URL:

https://apxsoftwares.com/download-setup/

Full analysis: https://app.any.run/tasks/7f985d98-116e-42d6-9a87-153693cd4412
Verdict: Malicious activity
Threats:

HijackLoader is a modular malware acting as a vehicle for distributing different types of malicious software on compromised systems. It gained prominence during the summer of 2023 and has since been used in multiple attacks against organizations from various sectors, including hospitality businesses.

Malware Trends Tracker     >>>
Analysis date: April 21, 2025, 15:53:23
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
stealer
arch-doc
lumma
hijackloader
loader
delphi
inno
installer
crypto-regex
Indicators:
MD5:

652ADF1B3F1F5652EB0BFBC39D2E6C64

SHA1:

7122808A315728F0E14A66CA67010C0042AA275D

SHA256:

0A72EB180F8F688805B09A99A7855033E64328F3C87FCF55668F85E5DC821E1E

SSDEEP:

3:N8SRR3XGWKJWARQVK:2S33WNYARAK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Stealers network behavior

      • msedge.exe (PID: 7536)

    • HIJACKLOADER has been detected (YARA)

      • Setup.exe (PID: 4736)
      • Setup.exe (PID: 3124)

    • Executing a file with an untrusted certificate

      • SynapseOptimi86.exe (PID: 232)
      • SynapseOptimi86.exe (PID: 7012)

    • Actions looks like stealing of personal data

      • SynapseOptimi86.exe (PID: 232)
      • SynapseOptimi86.exe (PID: 232)
      • SynapseOptimi86.exe (PID: 7012)
      • SynapseOptimi86.exe (PID: 7012)

    • Steals credentials from Web Browsers

      • SynapseOptimi86.exe (PID: 232)
      • SynapseOptimi86.exe (PID: 7012)

    • Changes the autorun value in the registry

      • reg.exe (PID: 5988)

    • LUMMA mutex has been found

      • SynapseOptimi86.exe (PID: 7012)
      • SynapseOptimi86.exe (PID: 232)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 5452)
      • WinRAR.exe (PID: 7196)
      • WinRAR.exe (PID: 1272)

    • Application launched itself

      • WinRAR.exe (PID: 5452)
      • WinRAR.exe (PID: 7196)

    • The process creates files with name similar to system file names

      • WinRAR.exe (PID: 1272)

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 1272)
      • Setup.exe (PID: 4736)

    • Executable content was dropped or overwritten

      • Setup.exe (PID: 4736)
      • SynapseOptimi86.exe (PID: 232)
      • PZ03VVKR0ZBVDDT5I79OTKUAXOVLB.exe (PID: 4012)
      • SynapseOptimi86.exe (PID: 7012)

    • The process drops C-runtime libraries

      • Setup.exe (PID: 4736)

    • Found regular expressions for crypto-addresses (YARA)

      • PZ03VVKR0ZBVDDT5I79OTKUAXOVLB.exe (PID: 4012)

    • Searches for installed software

      • SynapseOptimi86.exe (PID: 232)
      • SynapseOptimi86.exe (PID: 7012)

    • Starts CMD.EXE for commands execution

      • PZ03VVKR0ZBVDDT5I79OTKUAXOVLB.exe (PID: 4012)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 5744)

    • Connects to unusual port

      • PZ03VVKR0ZBVDDT5I79OTKUAXOVLB.exe (PID: 4012)

    • Connects to the server without a host name

      • PZ03VVKR0ZBVDDT5I79OTKUAXOVLB.exe (PID: 4012)

  • INFO

    • Checks supported languages

      • identity_helper.exe (PID: 5176)
      • Setup.exe (PID: 4736)
      • SynapseOptimi86.exe (PID: 232)
      • Setup.exe (PID: 4976)
      • PZ03VVKR0ZBVDDT5I79OTKUAXOVLB.exe (PID: 4012)
      • Setup.exe (PID: 3124)
      • SynapseOptimi86.exe (PID: 7012)
      • IM3VPEWKFGVHM3O8LQA66Z4F04AFI8.exe (PID: 5228)

    • Reads Microsoft Office registry keys

      • WinRAR.exe (PID: 5452)
      • msedge.exe (PID: 7264)

    • Reads Environment values

      • identity_helper.exe (PID: 5176)

    • Reads the software policy settings

      • slui.exe (PID: 1180)
      • slui.exe (PID: 6384)
      • SynapseOptimi86.exe (PID: 232)
      • PZ03VVKR0ZBVDDT5I79OTKUAXOVLB.exe (PID: 4012)
      • SynapseOptimi86.exe (PID: 7012)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1272)
      • msedge.exe (PID: 7188)

    • Application launched itself

      • msedge.exe (PID: 7264)

    • The sample compiled with chinese language support

      • WinRAR.exe (PID: 1272)
      • Setup.exe (PID: 4736)

    • Reads the computer name

      • Setup.exe (PID: 4736)
      • identity_helper.exe (PID: 5176)
      • SynapseOptimi86.exe (PID: 232)
      • PZ03VVKR0ZBVDDT5I79OTKUAXOVLB.exe (PID: 4012)
      • Setup.exe (PID: 3124)
      • SynapseOptimi86.exe (PID: 7012)

    • The sample compiled with english language support

      • WinRAR.exe (PID: 1272)
      • Setup.exe (PID: 4736)
      • msedge.exe (PID: 7188)

    • Creates files in the program directory

      • Setup.exe (PID: 4736)
      • PZ03VVKR0ZBVDDT5I79OTKUAXOVLB.exe (PID: 4012)

    • Create files in a temporary directory

      • Setup.exe (PID: 4736)
      • SynapseOptimi86.exe (PID: 232)
      • Setup.exe (PID: 3124)
      • SynapseOptimi86.exe (PID: 7012)

    • Manual execution by a user

      • Setup.exe (PID: 4976)
      • Setup.exe (PID: 3124)
      • Taskmgr.exe (PID: 664)
      • Taskmgr.exe (PID: 6708)

    • Checks proxy server information

      • slui.exe (PID: 6384)

    • Compiled with Borland Delphi (YARA)

      • PZ03VVKR0ZBVDDT5I79OTKUAXOVLB.exe (PID: 4012)

    • Detects InnoSetup installer (YARA)

      • PZ03VVKR0ZBVDDT5I79OTKUAXOVLB.exe (PID: 4012)

    • Drops encrypted JS script (Microsoft Script Encoder)

      • PZ03VVKR0ZBVDDT5I79OTKUAXOVLB.exe (PID: 4012)

    • Reads security settings of Internet Explorer

      • Taskmgr.exe (PID: 6708)

    • Creates files or folders in the user directory

      • Setup.exe (PID: 4736)

    • Reads the machine GUID from the registry

      • PZ03VVKR0ZBVDDT5I79OTKUAXOVLB.exe (PID: 4012)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
230
Monitored processes
85
Malicious processes
10
Suspicious processes
1

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs sppextcomobj.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe no specs msedge.exe no specs msedge.exe no specs slui.exe winrar.exe no specs msedge.exe no specs mspaint.exe no specs msedge.exe no specs winrar.exe msedge.exe no specs msedge.exe no specs #HIJACKLOADER setup.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs #LUMMA synapseoptimi86.exe msedge.exe no specs setup.exe no specs svchost.exe pz03vvkr0zbvddt5i79otkuaxovlb.exe msedge.exe no specs cmd.exe no specs conhost.exe no specs reg.exe msedge.exe no specs msedge.exe no specs #HIJACKLOADER setup.exe no specs msedge.exe no specs taskmgr.exe no specs taskmgr.exe #LUMMA synapseoptimi86.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs im3vpewkfgvhm3o8lqa66z4f04afi8.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
232C:\Users\admin\AppData\Local\SynapseOptimi86.exeC:\Users\admin\AppData\Local\SynapseOptimi86.exe
Setup.exe
User:
admin
Company:
Famatech Corp.
Integrity Level:
MEDIUM
Description:
Radmin Viewer
Exit code:
0
Version:
3, 5, 2, 0
Modules
Images
c:\users\admin\appdata\local\synapseoptimi86.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\shell32.dll
c:\windows\syswow64\msvcp_win.dll
236"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=8092 --field-trial-handle=2332,i,12540262988663053946,14881693428766235836,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
664"C:\WINDOWS\system32\taskmgr.exe" /4C:\Windows\System32\Taskmgr.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Task Manager
Exit code:
3221226540
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\taskmgr.exe
c:\windows\system32\ntdll.dll
736"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=8440 --field-trial-handle=2332,i,12540262988663053946,14881693428766235836,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
864"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=7520 --field-trial-handle=2332,i,12540262988663053946,14881693428766235836,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
896"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4424 --field-trial-handle=2332,i,12540262988663053946,14881693428766235836,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1012"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6648 --field-trial-handle=2332,i,12540262988663053946,14881693428766235836,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1180"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1272"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Rar$DIb5452.20817\ƓƐŤ ๓คiຖ Şētนp.zip"C:\Program Files\WinRAR\WinRAR.exe
WinRAR.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1512"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=4620 --field-trial-handle=2332,i,12540262988663053946,14881693428766235836,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
21 950
Read events
21 814
Write events
121
Delete events
15

Modification events

(PID) Process:(7264) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(7264) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(7264) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(7264) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(7264) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
81A51027E2912F00
(PID) Process:(7264) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
91FB1827E2912F00
(PID) Process:(7264) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328310
Operation:writeName:WindowTabManagerFileMappingId
Value:
{88F882CE-0E9C-42AB-B7C8-46EBE3E7BA73}
(PID) Process:(7264) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328310
Operation:writeName:WindowTabManagerFileMappingId
Value:
{CF65884D-B2C0-40BE-B9F7-77C09F11C0C5}
(PID) Process:(7264) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
44606427E2912F00
(PID) Process:(7264) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\Commands\on-logon-autolaunch
Operation:writeName:Enabled
Value:
0
Executable files
79
Suspicious files
902
Text files
326
Unknown types
1

Dropped files

PID
Process
Filename
Type
7264msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF10b5e4.TMP
MD5:
SHA256:
7264msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
7264msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF10b5f4.TMP
MD5:
SHA256:
7264msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
7264msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF10b5f4.TMP
MD5:
SHA256:
7264msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
7264msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF10b603.TMP
MD5:
SHA256:
7264msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF10b603.TMP
MD5:
SHA256:
7264msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
7264msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
60
TCP/UDP connections
191
DNS requests
174
Threats
36

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2568
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
2656
RUXIMICS.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6544
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6584
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1745625039&P2=404&P3=2&P4=Gw1zB2h8OsuOxDF4GeK2Eo9yFaF75F3qhDgkXrdVXvh7M4bw4why55eNkW3b05v8j1fDwOqSQFl0Xt4MNVXHpg%3d%3d
unknown
whitelisted
6584
svchost.exe
HEAD
200
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1745625039&P2=404&P3=2&P4=Gw1zB2h8OsuOxDF4GeK2Eo9yFaF75F3qhDgkXrdVXvh7M4bw4why55eNkW3b05v8j1fDwOqSQFl0Xt4MNVXHpg%3d%3d
unknown
whitelisted
6584
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1745625039&P2=404&P3=2&P4=Gw1zB2h8OsuOxDF4GeK2Eo9yFaF75F3qhDgkXrdVXvh7M4bw4why55eNkW3b05v8j1fDwOqSQFl0Xt4MNVXHpg%3d%3d
unknown
whitelisted
6584
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d0729495-2185-4a92-a46f-fde358fd775c?P1=1745625039&P2=404&P3=2&P4=UiaWCpvG8xsjixhGvkvtKiebfVMpSYDGZznH7pip1oSgU%2fWgFJHr54d0l5hfAfiKvegBnOF5M%2bNT1JsS4Rahvw%3d%3d
unknown
whitelisted
6584
svchost.exe
GET
206
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1745625039&P2=404&P3=2&P4=Gw1zB2h8OsuOxDF4GeK2Eo9yFaF75F3qhDgkXrdVXvh7M4bw4why55eNkW3b05v8j1fDwOqSQFl0Xt4MNVXHpg%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5496
MoUsoCoreWorker.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2656
RUXIMICS.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2104
svchost.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5496
MoUsoCoreWorker.exe
2.16.241.12:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2656
RUXIMICS.exe
2.16.241.12:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2656
RUXIMICS.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
5496
MoUsoCoreWorker.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
7264
msedge.exe
239.255.255.250:1900
whitelisted

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 2.16.241.12
  • 2.16.241.19
whitelisted
google.com
  • 142.250.184.206
whitelisted
www.microsoft.com
  • 95.101.149.131
  • 3.33.196.84
  • 15.197.198.189
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
apxsoftwares.com
  • 185.216.143.48
unknown
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.253.45
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted
bzib.nelreports.net
  • 2.16.168.113
  • 2.16.168.107
whitelisted
www.bing.com
  • 2.19.96.88
  • 2.19.96.67
  • 2.19.96.66
  • 2.19.96.72
  • 2.19.96.98
  • 2.19.96.59
  • 2.19.96.97
  • 2.19.96.65
  • 2.19.96.75
  • 2.23.227.208
  • 2.23.227.215
whitelisted

Threats

PID
Process
Class
Message
7536
msedge.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
7536
msedge.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
7536
msedge.exe
A Network Trojan was detected
STEALER [ANY.RUN] Domain has been identified as part of Lumma Stealer's infrastructure (setsuge .icu)
7536
msedge.exe
A Network Trojan was detected
STEALER [ANY.RUN] Domain has been identified as part of Lumma Stealer's infrastructure (setsuge .icu)
7536
msedge.exe
Potentially Bad Traffic
ET INFO DNS Query for Suspicious .icu Domain
7536
msedge.exe
A Network Trojan was detected
STEALER [ANY.RUN] Domain has been identified as part of Lumma Stealer's infrastructure (setsuge .icu)
7536
msedge.exe
A Network Trojan was detected
STEALER [ANY.RUN] Domain has been identified as part of Lumma Stealer's infrastructure (setsuge .icu)
7536
msedge.exe
Potentially Bad Traffic
ET INFO Suspicious Domain (*.icu) in TLS SNI
7536
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
7536
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://apxsoftwares.com/download-setup/