URL:

propiski.com

Full analysis: https://app.any.run/tasks/d5ade599-d437-4489-82c8-c6c0fd68b0e5
Verdict: Malicious activity
Analysis date: March 26, 2026, 16:37:47
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
ta569
apt
socgholish
obfuscated-js
Indicators:
MD5:

3931A311CA35EB3263F62B4A1F322A2E

SHA1:

210F276A60979235A7424E3573E564D72BF43918

SHA256:

A9555EA2E7AA5BE37DDD98B1BF0055D9EC006740EF7B6F16FEE4D08F80E6D5CB

SSDEEP:

3:oYKK:o0

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • SOCGHOLISH has been detected (SURICATA)

      • msedge.exe (PID: 7028)
      • svchost.exe (PID: 2180)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
155
Monitored processes
2
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
#SOCGHOLISH svchost.exe #SOCGHOLISH msedge.exe

Process information

PID
CMD
Path
Indicators
Parent process
2180C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
7028"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --webtransport-developer-mode --string-annotations --always-read-main-dll --field-trial-handle=2256,i,13378875761215938322,9620771509043916482,262144 --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
39
Text files
39
Unknown types
1

Dropped files

PID
Process
Filename
Type
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bccompressed
MD5:F3AD19FDBD15A27B32A4D25E49CC266E
SHA256:3A657EDDEC2905CE29950E37A3CC78C6839AFC858FE26A89490A1502BE032D13
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000baimage
MD5:0F1CEC70A23BA5AED0E4654EB8F81BBA
SHA256:F540B6B483CE398D69E480C2159F620B7D368B2178417E6A2DDE53B0FA7449F3
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bebinary
MD5:8846DB11E50F9F13AD4B0613141FFFB0
SHA256:5EA4153EDF70B4DCF6E385B071DC3F6FA4BC25FEFBD820FFC7ECABC6258A948A
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b8compressed
MD5:8BD22F608BE673729B30C5B7C4023B4D
SHA256:228C4AC995DF20E360A5A803A96D7E7783EFA25D302DB956D7EB7117222F4AF8
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c3binary
MD5:DE69CF9E514DF447D1B0BB16F49D2457
SHA256:C447DD7677B419DB7B21DBDFC6277C7816A913FFDA76FD2E52702DF538DE0E49
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b7compressed
MD5:4F989A7CE1D45D60FA309F8740879452
SHA256:1C9A7D977C69539240F04B1B605C584062150B6E2CA342E6EA4D46168B0128AC
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c0binary
MD5:F9DEDA099EB1F2BB06547BCD13673E49
SHA256:13CE1EAC3BB5362C568622FC5D92D88F5C90B34BF86D1D2AE3FAB99BA6515A5C
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b6compressed
MD5:B4F63948D38CD6D435F679F7E7593F51
SHA256:3D49BA419F765807523DA3C7EF8A2856BF25946BF61446BA3512994CD7FF7440
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bdimage
MD5:F923851998919613EE2B19E44F7295FC
SHA256:7F196B3B2C098132B7D7D4A5921FB7EFFD488DA6BDBAD99404B0D55C9470FD6C
7028msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c4binary
MD5:665DB5E157D2138835C4037C971FF3A4
SHA256:1404CA348BD75EF836F4DD8B6F2CC719458642D1237C368296B2FC652DCA47DC
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
272
TCP/UDP connections
303
DNS requests
135
Threats
28

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7196
RUXIMICS.exe
GET
304
40.127.240.158:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/RUXIM?os=Windows&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3623&OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&FlightRing=Retail&AttrDataVer=188&App=RUXIM&AppVer=&DeviceFamily=Windows.Desktop
unknown
whitelisted
5336
MoUsoCoreWorker.exe
GET
304
40.127.240.158:443
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3593&FlightIds=&UpdateOfferedDays=344&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%206%20Model%2014%20Stepping%203&sku=48&ActivationChannel=Retail&AttrDataVer=188&IsMDMEnrolled=0&ProcessorCores=4&ProcessorModel=Intel%28R%29%20Core%28TM%29%20i5-6400%20CPU%20%40%202.70GHz&TotalPhysicalRAM=4096&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260246&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30
unknown
whitelisted
7760
svchost.exe
HEAD
200
104.103.102.195:443
https://fs.microsoft.com/fs/windows/config.json
unknown
whitelisted
7028
msedge.exe
GET
162.55.2.79:443
https://propiski.com/
unknown
7196
RUXIMICS.exe
GET
200
184.24.77.30:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
8012
svchost.exe
GET
200
184.24.77.30:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5336
MoUsoCoreWorker.exe
GET
200
184.24.77.30:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
8012
svchost.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7196
RUXIMICS.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5336
MoUsoCoreWorker.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
8012
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7196
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5336
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
224.0.0.251:5353
whitelisted
7028
msedge.exe
2.16.241.207:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
7028
msedge.exe
162.55.2.79:80
propiski.com
HETZNER-AS
DE
unknown
7028
msedge.exe
162.55.2.79:443
propiski.com
HETZNER-AS
DE
unknown
8012
svchost.exe
184.24.77.30:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
7196
RUXIMICS.exe
184.24.77.30:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5336
MoUsoCoreWorker.exe
184.24.77.30:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
  • 4.231.128.59
whitelisted
google.com
  • 142.251.110.113
  • 142.251.110.139
  • 142.251.110.138
  • 142.251.110.101
  • 142.251.110.102
  • 142.251.110.100
whitelisted
www.bing.com
  • 2.16.241.207
  • 2.16.241.205
  • 2.16.241.218
  • 2.16.241.225
  • 2.16.241.222
  • 2.16.241.201
  • 92.123.104.62
  • 92.123.104.63
  • 92.123.104.14
  • 92.123.104.52
  • 92.123.104.65
  • 92.123.104.12
  • 92.123.104.66
  • 92.123.104.61
  • 92.123.104.56
whitelisted
propiski.com
  • 162.55.2.79
unknown
crl.microsoft.com
  • 184.24.77.30
  • 184.24.77.41
  • 184.24.77.12
  • 184.24.77.18
  • 184.24.77.7
  • 184.24.77.38
  • 184.24.77.34
  • 184.24.77.27
  • 184.24.77.23
  • 184.24.77.15
  • 184.24.77.22
  • 184.24.77.16
  • 184.24.77.28
  • 184.24.77.17
  • 184.24.77.14
  • 184.24.77.10
whitelisted
www.microsoft.com
  • 23.52.181.212
whitelisted
login.live.com
  • 40.126.31.130
  • 20.190.159.23
  • 20.190.159.0
  • 20.190.159.71
  • 40.126.31.129
  • 20.190.159.130
  • 40.126.31.73
  • 20.190.159.4
whitelisted
fs.microsoft.com
  • 104.103.102.195
whitelisted
unpkg.com
  • 104.18.0.22
  • 104.18.1.22
whitelisted
maps.google.com
  • 142.251.208.14
whitelisted

Threats

PID
Process
Class
Message
7028
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Global content delivery network (unpkg .com)
7028
msedge.exe
A Network Trojan was detected
ET MALWARE TA569 Middleware Server Domain in DNS Lookup (simplecopseholding .com)
2180
svchost.exe
A Network Trojan was detected
ET MALWARE TA569 Middleware Server Domain in DNS Lookup (simplecopseholding .com)
7028
msedge.exe
A Network Trojan was detected
ET MALWARE TA569 Middleware Server Domain in DNS Lookup (simplecopseholding .com)
7028
msedge.exe
A Network Trojan was detected
ET MALWARE TA569 Middleware Server Domain in DNS Lookup (simplecopseholding .com)
7028
msedge.exe
A Network Trojan was detected
ET MALWARE TA569 Middleware Server Domain in DNS Lookup (simplecopseholding .com)
Misc activity
SUSPICIOUS [ANY.RUN] JavaScript Obfuscation (ParseInt)
7028
msedge.exe
A Network Trojan was detected
ET MALWARE TA569 Middleware Server Domain in DNS Lookup (simplecopseholding .com)
7028
msedge.exe
A Network Trojan was detected
ET MALWARE TA569 Middleware Server Domain in DNS Lookup (simplecopseholding .com)
2180
svchost.exe
A Network Trojan was detected
ET MALWARE TA569 Middleware Server Domain in DNS Lookup (simplecopseholding .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
propiski.com