URL:

https://github.com/jwmskskmksw/Hackz-Stable-Nuker-main

Full analysis: https://app.any.run/tasks/37d3cfd7-794a-4d52-a237-1d3970ec9711
Verdict: Malicious activity
Analysis date: March 04, 2025, 16:16:17
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
github
arch-exec
arch-doc
evasion
Indicators:
MD5:

33AA6B46DF66C2D7899DEE39383800F6

SHA1:

D5FEBE28CB51CC864174C11E323A90C0C920600E

SHA256:

4BED59DAD7B1EE7AE33F9E93681074C1D1D56C3160A861D7CB959542B329F9AC

SSDEEP:

3:N8tEd/7WJtl2krQOAXI5Kn:2uojZAXOK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • Hackz Nuker.exe (PID: 2240)
      • Hackz Nuker.exe (PID: 7932)
      • Hackz Nuker.exe (PID: 1272)
      • Hackz Nuker.exe (PID: 6112)

    • Adds path to the Windows Defender exclusion list

      • Hackz Nuker.exe (PID: 6112)
      • cmd.exe (PID: 4024)

    • Antivirus name has been found in the command line (generic signature)

      • cmd.exe (PID: 8056)

    • Changes Controlled Folder Access settings

      • powershell.exe (PID: 6244)

    • Changes antivirus protection settings for downloading files from the Internet (IOAVProtection)

      • powershell.exe (PID: 6244)

    • Changes settings for real-time protection

      • powershell.exe (PID: 6244)

    • Changes settings for reporting to Microsoft Active Protection Service (MAPS)

      • powershell.exe (PID: 6244)

    • Changes settings for sending potential threat samples to Microsoft servers

      • powershell.exe (PID: 6244)

    • Changes settings for protection against network attacks (IPS)

      • powershell.exe (PID: 6244)

    • Changes settings for checking scripts for malicious actions

      • powershell.exe (PID: 6244)

    • Resets Windows Defender malware definitions to the base version

      • MpCmdRun.exe (PID: 8464)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • msedge.exe (PID: 7492)
      • msedge.exe (PID: 2284)
      • WinRAR.exe (PID: 4300)
      • Hackz Nuker.exe (PID: 2240)
      • Hackz Nuker.exe (PID: 1272)

    • Starts a Microsoft application from unusual location

      • Hackz Nuker.exe (PID: 2240)
      • Hackz Nuker.exe (PID: 7932)
      • Hackz Nuker.exe (PID: 1272)
      • Hackz Nuker.exe (PID: 6112)

    • The process drops C-runtime libraries

      • Hackz Nuker.exe (PID: 2240)
      • Hackz Nuker.exe (PID: 1272)

    • Executable content was dropped or overwritten

      • Hackz Nuker.exe (PID: 2240)
      • Hackz Nuker.exe (PID: 1272)

    • Process drops python dynamic module

      • Hackz Nuker.exe (PID: 2240)
      • Hackz Nuker.exe (PID: 1272)

    • Application launched itself

      • Hackz Nuker.exe (PID: 2240)
      • Hackz Nuker.exe (PID: 7932)
      • Hackz Nuker.exe (PID: 1272)

    • Found strings related to reading or modifying Windows Defender settings

      • Hackz Nuker.exe (PID: 6112)

    • Starts CMD.EXE for commands execution

      • Hackz Nuker.exe (PID: 6112)

    • Get information on the list of running processes

      • Hackz Nuker.exe (PID: 6112)
      • cmd.exe (PID: 3884)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 4024)
      • cmd.exe (PID: 8056)

    • Script adds exclusion path to Windows Defender

      • cmd.exe (PID: 4024)

    • Script disables Windows Defender's real-time protection

      • cmd.exe (PID: 8056)

    • Script disables Windows Defender's IPS

      • cmd.exe (PID: 8056)

    • Uses WMIC.EXE to obtain Windows Installer data

      • cmd.exe (PID: 3140)

    • Accesses product unique identifier via WMI (SCRIPT)

      • WMIC.exe (PID: 2040)

    • Checks for external IP

      • svchost.exe (PID: 2196)
      • Hackz Nuker.exe (PID: 6112)

  • INFO

    • Reads Environment values

      • identity_helper.exe (PID: 7748)

    • Checks supported languages

      • identity_helper.exe (PID: 7748)

    • Reads the computer name

      • identity_helper.exe (PID: 7748)

    • Creates files or folders in the user directory

      • BackgroundTransferHost.exe (PID: 3884)

    • Reads security settings of Internet Explorer

      • BackgroundTransferHost.exe (PID: 3676)
      • BackgroundTransferHost.exe (PID: 3884)

    • Reads the software policy settings

      • BackgroundTransferHost.exe (PID: 3884)

    • Checks proxy server information

      • BackgroundTransferHost.exe (PID: 3884)

    • Application launched itself

      • msedge.exe (PID: 2284)

    • The sample compiled with english language support

      • msedge.exe (PID: 7492)
      • msedge.exe (PID: 2284)
      • WinRAR.exe (PID: 4300)
      • Hackz Nuker.exe (PID: 2240)
      • Hackz Nuker.exe (PID: 1272)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 4300)

    • Checks if a key exists in the options dictionary (POWERSHELL)

      • powershell.exe (PID: 6244)
      • powershell.exe (PID: 4112)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 6244)
      • powershell.exe (PID: 4112)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
209
Monitored processes
68
Malicious processes
8
Suspicious processes
2

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs sppextcomobj.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs backgroundtransferhost.exe no specs backgroundtransferhost.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs winrar.exe hackz nuker.exe hackz nuker.exe no specs hackz nuker.exe hackz nuker.exe cmd.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs tasklist.exe no specs wmic.exe no specs svchost.exe mpcmdrun.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe no specs shellexperiencehost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
904"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5640 --field-trial-handle=2396,i,12556364452700724003,14533088008157511587,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
920tasklist /FO LISTC:\Windows\System32\tasklist.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Lists the current running tasks
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\tasklist.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1272"C:\Users\admin\AppData\Local\Temp\Rar$EXa4300.30968\Hackz-Stable-Nuker-main\Hackz-Stable-Nuker-main\Hackz Nuker.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa4300.30968\Hackz-Stable-Nuker-main\Hackz-Stable-Nuker-main\Hackz Nuker.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa4300.30968\Hackz-Stable-Nuker-main\Hackz-Stable-Nuker-main\Hackz Nuker.exe
Hackz Nuker.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Remote Access Phonebook
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa4300.30968\hackz-stable-nuker-main\hackz-stable-nuker-main\hackz nuker.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1628"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
1852"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5224 --field-trial-handle=2396,i,12556364452700724003,14533088008157511587,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2040wmic csproduct get uuidC:\Windows\System32\wbem\WMIC.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
WMI Commandline Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
2196C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2240"C:\Users\admin\AppData\Local\Temp\Rar$EXa4300.30968\Hackz-Stable-Nuker-main\Hackz-Stable-Nuker-main\Hackz Nuker.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa4300.30968\Hackz-Stable-Nuker-main\Hackz-Stable-Nuker-main\Hackz Nuker.exe
WinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Remote Access Phonebook
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa4300.30968\hackz-stable-nuker-main\hackz-stable-nuker-main\hackz nuker.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
2284"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://github.com/jwmskskmksw/Hackz-Stable-Nuker-main"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2504"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6444 --field-trial-handle=2396,i,12556364452700724003,14533088008157511587,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
23 195
Read events
23 148
Write events
47
Delete events
0

Modification events

(PID) Process:(2284) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2284) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(2284) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(2284) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(2284) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
8F328CE01C8E2F00
(PID) Process:(2284) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
F34195E01C8E2F00
(PID) Process:(2284) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197456
Operation:writeName:WindowTabManagerFileMappingId
Value:
{9AE14D5D-BDC1-4874-9949-2F99703068AF}
(PID) Process:(2284) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197456
Operation:writeName:WindowTabManagerFileMappingId
Value:
{31D841EA-35A8-475D-9161-14CBC4163A4E}
(PID) Process:(2284) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197456
Operation:writeName:WindowTabManagerFileMappingId
Value:
{95E977E9-CE7D-4888-8C86-8560313182B5}
(PID) Process:(2284) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\197456
Operation:writeName:WindowTabManagerFileMappingId
Value:
{53BE1D2A-8FB9-498D-9616-1ACC9A052345}
Executable files
45
Suspicious files
411
Text files
49
Unknown types
1

Dropped files

PID
Process
Filename
Type
2284msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF10b6de.TMP
MD5:
SHA256:
2284msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
2284msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF10b6ee.TMP
MD5:
SHA256:
2284msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
2284msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF10b6fd.TMP
MD5:
SHA256:
2284msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF10b6fd.TMP
MD5:
SHA256:
2284msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
2284msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
2284msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF10b6ee.TMP
MD5:
SHA256:
2284msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
21
TCP/UDP connections
78
DNS requests
76
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6544
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
3884
BackgroundTransferHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
8000
backgroundTaskHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
8500
SIHClient.exe
GET
200
23.209.214.100:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6112
Hackz Nuker.exe
GET
200
208.95.112.1:80
http://ip-api.com/line/?fields=hosting
unknown
whitelisted
8500
SIHClient.exe
GET
200
23.209.214.100:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
8948
svchost.exe
HEAD
200
84.201.210.23:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1741205673&P2=404&P3=2&P4=hTU5t0DpnZje1xdKl%2bUHJER2ukh4rUTjsRkzIoRNRdjVCYWBqNwjuehd5E6RyHn88Q4Ty9Jjro1l8dqHl41Drg%3d%3d
unknown
whitelisted
8948
svchost.exe
GET
206
84.201.210.23:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1741205673&P2=404&P3=2&P4=hTU5t0DpnZje1xdKl%2bUHJER2ukh4rUTjsRkzIoRNRdjVCYWBqNwjuehd5E6RyHn88Q4Ty9Jjro1l8dqHl41Drg%3d%3d
unknown
whitelisted
8948
svchost.exe
GET
206
84.201.210.23:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1741205673&P2=404&P3=2&P4=hTU5t0DpnZje1xdKl%2bUHJER2ukh4rUTjsRkzIoRNRdjVCYWBqNwjuehd5E6RyHn88Q4Ty9Jjro1l8dqHl41Drg%3d%3d
unknown
whitelisted
8948
svchost.exe
GET
206
84.201.210.23:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1741205673&P2=404&P3=2&P4=hTU5t0DpnZje1xdKl%2bUHJER2ukh4rUTjsRkzIoRNRdjVCYWBqNwjuehd5E6RyHn88Q4Ty9Jjro1l8dqHl41Drg%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
5544
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
7492
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2284
msedge.exe
239.255.255.250:1900
whitelisted
7492
msedge.exe
140.82.121.3:443
github.com
GITHUB
US
whitelisted
7492
msedge.exe
13.107.21.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7492
msedge.exe
13.107.253.44:443
edge-mobile-static.azureedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7492
msedge.exe
13.107.6.158:443
business.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.16.206
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.104.136.2
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
github.com
  • 140.82.121.3
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.253.44
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
bzib.nelreports.net
  • 23.48.23.51
  • 23.48.23.26
whitelisted
github.githubassets.com
  • 185.199.111.154
  • 185.199.109.154
  • 185.199.108.154
  • 185.199.110.154
whitelisted
www.bing.com
  • 92.123.104.64
  • 92.123.104.11
  • 92.123.104.62
  • 92.123.104.9
  • 92.123.104.7
  • 92.123.104.63
  • 92.123.104.67
  • 92.123.104.10
  • 92.123.104.66
  • 92.123.104.18
  • 92.123.104.22
  • 92.123.104.8
  • 92.123.104.17
  • 92.123.104.26
  • 2.19.96.82
  • 2.19.96.18
  • 2.19.96.83
  • 2.19.96.130
  • 2.19.96.120
  • 2.19.96.16
  • 2.19.96.90
  • 2.19.96.8
  • 2.19.96.129
whitelisted

Threats

PID
Process
Class
Message
7492
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
7492
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
2196
svchost.exe
Device Retrieving External IP Address Detected
INFO [ANY.RUN] External IP Check (ip-api .com)
2196
svchost.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com)
6112
Hackz Nuker.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup ip-api.com
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://github.com/jwmskskmksw/Hackz-Stable-Nuker-main