URL:

http://178.17.59.68:5506/b.txt

Full analysis: https://app.any.run/tasks/4b398135-c2c0-4a00-9290-a2ca39aec5ab
Verdict: Malicious activity
Threats:

HijackLoader is a modular malware acting as a vehicle for distributing different types of malicious software on compromised systems. It gained prominence during the summer of 2023 and has since been used in multiple attacks against organizations from various sectors, including hospitality businesses.

Malware Trends Tracker     >>>
Analysis date: January 15, 2026, 07:11:07
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
loader
hijackloader
stealer
Indicators:
MD5:

47E537ED8F16A430EA6B7E2F6B297EA1

SHA1:

759EC053D3D43C1C0F13086AABC3BF9047D1DFCC

SHA256:

58485980A6E5F3B1DB05113C45FB492265713D8098A63C03025DA7E0BAA7AD78

SSDEEP:

3:N1KqdLLLQ6deRTn:CqZXeRTn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • MegaA.exe (PID: 8176)

    • Actions looks like stealing of personal data

      • MegaA.exe (PID: 8176)

    • HIJACKLOADER has been detected (YARA)

      • Crisp.exe (PID: 4220)
      • Infra_Transp.exe (PID: 9168)
      • MegaA.exe (PID: 8176)

    • Steals credentials from Web Browsers

      • MegaA.exe (PID: 8176)

    • Connects to the CnC server

      • MegaA.exe (PID: 8176)

    • HIJACKLOADER has been detected (SURICATA)

      • MegaA.exe (PID: 8176)

  • SUSPICIOUS

    • Executes as Windows Service

      • VSSVC.exe (PID: 7364)

    • Starts itself from another location

      • Infra_Transp.exe (PID: 8728)

    • Executable content was dropped or overwritten

      • Infra_Transp.exe (PID: 9168)
      • Infra_Transp.exe (PID: 8728)

    • Contacting a server suspected of hosting an CnC

      • MegaA.exe (PID: 8176)

    • Connects to unusual port

      • MegaA.exe (PID: 8176)

    • There is functionality for taking screenshot (YARA)

      • Infra_Transp.exe (PID: 9168)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 7500)

    • Reads the computer name

      • identity_helper.exe (PID: 6664)
      • TextInputHost.exe (PID: 8364)
      • msiexec.exe (PID: 7280)
      • Infra_Transp.exe (PID: 8728)
      • Infra_Transp.exe (PID: 9168)
      • Crisp.exe (PID: 4220)
      • MegaA.exe (PID: 8176)

    • Reads Environment values

      • identity_helper.exe (PID: 6664)

    • Launching a file from the Downloads directory

      • msedge.exe (PID: 7500)

    • Checks supported languages

      • identity_helper.exe (PID: 6664)
      • TextInputHost.exe (PID: 8364)
      • msiexec.exe (PID: 7280)
      • Infra_Transp.exe (PID: 8728)
      • Infra_Transp.exe (PID: 9168)
      • Crisp.exe (PID: 4220)
      • MegaA.exe (PID: 8176)

    • Reads security settings of Internet Explorer

      • notepad.exe (PID: 8216)

    • Manual execution by a user

      • msiexec.exe (PID: 424)

    • Connects to unusual port

      • msedge.exe (PID: 7824)

    • The sample compiled with english language support

      • msedge.exe (PID: 7824)
      • msiexec.exe (PID: 7280)
      • Infra_Transp.exe (PID: 9168)
      • Infra_Transp.exe (PID: 8728)

    • Manages system restore points

      • SrTasks.exe (PID: 4120)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 7280)

    • Creates files in the program directory

      • Infra_Transp.exe (PID: 8728)
      • MegaA.exe (PID: 8176)

    • Creates files or folders in the user directory

      • Infra_Transp.exe (PID: 9168)

    • Create files in a temporary directory

      • Infra_Transp.exe (PID: 9168)
      • Crisp.exe (PID: 4220)
      • MegaA.exe (PID: 8176)

    • Checks proxy server information

      • slui.exe (PID: 8812)

    • Reads the machine GUID from the registry

      • MegaA.exe (PID: 8176)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
201
Monitored processes
47
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details

Process information

PID
CMD
Path
Indicators
Parent process
424"C:\WINDOWS\System32\msiexec.exe" /i "C:\Users\admin\Downloads\ZOREEOXK.msi" C:\Windows\System32\msiexec.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1984\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSrTasks.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4120C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:15C:\Windows\System32\SrTasks.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Windows System Protection background tasks.
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\srtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
4220C:\Users\admin\AppData\Roaming\com_ms_worker_v3_x86_lts\Crisp.exeC:\Users\admin\AppData\Roaming\com_ms_worker_v3_x86_lts\Crisp.exe
Infra_Transp.exe
User:
admin
Company:
Crisp IM SAS
Integrity Level:
MEDIUM
Description:
Crisp
Exit code:
0
Version:
6.0.68
Modules
Images
c:\windows\syswow64\rasapi32.dll
c:\users\admin\appdata\roaming\com_ms_worker_v3_x86_lts\crisp.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
4704"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5196,i,8001348190692759325,7783743280602207040,262144 --variations-seed-version --mojo-platform-channel-handle=7616 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6272"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=7624,i,8001348190692759325,7783743280602207040,262144 --variations-seed-version --mojo-platform-channel-handle=7528 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6664"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5948,i,8001348190692759325,7783743280602207040,262144 --variations-seed-version --mojo-platform-channel-handle=6492 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
7204"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5144,i,8001348190692759325,7783743280602207040,262144 --variations-seed-version --mojo-platform-channel-handle=4624 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
7232"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --disable-quic --onnx-enabled-for-ee --string-annotations --always-read-main-dll --field-trial-handle=5140,i,8001348190692759325,7783743280602207040,262144 --variations-seed-version --mojo-platform-channel-handle=4104 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
7260"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=7236,i,8001348190692759325,7783743280602207040,262144 --variations-seed-version --mojo-platform-channel-handle=7736 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
6 468
Read events
6 311
Write events
148
Delete events
9

Modification events

(PID) Process:(7280) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
480000000000000055DCB738EE85DC01701C0000A01C0000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7280) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
480000000000000055DCB738EE85DC01701C0000A01C0000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7280) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
480000000000000005761239EE85DC01701C0000A01C0000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7280) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
480000000000000005761239EE85DC01701C0000A01C0000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7364) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\ASR Writer
Operation:writeName:IDENTIFY (Leave)
Value:
4800000000000000E2995739EE85DC01C41C000014120000E80300000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7364) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Shadow Copy Optimization Writer
Operation:writeName:IDENTIFY (Leave)
Value:
4800000000000000E2995739EE85DC01C41C000090210000E80300000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7280) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
480000000000000003D91439EE85DC01701C0000A01C0000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7280) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
4800000000000000569D1939EE85DC01701C0000A01C0000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7280) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:writeName:LastIndex
Value:
15
(PID) Process:(7280) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Enter)
Value:
48000000000000006D393639EE85DC01701C0000A01C0000D30700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
9
Suspicious files
62
Text files
183
Unknown types
1

Dropped files

PID
Process
Filename
Type
7500msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RFfdf99.TMP
MD5:
SHA256:
7500msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
7500msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RFfdf99.TMP
MD5:
SHA256:
7500msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
7500msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RFfdfa8.TMP
MD5:
SHA256:
7500msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RFfdfa8.TMP
MD5:
SHA256:
7500msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
7500msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RFfdfa8.TMP
MD5:
SHA256:
7500msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
7500msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
93
TCP/UDP connections
70
DNS requests
64
Threats
15

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7824
msedge.exe
GET
304
150.171.28.11:443
https://edge.microsoft.com/abusiveadblocking/api/v1/blocklist
US
whitelisted
7824
msedge.exe
GET
200
150.171.28.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:QIhHYJgRGwVZHUxJdwphRklhcx3q_wnlwiizzokJq7E&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
US
text
101 b
whitelisted
7824
msedge.exe
GET
200
104.18.23.222:443
https://copilot.microsoft.com/c/api/user/eligibility
US
text
25 b
whitelisted
7824
msedge.exe
GET
200
150.171.27.11:443
https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=arbitration_priority_list&version=24.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362
US
text
271 b
whitelisted
7824
msedge.exe
GET
200
150.171.27.11:443
https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=edge_hub_apps_manifest_gz&version=4.11.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362
US
text
266 b
whitelisted
7824
msedge.exe
GET
200
150.171.22.17:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=EdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=65&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1741678270&lafgdate=0
US
text
892 b
whitelisted
6768
MoUsoCoreWorker.exe
GET
304
40.127.240.158:443
https://settings-win.data.microsoft.com/settings/v3.0/OneSettings/Client?OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&LocalDeviceID=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&AttrDataVer=186&OSUILocale=en-US&OSSkuId=48&App=WOSC&AppVer=&IsFlightingEnabled=0&TelemetryLevel=1&DeviceFamily=Windows.Desktop
US
whitelisted
7824
msedge.exe
GET
200
150.171.27.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
US
text
446 b
whitelisted
7824
msedge.exe
GET
200
150.171.27.11:443
https://edge.microsoft.com/extensionwebstorebase/v1/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=edgecrx&prodchannel=&prodversion=133.0.3065.92&lang=en-US&acceptformat=crx3,puff&x=id%3Djmjflgjpcpepeafmmgdpfkogkghcpiha%26v%3D1.2.1%26installedby%3Dother%26uc%26ping%3Dr%253D546%2526e%253D1
US
xml
413 b
whitelisted
7824
msedge.exe
POST
200
142.251.208.3:443
https://update.googleapis.com/service/update2/json?cup2key=14:Ui9WOsBiLD3ExO4udo8W5I0E8DVX853vf172cxTtnRQ&cup2hreq=7f77698a46998cc34b865f833b7853d62071e309c6e77fd29d55ae94102ec5ec
US
text
349 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
1136
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5356
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
7824
msedge.exe
150.171.28.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7824
msedge.exe
150.171.22.17:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7824
msedge.exe
178.17.59.68:5506
QWINS-LTD QWINS AS-SET: ~ # AS213702:AS-CUSTOMERS
GB
unknown
7824
msedge.exe
150.171.28.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7824
msedge.exe
13.107.246.45:443
edgeassetservice.azureedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
  • 20.73.194.208
whitelisted
google.com
  • 142.250.185.142
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
copilot.microsoft.com
  • 104.18.23.222
  • 104.18.22.222
whitelisted
update.googleapis.com
  • 142.251.208.3
whitelisted
www.bing.com
  • 2.16.241.220
  • 2.16.241.215
  • 2.16.241.203
  • 2.16.241.201
  • 2.16.241.221
  • 2.16.241.219
  • 2.16.241.217
  • 2.16.241.197
  • 2.16.241.222
  • 2.16.204.135
  • 2.16.204.144
  • 2.16.204.145
  • 2.16.204.142
  • 2.16.204.139
  • 2.16.204.137
  • 2.16.204.143
  • 2.16.204.136
  • 2.16.204.160
  • 92.122.215.55
  • 92.122.215.57
  • 92.122.215.58
  • 92.122.215.75
  • 92.122.215.65
  • 92.122.215.72
  • 92.122.215.74
  • 92.122.215.53
  • 92.122.215.56
whitelisted
edgeassetservice.azureedge.net
  • 13.107.246.45
  • 13.107.213.45
whitelisted
www.googleapis.com
  • 142.250.186.138
  • 142.251.141.106
  • 142.250.184.202
  • 142.250.185.74
  • 172.217.18.10
  • 142.250.185.170
  • 142.251.140.170
  • 142.251.208.10
  • 142.250.74.202
  • 142.250.184.234
  • 142.250.186.170
  • 172.217.20.138
  • 142.251.141.74
  • 142.250.185.202
  • 142.250.185.138
  • 142.250.185.106
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted

Threats

PID
Process
Class
Message
7824
msedge.exe
Potentially Bad Traffic
ET HUNTING Terse Request for .txt - Likely Hostile
7824
msedge.exe
Potentially Bad Traffic
ET HUNTING Powershell Downloader with Start-Process Inbound M1
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
8176
MegaA.exe
Malware Command and Control Activity Detected
MALWARE [ANY.RUN] Win32/HijackLoader CnC connection established M1
8176
MegaA.exe
Malware Command and Control Activity Detected
MALWARE [ANY.RUN] Win32/HijackLoader CnC frame outbound
8176
MegaA.exe
Malware Command and Control Activity Detected
MALWARE [ANY.RUN] Win32/HijackLoader CnC frame inbound
8176
MegaA.exe
Malware Command and Control Activity Detected
MALWARE [ANY.RUN] Win32/HijackLoader CnC frame outbound
8176
MegaA.exe
Malware Command and Control Activity Detected
MALWARE [ANY.RUN] Win32/HijackLoader CnC frame outbound
8176
MegaA.exe
Malware Command and Control Activity Detected
MALWARE [ANY.RUN] Win32/HijackLoader CnC frame inbound
8176
MegaA.exe
Malware Command and Control Activity Detected
MALWARE [ANY.RUN] Win32/HijackLoader CnC frame outbound
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://178.17.59.68:5506/b.txt