Malware analysis https://www.jb51.net/softs/57857.html Malicious activity

Add for printing

URL:	https://www.jb51.net/softs/57857.html
Full analysis:	https://app.any.run/tasks/f52bc0bc-cd41-468f-97a7-7032fda33649
Verdict:	Malicious activity
Threats:	A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. Malware Trends Tracker >>>
Analysis date:	April 19, 2025, 22:33:36
OS:	Windows 10 Professional (build: 19044, 64 bit)
Tags:	qrcode loader
Indicators:
MD5:	B61E7D498A7EAA5856FB6221F397A076
SHA1:	1417BF3EE6D29548C3ECC38EA09077E0EBD6CA06
SHA256:	44FA2A872E727EFB952A6B087326D7E17C0C5056D4D829715A97B67B5CB05349
SSDEEP:	3:N8DSL/B/0KNj9QJn:2OL5/5e

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (122.0.6261.70)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (122.0.2365.59)
Microsoft Edge Update (1.3.185.17)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (123.0)
Mozilla Maintenance Service (123.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Skype version 8.104 (8.104)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
- Adds/modifies Windows certificates
  - Windows Loaderwin7破解激活工具 v222 绿色版支持windows 2008_44166929270.exe (PID: 5984)
- Reads security settings of Internet Explorer
  - Windows Loaderwin7破解激活工具 v222 绿色版支持windows 2008_44166929270.exe (PID: 5984)
- Searches for installed software
  - Windows Loaderwin7破解激活工具 v222 绿色版支持windows 2008_44166929270.exe (PID: 5984)
- Process requests binary or script from the Internet
  - Windows Loaderwin7破解激活工具 v222 绿色版支持windows 2008_44166929270.exe (PID: 5984)
- Potential Corporate Privacy Violation
  - Windows Loaderwin7破解激活工具 v222 绿色版支持windows 2008_44166929270.exe (PID: 5984)
- There is functionality for taking screenshot (YARA)
  - Windows Loaderwin7破解激活工具 v222 绿色版支持windows 2008_44166929270.exe (PID: 5984)
INFO
- Application launched itself
  - msedge.exe (PID: 1532)
- Checks supported languages
  - identity_helper.exe (PID: 8136)
  - Windows Loaderwin7破解激活工具 v222 绿色版支持windows 2008_44166929270.exe (PID: 5984)
- Reads Environment values
  - identity_helper.exe (PID: 8136)
- Executable content was dropped or overwritten
  - msedge.exe (PID: 7356)
  - msedge.exe (PID: 1532)
  - msedge.exe (PID: 3884)
- Reads the computer name
  - Windows Loaderwin7破解激活工具 v222 绿色版支持windows 2008_44166929270.exe (PID: 5984)
  - identity_helper.exe (PID: 8136)
- The sample compiled with english language support
  - msedge.exe (PID: 1532)
  - msedge.exe (PID: 7356)
  - msedge.exe (PID: 3884)
- Reads the machine GUID from the registry
  - Windows Loaderwin7破解激活工具 v222 绿色版支持windows 2008_44166929270.exe (PID: 5984)
- Reads the software policy settings
  - Windows Loaderwin7破解激活工具 v222 绿色版支持windows 2008_44166929270.exe (PID: 5984)
  - slui.exe (PID: 1300)
  - slui.exe (PID: 664)
- Checks proxy server information
  - Windows Loaderwin7破解激活工具 v222 绿色版支持windows 2008_44166929270.exe (PID: 5984)
  - slui.exe (PID: 664)
- Creates files or folders in the user directory
  - Windows Loaderwin7破解激活工具 v222 绿色版支持windows 2008_44166929270.exe (PID: 5984)
- Creates files in the program directory
  - Windows Loaderwin7破解激活工具 v222 绿色版支持windows 2008_44166929270.exe (PID: 5984)
- Create files in a temporary directory
  - Windows Loaderwin7破解激活工具 v222 绿色版支持windows 2008_44166929270.exe (PID: 5984)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

191

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

664

C:\WINDOWS\System32\slui.exe -Embedding

C:\Windows\System32\slui.exe

svchost.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Activation Client

Exit code:

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll

732

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7808 --field-trial-handle=2404,i,6802473277463104522,1063497336921618874,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

736

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=896 --field-trial-handle=2404,i,6802473277463104522,1063497336921618874,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

872

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=6308 --field-trial-handle=2404,i,6802473277463104522,1063497336921618874,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1300

"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEvent

C:\Windows\System32\slui.exe

SppExtComObj.Exe

User:

NETWORK SERVICE

Company:

Microsoft Corporation

Integrity Level:

SYSTEM

Description:

Windows Activation Client

Exit code:

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll

1452

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5440 --field-trial-handle=2404,i,6802473277463104522,1063497336921618874,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1532

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.jb51.net/softs/57857.html"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1568

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3708 --field-trial-handle=2404,i,6802473277463104522,1063497336921618874,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1660

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6788 --field-trial-handle=2404,i,6802473277463104522,1063497336921618874,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

2088

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6700 --field-trial-handle=2404,i,6802473277463104522,1063497336921618874,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

Add for printing

Total events

13 069

Read events

12 997

Write events

Delete events

Modification events


(PID) Process:	(1532) msedge.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:	write	Name:	failed_count
Value: 0
(PID) Process:	(1532) msedge.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:	write	Name:	state
Value: 2
(PID) Process:	(1532) msedge.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:	write	Name:	state
Value: 1
(PID) Process:	(1532) msedge.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:	write	Name:	user_experience_metrics.stability.exited_cleanly
Value: 0
(PID) Process:	(1532) msedge.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:	write	Name:	S-1-5-21-1693682860-607145093-2874071422-1001
Value: 817F9F82BF912F00
(PID) Process:	(1532) msedge.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\524976
Operation:	write	Name:	WindowTabManagerFileMappingId
Value: {EEC12DE0-8A8A-45A0-A7F9-A5AE28609D54}
(PID) Process:	(1532) msedge.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\524976
Operation:	write	Name:	WindowTabManagerFileMappingId
Value: {5599204F-C01B-4C91-B04F-D3934311F10D}
(PID) Process:	(1532) msedge.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\524976
Operation:	write	Name:	WindowTabManagerFileMappingId
Value: {269022C6-3A5C-4A34-AD8B-26A014961254}
(PID) Process:	(1532) msedge.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\524976
Operation:	write	Name:	WindowTabManagerFileMappingId
Value: {5E44B476-4515-46FE-85BF-8F5C8A15B207}
(PID) Process:	(1532) msedge.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:	write	Name:	S-1-5-21-1693682860-607145093-2874071422-1001
Value: F171AA82BF912F00

Add for printing

Executable files

Suspicious files

312

Text files

119

Unknown types

Dropped files

PID	Process	Filename		Type
1532	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF10bcba.TMP		—
		MD5:—	SHA256:—
1532	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF10bcba.TMP		—
		MD5:—	SHA256:—
1532	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old		—
		MD5:—	SHA256:—
1532	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF10bcd9.TMP		—
		MD5:—	SHA256:—
1532	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF10bce9.TMP		—
		MD5:—	SHA256:—
1532	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old		—
		MD5:—	SHA256:—
1532	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old		—
		MD5:—	SHA256:—
1532	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old		—
		MD5:—	SHA256:—
1532	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF10bcf9.TMP		—
		MD5:—	SHA256:—
1532	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old		—
		MD5:—	SHA256:—

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

267

DNS requests

183

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
6544	svchost.exe	GET	200	184.30.131.245:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	unknown	—	—	whitelisted
—	—	GET	200	2.16.241.12:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
5984	Windows Loaderwin7破解激活工具 v222 绿色版支持windows 2008_44166929270.exe	GET	200	47.117.70.170:80	http://s.ludashi.com/url2?pid=buysite_16&type=xzq&action=run&appver=6.1023.1185.719&modver=6.1023.1185.719&mid=80342cb959da2233832ae840f019ccba&ex_ary[siteid]=16&ex_ary[softid]=57857&ex_ary[os]=10.0.19045&ex_ary[sr]=0&ex_ary[bit]=1&ex_ary[tagid]=	unknown	—	—	whitelisted
7616	SIHClient.exe	GET	200	184.30.21.171:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl	unknown	—	—	whitelisted
7616	SIHClient.exe	GET	200	184.30.21.171:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl	unknown	—	—	whitelisted
5984	Windows Loaderwin7破解激活工具 v222 绿色版支持windows 2008_44166929270.exe	GET	200	47.117.70.170:80	http://s.ludashi.com/url2?pid=buysite_16&type=xzq&action=down_start&appver=6.1023.1185.719&modver=6.1023.1185.719&mid=80342cb959da2233832ae840f019ccba&ex_ary[method]=thunder&ex_ary[siteid]=16&ex_ary[softid]=57857&ex_ary[os]=10.0.19045&ex_ary[sr]=0&ex_ary[bit]=1&ex_ary[tagid]=	unknown	—	—	whitelisted
5984	Windows Loaderwin7破解激活工具 v222 绿色版支持windows 2008_44166929270.exe	GET	200	47.117.70.170:80	http://s.ludashi.com/url2?pid=buysite_16&type=xzq&action=ldsdownstart&appver=6.1023.1185.719&modver=6.1023.1185.719&mid=80342cb959da2233832ae840f019ccba&ex_ary[siteid]=16&ex_ary[softid]=57857&ex_ary[os]=10.0.19045&ex_ary[sr]=0&ex_ary[bit]=1&ex_ary[tagid]=	unknown	—	—	whitelisted
5984	Windows Loaderwin7破解激活工具 v222 绿色版支持windows 2008_44166929270.exe	GET	—	183.204.210.219:80	http://cdn-pc-thunder.ludashi.com/inst_pkgs/ludashi/6.1025.4135.115/ludashi_mini_buy.dll?xy_rid=zYS02LI46gebOF	unknown	—	—	whitelisted
2240	svchost.exe	HEAD	200	208.89.74.21:80	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bf8090eb-6e5c-4c51-9250-5bf9b46cf160?P1=1745625033&P2=404&P3=2&P4=AcrtHjvNTUzH%2bhJrOpGrMqvSS2ydy84HYeqUo2OeOzeC0PSYDjoXYe3Ue3KoDEF1%2foDts4%2bqKEpEwZQC2JRl4g%3d%3d	unknown	—	—	whitelisted
5984	Windows Loaderwin7破解激活工具 v222 绿色版支持windows 2008_44166929270.exe	GET	200	49.4.55.6:80	http://softmgr-cfg.ludashi.com/inst/get3	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
2104	svchost.exe	4.231.128.59:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
—	—	4.231.128.59:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
—	—	2.16.241.12:80	crl.microsoft.com	Akamai International B.V.	DE	whitelisted
7356	msedge.exe	13.107.42.16:443	config.edge.skype.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
1532	msedge.exe	239.255.255.250:1900	—	—	—	whitelisted
7356	msedge.exe	150.171.28.11:443	edge.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
7356	msedge.exe	13.107.246.45:443	edge-mobile-static.azureedge.net	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
7356	msedge.exe	13.107.6.158:443	business.bing.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
7356	msedge.exe	2.22.242.11:443	bzib.nelreports.net	Akamai International B.V.	DE	whitelisted

DNS requests

Domain	IP	Reputation
crl.microsoft.com	2.16.241.12 2.16.241.19	whitelisted
google.com	172.217.18.14	whitelisted
config.edge.skype.com	13.107.42.16	whitelisted
www.jb51.net	217.114.47.192 217.114.47.195 94.154.114.212 94.154.114.214 194.147.99.181	whitelisted
edge.microsoft.com	150.171.28.11 150.171.27.11	whitelisted
business.bing.com	13.107.6.158	whitelisted
edge-mobile-static.azureedge.net	13.107.246.45	whitelisted
bzib.nelreports.net	2.22.242.11 2.22.242.105	whitelisted
icws.jb51.net	192.238.253.17 192.238.254.53 192.238.254.244 192.238.254.242 192.238.254.196 192.238.254.182 192.238.254.178 192.238.253.234	whitelisted
www.bing.com	2.19.96.129 2.19.96.66 2.19.96.83 2.19.96.128 104.126.37.131 104.126.37.130 104.126.37.139 104.126.37.128 104.126.37.129 104.126.37.136 104.126.37.145 104.126.37.176 104.126.37.154 2.16.204.148 2.16.204.161 2.16.204.135	whitelisted

Threats

PID	Process	Class	Message
5984	Windows Loaderwin7破解激活工具 v222 绿色版支持windows 2008_44166929270.exe	Potential Corporate Privacy Violation	ET INFO PE EXE or DLL Windows file download HTTP
7356	msedge.exe	Misc activity	ET INFO Tencent Cloud Storage Domain in DNS Lookup (myqcloud .com)
7356	msedge.exe	Misc activity	ET INFO Tencent Cloud Storage Domain in DNS Lookup (myqcloud .com)
7356	msedge.exe	Misc activity	ET INFO Observed Tencent Cloud Storage Domain (myqcloud .com in TLS SNI)
7356	msedge.exe	Misc activity	ET INFO Observed Tencent Cloud Storage Domain (myqcloud .com in TLS SNI)
7356	msedge.exe	Misc activity	ET INFO Tencent Cloud Storage Domain in DNS Lookup (myqcloud .com)
7356	msedge.exe	Misc activity	ET INFO Tencent Cloud Storage Domain in DNS Lookup (myqcloud .com)
7356	msedge.exe	Misc activity	ET INFO Observed Tencent Cloud Storage Domain (myqcloud .com in TLS SNI)
7356	msedge.exe	Misc activity	ET INFO Observed Tencent Cloud Storage Domain (myqcloud .com in TLS SNI)
7356	msedge.exe	Potentially Bad Traffic	ET DNS Query for .cc TLD

Add for printing

No debug info

General Info

https://www.jb51.net/softs/57857.html

B61E7D498A7EAA5856FB6221F397A076

1417BF3EE6D29548C3ECC38EA09077E0EBD6CA06

44FA2A872E727EFB952A6B087326D7E17C0C5056D4D829715A97B67B5CB05349

3:N8DSL/B/0KNj9QJn:2OL5/5e

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

Adds/modifies Windows certificates

Reads security settings of Internet Explorer

Searches for installed software

Process requests binary or script from the Internet

Potential Corporate Privacy Violation

There is functionality for taking screenshot (YARA)

INFO

Application launched itself

Checks supported languages

Reads Environment values

Executable content was dropped or overwritten

Reads the computer name

The sample compiled with english language support

Reads the machine GUID from the registry

Reads the software policy settings

Checks proxy server information

Creates files or folders in the user directory

Creates files in the program directory

Create files in a temporary directory

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings