c5-8ec7bdd04eb8 |
| Verdict: | Malicious activity |
| Threats: | Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security. |
| Analysis date: | March 28, 2026, 02:53:15 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Tags: | |
| Indicators: | |
| MD5: | E854F142FBCE4E6D52AA5942680AFBDF |
| SHA1: | C1D86A29FE3172133668119F5992C0311160D134 |
| SHA256: | 44E6F7E95577BD4714F87BA764471F461CB317625EE348B8C2DF1319AB39625F |
| SSDEEP: | 3:dPuLGGn:VuVn |
MALICIOUS
PHISHING has been detected (SURICATA)
- msedge.exe (PID: 7028)
ADWARE has been detected (SURICATA)
- msedge.exe (PID: 7028)
SUSPICIOUS
No suspicious indicators.INFO
No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
161
Monitored processes
1
Malicious processes
1
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 7028 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --webtransport-developer-mode --string-annotations --always-read-main-dll --field-trial-handle=2256,i,13378875761215938322,9620771509043916482,262144 --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:3 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | msedge.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Version: 133.0.3065.92 Modules
| |||||||||||||||
Total events
0
Read events
0
Write events
0
Delete events
0
Modification events
Executable files
0
Suspicious files
1
Text files
1
Unknown types
10
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\6c2006c0-c036-47a4-aaf7-a8bda4f19b52.tmp | binary | |
MD5:F054A7D6E382DF24018FE84986B710A2 | SHA256:4E5235C6B40BCE6C5FD0554D554FCDB38E8016DCDDFA9CAB63103407CAF8DAEB | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ba | compressed | |
MD5:F3AD19FDBD15A27B32A4D25E49CC266E | SHA256:3A657EDDEC2905CE29950E37A3CC78C6839AFC858FE26A89490A1502BE032D13 | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b7 | text | |
MD5:E762FE48F237433248062D4C1D1ACB8B | SHA256:6D10FFE4E339CD38A2BFD67C3AB03510CD768C7010934ECC17C1B0504588005A | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b5 | binary | |
MD5:A7A295739B6B7DD0C589083E768F5951 | SHA256:99DE6F6B4A7945CD4335679054D0F8C6995D983D67691464D8E7655C3AB82789 | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b6 | binary | |
MD5:63F9FD621D1FBD53B7C5856E58C11CCD | SHA256:C6BC28686490ABA34A53AB3B709AFA1FD73C21E60FEB25608B09F23EFE170089 | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b9 | binary | |
MD5:63F9FD621D1FBD53B7C5856E58C11CCD | SHA256:C6BC28686490ABA34A53AB3B709AFA1FD73C21E60FEB25608B09F23EFE170089 | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b8 | binary | |
MD5:A7A295739B6B7DD0C589083E768F5951 | SHA256:99DE6F6B4A7945CD4335679054D0F8C6995D983D67691464D8E7655C3AB82789 | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State | binary | |
MD5:F054A7D6E382DF24018FE84986B710A2 | SHA256:4E5235C6B40BCE6C5FD0554D554FCDB38E8016DCDDFA9CAB63103407CAF8DAEB | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bb | binary | |
MD5:46595AB4CF79C7EF90E9BCF1287712C7 | SHA256:C389ABBE5F619705EB07CC6245DC223920C1262544FDC698A02329AC2DD51A59 | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bc | binary | |
MD5:ABD8E8A9503C65F54F4504D46F8F98CC | SHA256:03316F37E6A4C3A3049F36D6B3618C022032AF1E57EC212CA029C3C083156549 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
108
TCP/UDP connections
80
DNS requests
72
Threats
14
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
4024 | svchost.exe | GET | — | 4.231.128.59:443 | https://settings-win.data.microsoft.com/settings/v3.0/WSD/WaasMedic?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&appVer=10.0.19041.3758&ring=Retail&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4 | unknown | — | — | whitelisted |
7456 | RUXIMICS.exe | GET | 304 | 4.231.128.59:443 | https://settings-win.data.microsoft.com/settings/v3.0/WSD/RUXIM?os=Windows&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3623&OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&FlightRing=Retail&AttrDataVer=188&App=RUXIM&AppVer=&DeviceFamily=Windows.Desktop | unknown | — | — | whitelisted |
5336 | MoUsoCoreWorker.exe | GET | 304 | 4.231.128.59:443 | https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3593&FlightIds=&UpdateOfferedDays=344&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%206%20Model%2014%20Stepping%203&sku=48&ActivationChannel=Retail&AttrDataVer=188&IsMDMEnrolled=0&ProcessorCores=4&ProcessorModel=Intel%28R%29%20Core%28TM%29%20i5-6400%20CPU%20%40%202.70GHz&TotalPhysicalRAM=4096&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260246&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30 | unknown | — | — | whitelisted |
7760 | svchost.exe | HEAD | 200 | 23.197.142.186:443 | https://fs.microsoft.com/fs/windows/config.json | unknown | — | — | whitelisted |
4024 | svchost.exe | GET | 200 | 23.216.77.28:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
7456 | RUXIMICS.exe | GET | 200 | 23.216.77.28:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
5336 | MoUsoCoreWorker.exe | GET | 200 | 23.216.77.28:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
7028 | msedge.exe | GET | 200 | 92.123.104.32:443 | https://www.bing.com/bloomfilterfiles/ExpandedDomainsFilterGlobal.json | unknown | text | 665 Kb | whitelisted |
7028 | msedge.exe | GET | 200 | 18.245.60.80:443 | https://ob.sd559908.js.brandsmat.com/i/c59f6651af12b5efb3ef9693abae15af.js | unknown | binary | 119 Kb | unknown |
4024 | svchost.exe | GET | 200 | 23.52.181.212:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4024 | svchost.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
7456 | RUXIMICS.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
5336 | MoUsoCoreWorker.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
— | — | 224.0.0.251:5353 | — | — | — | whitelisted |
7028 | msedge.exe | 92.123.104.34:443 | www.bing.com | AKAMAI-ASN1 | NL | whitelisted |
7028 | msedge.exe | 103.224.182.243:443 | hdtodayz.cc | TRELLIAN-AS-AP Trellian Pty. Limited | AU | unknown |
7028 | msedge.exe | 103.224.182.243:80 | hdtodayz.cc | TRELLIAN-AS-AP Trellian Pty. Limited | AU | unknown |
4024 | svchost.exe | 23.216.77.28:80 | crl.microsoft.com | AKAMAI-ASN1 | NL | whitelisted |
7456 | RUXIMICS.exe | 23.216.77.28:80 | crl.microsoft.com | AKAMAI-ASN1 | NL | whitelisted |
5336 | MoUsoCoreWorker.exe | 23.216.77.28:80 | crl.microsoft.com | AKAMAI-ASN1 | NL | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
www.bing.com |
| whitelisted |
hdtodayz.cc |
| unknown |
crl.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
ob.sd559908.js.brandsmat.com |
| unknown |
fs.microsoft.com |
| whitelisted |
login.live.com |
| whitelisted |
obs.sd559908.js.brandsmat.com |
| unknown |
Threats
PID | Process | Class | Message |
|---|---|---|---|
7028 | msedge.exe | Misc activity | INFO [ANY.RUN] .cc TLD domain request |
4024 | svchost.exe | Unknown Traffic | ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW) |
— | — | Misc activity | INFO [ANY.RUN] FingerprintJS Usage Observed in URI (/js/fingerprint/iife.min.js) |
— | — | Attempted Information Leak | SUSPICIOUS [ANY.RUN] FingerprintJS Usage Observed in HTTP response |
— | — | Misc activity | INFO [ANY.RUN] FingerprintJS Usage Observed in URI (/js/fingerprint/iife.min.js) |
— | — | Attempted Information Leak | SUSPICIOUS [ANY.RUN] FingerprintJS Usage Observed in HTTP response |
7028 | msedge.exe | Possible Social Engineering Attempted | PHISHING [ANY.RUN] Suspected Phishing Domain (.lotaay .com) |
7028 | msedge.exe | Possible Social Engineering Attempted | PHISHING [ANY.RUN] Suspected Phishing Domain (.lotaay .com) |
7028 | msedge.exe | Possible Social Engineering Attempted | ADWARE [ANY.RUN] Antivirus Pop-up Spam related domain (*protect .co .in) |
7028 | msedge.exe | Possible Social Engineering Attempted | ADWARE [ANY.RUN] Antivirus Pop-up Spam related domain (*protect .co .in) |