| URL: | https://www.affirm.com |
| Full analysis: | https://app.any.run/tasks/128185d1-02a0-4c2a-98c5-a5d8ac5e6bd0 |
| Verdict: | Malicious activity |
| Analysis date: | April 23, 2026, 21:14:21 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Tags: | |
| MD5: | F058034F175AE9D525172612C1A59D9F |
| SHA1: | A4A90400C7E745B38A4275008E3F308DDFC21F90 |
| SHA256: | 02F01FCE7EF8F3889C70E9E14E5F1DB52ACC93BA4144C91247F643F08C838272 |
| SSDEEP: | 3:N8DSLBMIn:2OLBJ |
MALICIOUS
No malicious indicators.SUSPICIOUS
No suspicious indicators.INFO
No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
179
Monitored processes
1
Malicious processes
0
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 7028 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --webtransport-developer-mode --string-annotations --always-read-main-dll --field-trial-handle=2256,i,13378875761215938322,9620771509043916482,262144 --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:3 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | msedge.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Version: 133.0.3065.92 Modules
| |||||||||||||||
Total events
0
Read events
0
Write events
0
Delete events
0
Modification events
Executable files
28
Suspicious files
240
Text files
90
Unknown types
12
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b5 | text | |
MD5:1EAA4D3C94700300BE5F70C55132EFD3 | SHA256:E75796DF13110AEFDBF98D78E2E2243B81C0A68D49709375F2A9E2E23901ED63 | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bc | compressed | |
MD5:EAFA84C42C5CB7FE96F714BDB220BB38 | SHA256:CDF7CB82F1482472B74359403AA5F9A31A7620F671A15FF6E920FD4B5218B6BC | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b9 | binary | |
MD5:44839BC6412F351B2300F816D5ACEC54 | SHA256:48C24526436D443DE5808AA299002A617FF6564C3DF91D88C6F8B217783E4F00 | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000be | binary | |
MD5:407A033ECB8AF11A4A9C53B1070C6E39 | SHA256:E6DBF3624E4459B92490C0EC5930D326989D5FB00C3120C80F3C866AA9BB10F3 | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b8 | text | |
MD5:34135C09CBF6258C636D8D439088570E | SHA256:F4953C024B3DE41FB478C8F75419C952E2A6513C3D714F7AF64C3729DB69F925 | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bb | compressed | |
MD5:53CF5043D6CCBB8D6F7920D2D0106B53 | SHA256:F9DC9FB3CB5FB59F05A3B3DB28506C8DA1836CF6C51679E9C5C2DB6876AC5D70 | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b7 | binary | |
MD5:F82A8600629DB1E22344E49D1C41F4D9 | SHA256:3B5BC5AABCAC8DB482DF6EEEAFCAFCACDE4614472322834E2A4ADDA89CAACFA8 | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c3 | binary | |
MD5:D0BADD4DD4BBF0C258558521CB6489CF | SHA256:99301A72D4A1A1B219786581DE4A33ADF1A0EDDDC8C36616A5D99793298040B5 | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c6 | binary | |
MD5:3C344B9FC3546AAB777F0D040526FDDB | SHA256:D9BC8FA2367E6C236A28D93392D8813BEE460F496CE8646DF44B111CA8904244 | |||
| 7028 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c7 | compressed | |
MD5:F3AD19FDBD15A27B32A4D25E49CC266E | SHA256:3A657EDDEC2905CE29950E37A3CC78C6839AFC858FE26A89490A1502BE032D13 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1 841
TCP/UDP connections
839
DNS requests
715
Threats
45
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
7196 | RUXIMICS.exe | GET | 304 | 4.231.128.59:443 | https://settings-win.data.microsoft.com/settings/v3.0/WSD/RUXIM?os=Windows&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3623&OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&FlightRing=Retail&AttrDataVer=188&App=RUXIM&AppVer=&DeviceFamily=Windows.Desktop | US | — | — | whitelisted |
5336 | MoUsoCoreWorker.exe | GET | 304 | 4.231.128.59:443 | https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3593&FlightIds=&UpdateOfferedDays=344&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%206%20Model%2014%20Stepping%203&sku=48&ActivationChannel=Retail&AttrDataVer=188&IsMDMEnrolled=0&ProcessorCores=4&ProcessorModel=Intel%28R%29%20Core%28TM%29%20i5-6400%20CPU%20%40%202.70GHz&TotalPhysicalRAM=4096&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260246&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30 | US | — | — | whitelisted |
7028 | msedge.exe | GET | 200 | 23.36.162.71:443 | https://www.bing.com/bloomfilterfiles/ExpandedDomainsFilterGlobal.json | NL | text | 665 Kb | whitelisted |
7196 | RUXIMICS.exe | GET | 200 | 23.48.23.147:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | NL | binary | 825 b | whitelisted |
7028 | msedge.exe | GET | 200 | 13.33.187.25:443 | https://images.ctfassets.net/4rc1asww3mw7/12w7jdl0M43WqtLY7eFx3U/d70a2b87ecac8188f884d7c62d88a3b9/affirm-icon.png | US | image | 1.55 Kb | unknown |
5208 | svchost.exe | GET | 200 | 23.48.23.147:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | NL | binary | 825 b | whitelisted |
7196 | RUXIMICS.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | US | binary | 814 b | whitelisted |
5336 | MoUsoCoreWorker.exe | GET | 200 | 23.48.23.147:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | NL | binary | 825 b | whitelisted |
7028 | msedge.exe | GET | 200 | 162.159.140.33:443 | https://cdn1.affirm.com/assets/trackjs/8.0.0/master/tracker-d778a9f6ebb704f8330b.js | unknown | text | 55.1 Kb | unknown |
7028 | msedge.exe | GET | 200 | 13.33.187.25:443 | https://images.ctfassets.net/4rc1asww3mw7/7zKayP4me415IftI9j7QeS/953d7d9ed70cab3d57aee1223af2876a/StarIcon.svg | US | image | 2.91 Kb | unknown |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
7196 | RUXIMICS.exe | 4.231.128.59:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
5336 | MoUsoCoreWorker.exe | 4.231.128.59:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
5208 | svchost.exe | 4.231.128.59:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
— | — | 224.0.0.251:5353 | — | — | — | whitelisted |
7028 | msedge.exe | 88.221.197.178:443 | www.bing.com | AKAMAI-ASN1 | NL | whitelisted |
7028 | msedge.exe | 172.66.0.33:443 | www.affirm.com | CLOUDFLARENET | US | whitelisted |
5208 | svchost.exe | 23.48.23.147:80 | crl.microsoft.com | AKAMAI-ASN1 | NL | whitelisted |
7028 | msedge.exe | 13.33.187.16:443 | images.ctfassets.net | AMAZON-02 | US | whitelisted |
7196 | RUXIMICS.exe | 23.48.23.147:80 | crl.microsoft.com | AKAMAI-ASN1 | NL | whitelisted |
5336 | MoUsoCoreWorker.exe | 23.48.23.147:80 | crl.microsoft.com | AKAMAI-ASN1 | NL | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
google.com |
| whitelisted |
www.bing.com |
| whitelisted |
www.affirm.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
cdn1.affirm.com |
| whitelisted |
images.ctfassets.net |
| whitelisted |
www.microsoft.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
static.cloudflareinsights.com |
| whitelisted |
www.googletagmanager.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
5208 | svchost.exe | Unknown Traffic | ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW) |
7028 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com) |
7028 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com) |
7028 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com) |
7028 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net) |
7028 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net) |
7028 | msedge.exe | Device Retrieving External IP Address Detected | ET INFO External IP Lookup Domain (ipapi .co in DNS lookup) |
7028 | msedge.exe | Device Retrieving External IP Address Detected | ET INFO External IP Lookup Domain (ipapi .co in DNS lookup) |
7028 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare Network Error Logging (NEL) |
7028 | msedge.exe | Not Suspicious Traffic | INFO [ANY.RUN] Cloudflare Network Error Logging (NEL) |