File name:

CursorX.exe

Full analysis: https://app.any.run/tasks/6c626afa-1c83-40f2-8449-184c1cafd530
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: May 15, 2025, 16:21:49
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
golang
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, 12 sections
MD5:

4B51F21D39A339C9DABB9DB234D681AE

SHA1:

3CB48E8F393BB7CC6E046F6DDEC9DAABFF199BDB

SHA256:

01FB02022D30C7EE78617A0D8616F3C0A46D5F508D38CC75496EDBEB29B6CC9C

SSDEEP:

98304:8gSA2un/a8gQJDWyPT8SMAmi1DdaOh7FFtNm7fKVTwWAbLjHNcGv06ntiqbMd92t:UoI/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 4892)

    • The DLL Hijacking

      • msedgewebview2.exe (PID: 4736)

    • Scans artifacts that could help determine the target

      • msedgewebview2.exe (PID: 6652)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • CursorX.exe (PID: 5112)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5608)
      • MicrosoftEdge_X64_136.0.3240.64.exe (PID: 1660)
      • setup.exe (PID: 6960)
      • MicrosoftEdgeUpdate.exe (PID: 4892)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 5608)
      • MicrosoftEdgeUpdate.exe (PID: 4892)

    • Process drops legitimate windows executable

      • CursorX.exe (PID: 5112)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5608)
      • MicrosoftEdgeUpdate.exe (PID: 4892)
      • MicrosoftEdge_X64_136.0.3240.64.exe (PID: 1660)
      • setup.exe (PID: 6960)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 4892)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1244)
      • MicrosoftEdgeUpdate.exe (PID: 4152)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6708)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 672)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 4892)
      • MicrosoftEdgeUpdate.exe (PID: 3784)
      • msedgewebview2.exe (PID: 6652)

    • Application launched itself

      • setup.exe (PID: 6960)
      • msedgewebview2.exe (PID: 6652)
      • MicrosoftEdgeUpdate.exe (PID: 3784)

    • Creates a software uninstall entry

      • setup.exe (PID: 6960)

    • Searches for installed software

      • setup.exe (PID: 6960)

  • INFO

    • Reads Environment values

      • CursorX.exe (PID: 5112)
      • MicrosoftEdgeUpdate.exe (PID: 2108)
      • MicrosoftEdgeUpdate.exe (PID: 4528)
      • msedgewebview2.exe (PID: 6652)

    • Reads the machine GUID from the registry

      • CursorX.exe (PID: 5112)
      • MicrosoftEdgeUpdate.exe (PID: 3784)
      • msedgewebview2.exe (PID: 6652)

    • Checks supported languages

      • CursorX.exe (PID: 5112)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5608)
      • MicrosoftEdgeUpdate.exe (PID: 4892)
      • MicrosoftEdgeUpdate.exe (PID: 4152)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1244)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6708)
      • MicrosoftEdgeUpdate.exe (PID: 6644)
      • MicrosoftEdgeUpdate.exe (PID: 3784)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 672)
      • MicrosoftEdgeUpdate.exe (PID: 2108)
      • MicrosoftEdge_X64_136.0.3240.64.exe (PID: 1660)
      • setup.exe (PID: 2616)
      • setup.exe (PID: 6960)
      • MicrosoftEdgeUpdate.exe (PID: 4528)
      • msedgewebview2.exe (PID: 6652)
      • msedgewebview2.exe (PID: 4736)
      • msedgewebview2.exe (PID: 5740)
      • msedgewebview2.exe (PID: 2908)
      • msedgewebview2.exe (PID: 3272)
      • msedgewebview2.exe (PID: 2320)

    • Create files in a temporary directory

      • CursorX.exe (PID: 5112)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5608)
      • msedgewebview2.exe (PID: 6652)
      • MicrosoftEdgeUpdate.exe (PID: 4892)

    • Reads the computer name

      • CursorX.exe (PID: 5112)
      • MicrosoftEdgeUpdate.exe (PID: 4152)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1244)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6708)
      • MicrosoftEdgeUpdate.exe (PID: 2108)
      • MicrosoftEdgeUpdate.exe (PID: 6644)
      • MicrosoftEdgeUpdate.exe (PID: 3784)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 672)
      • MicrosoftEdge_X64_136.0.3240.64.exe (PID: 1660)
      • setup.exe (PID: 6960)
      • MicrosoftEdgeUpdate.exe (PID: 4528)
      • msedgewebview2.exe (PID: 6652)
      • msedgewebview2.exe (PID: 4736)
      • msedgewebview2.exe (PID: 5740)
      • MicrosoftEdgeUpdate.exe (PID: 4892)

    • Reads the software policy settings

      • CursorX.exe (PID: 5112)
      • MicrosoftEdgeUpdate.exe (PID: 2108)
      • slui.exe (PID: 1164)
      • MicrosoftEdgeUpdate.exe (PID: 3784)
      • MicrosoftEdgeUpdate.exe (PID: 4528)
      • slui.exe (PID: 7156)

    • The sample compiled with english language support

      • CursorX.exe (PID: 5112)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5608)
      • MicrosoftEdgeUpdate.exe (PID: 4892)
      • MicrosoftEdge_X64_136.0.3240.64.exe (PID: 1660)
      • setup.exe (PID: 6960)

    • Creates files or folders in the user directory

      • MicrosoftEdgeUpdate.exe (PID: 4892)
      • MicrosoftEdgeUpdate.exe (PID: 3784)
      • MicrosoftEdge_X64_136.0.3240.64.exe (PID: 1660)
      • setup.exe (PID: 2616)
      • setup.exe (PID: 6960)
      • msedgewebview2.exe (PID: 6652)
      • msedgewebview2.exe (PID: 2320)
      • msedgewebview2.exe (PID: 5740)

    • Detects GO elliptic curve encryption (YARA)

      • CursorX.exe (PID: 5112)

    • Checks proxy server information

      • MicrosoftEdgeUpdate.exe (PID: 2108)
      • MicrosoftEdgeUpdate.exe (PID: 3784)
      • MicrosoftEdgeUpdate.exe (PID: 4528)
      • msedgewebview2.exe (PID: 6652)
      • slui.exe (PID: 7156)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 4892)
      • setup.exe (PID: 6960)
      • msedgewebview2.exe (PID: 6652)
      • msedgewebview2.exe (PID: 3272)

    • Application based on Golang

      • CursorX.exe (PID: 5112)

    • Reads CPU info

      • msedgewebview2.exe (PID: 6652)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 0000:00:00 00:00:00
ImageFileCharacteristics: Executable, No line numbers, No symbols, Large address aware, No debug
PEType: PE32+
LinkerVersion: 2.41
CodeSize: 5432832
InitializedDataSize: 12008960
UninitializedDataSize: 330240
EntryPoint: 0x13d0
OSVersion: 6.1
ImageVersion: -
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 2.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: CursorX车票验证应用
CompanyName: CursorX
FileDescription: CursorX
LegalCopyright: Copyright 2025
ProductName: CursorX
ProductVersion: 2.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
157
Monitored processes
23
Malicious processes
7
Suspicious processes
2

Behavior graph

Click at the process to see the details
start cursorx.exe sppextcomobj.exe no specs slui.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe microsoftedge_x64_136.0.3240.64.exe setup.exe setup.exe no specs slui.exe microsoftedgeupdate.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
672"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.57\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.57\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.195.57
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.195.57\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1164"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1244"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.57\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.57\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.195.57
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.195.57\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1660"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{4264AF88-1276-444F-A57F-487757E802FE}\MicrosoftEdge_X64_136.0.3240.64.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --user-levelC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{4264AF88-1276-444F-A57F-487757E802FE}\MicrosoftEdge_X64_136.0.3240.64.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
136.0.3240.64
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{4264af88-1276-444f-a57f-487757e802fe}\microsoftedge_x64_136.0.3240.64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2108"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNTciIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNTciIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7MkU3RDRBNDQtMjMwRC00NDRBLTgzQzktMTg5NkI3ODlGQzExfSIgdXNlcmlkPSJ7QTI0M0RBODEtQUFBQi00QjNFLUJDMUYtNjI5MUU3RTZDRUU1fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0NEQjU1MzU5LTZEQkEtNDg4MC1BNzg1LUQ3N0I3QUI5NTU5MH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI0IiBwaHlzbWVtb3J5PSI0IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDUuNDA0NiIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJERUxMIiBwcm9kdWN0X25hbWU9IkRFTEwiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjU3IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5Nzg0NzM1NTA0IiBpbnN0YWxsX3RpbWVfbXM9IjE1NDciLz48L2FwcD48L3JlcXVlc3Q-C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.57
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
2320C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\136.0.3240.64\msedgewebview2.exe --type=crashpad-handler --user-data-dir=C:\Users\admin\AppData\Roaming\CursorX.exe\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\admin\AppData\Roaming\CursorX.exe\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=136.0.7103.93 --annotation=exe=C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\136.0.3240.64\msedgewebview2.exe --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=136.0.3240.64 --initial-client-data=0x1a0,0x1a4,0x1a8,0x17c,0x1b0,0x7ffc88957088,0x7ffc88957094,0x7ffc889570a0C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\136.0.3240.64\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
136.0.3240.64
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\136.0.3240.64\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\136.0.3240.64\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2616C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{4264AF88-1276-444F-A57F-487757E802FE}\EDGEMITMP_8CDD7.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=136.0.7103.93 --annotation=exe=C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{4264AF88-1276-444F-A57F-487757E802FE}\EDGEMITMP_8CDD7.tmp\setup.exe --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=136.0.3240.64 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff7b911f3e8,0x7ff7b911f3f4,0x7ff7b911f400C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{4264AF88-1276-444F-A57F-487757E802FE}\EDGEMITMP_8CDD7.tmp\setup.exesetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
136.0.3240.64
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{4264af88-1276-444f-a57f-487757e802fe}\edgemitmp_8cdd7.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
2908"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\136.0.3240.64\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Roaming\CursorX.exe\EBWebView" --webview-exe-name=CursorX.exe --webview-exe-version=2.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=1868,i,8121855413893484989,13581974185914366634,262144 --enable-features=ForceSWDCompWhenDCompFallbackRequired,msAggressiveCacheTrimming,msCustomDataPartition,msWebView2NoTabForScreenShare,msWindowsTaskManager --disable-features=BackForwardCache,BackgroundTabLoadingFromPerformanceManager,CloseOmniboxPopupOnInactiveAreaClick,CollectAVProductsInfo,CollectCodeIntegrityInfo,EnableHangWatcher,FilterAdsOnAbusiveSites,GetWifiProtocol,LoginDetection,MediaFoundationCameraUsageMonitoring,PreconnectToSearch,SafetyHub,SegmentationPlatform,SpareRendererForSitePerProcess,Ukm,WebPayments,msAITrackerClassification,msAbydosForWindowlessWV2,msAffirmVirtualCard,msAllowChromeWebstore,msAllowMSAPrtSSOForNonMSAProfile,msApplicationGuard,msAskBeforeClosingMultipleTabs,msAutoToggleAADPrtSSOForNonAADProfile,msAutofillEdgeCoupons,msAutofillEdgeCouponsAutoApply,msAutofillEdgeServiceRequest,msAutomaticTabFreeze,msBrowserSettingsSupported,msCoarseGeolocationService,msDataProtection,msDesktopMode,msDesktopRewards,msDisableVariationsSeedFetchThrottling,msEEProactiveHistory,msETFOffstoreExtensionFileDataCollection,msETFPasswordTheftDNRActionSignals,msEdgeAdPlatformUI,msEdgeAddWebCapturetoCollections,msEdgeAutofillAdvancedSuggestionsBasic,msEdgeAutofillOneClickAutocomplete,msEdgeAutofillSaveGSPR100InDb,msEdgeAutofillShowDeployedPassword,msEdgeAutofillSs,msEdgeBrowserEssentialsShowUpdateSection,msEdgeCloudConfigService,msEdgeCloudConfigServiceV2,msEdgeCohorts,msEdgeCollectionsPrismExperiment1,msEdgeCollectionsPrismOverallMigration,msEdgeComposeNext,msEdgeEnableNurturingFramework,msEdgeEnclavePrefsBasic,msEdgeEnclavePrefsNotification,msEdgeFaviconService,msEdgeHJTelemetry,msEdgeHubAppSkype,msEdgeImageEditorUI,msEdgeLinkDoctor,msEdgeMouseGestureDefaultEnabled,msEdgeMouseGestureSupported,msEdgeNewDeviceFre,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgePDFCMHighlightUX,msEdgePasswordIris,msEdgePasswordIrisSaveBubble,msEdgeProngPersonalization,msEdgeReadingView,msEdgeRose,msEdgeSendTabToSelf,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingPersistentStorage,msEdgeShoppingUI,msEdgeSmartFind,msEdgeSuperDragDefaultEnabled,msEdgeSuperDragDropSupported,msEdgeTipping,msEdgeTranslate,msEdgeUseCaptivePortalService,msEdgeWebContentFilteringFeedback,msEdgeWorkSearchBanner,msEnableCustomJobMemoryLimitsOnXbox,msEnableMIPForPDF,msEnablePdfUpsell,msEnableThirdPartyScanning,msEnableWebSignInCta,msEnableWebToBrowserSignIn,msEndpointDlp,msEntityExtraction,msExtensionTelemetryFramework,msExternalTaskManager,msFileSystemAccessDirectoryIterationBlocklistCheck,msForceBrowserSignIn,msForeignSessionsPage,msGeolocationAccessService,msGeolocationOSLocationPermissionFallback,msGeolocationSQMService,msGeolocationService,msGrowthInfraLaunchSourceLogging,msGuidedSwitchAllowed,msHubPinPersist,msImplicitSignin,msIrm,msIrmv2,msKlarnaVirtualCard,msLoadStatistics,msLogIsEdgePinnedToTaskbarOnLaunch,msMIPCrossTenantPdfViewSupport,msMdatpWebSiteDlp,msNotificationPermissionForPWA,msOnHoverSearchInSidebar,msOpenOfficeDocumentsInWebViewer,msPasswordBreachDetection,msPdfAnnotationsVisibility,msPdfDataRecovery,msPdfDigitalSignatureRead,msPdfFreeText,msPdfFreeTextForCJK,msPdfHighlightMode,msPdfInking,msPdfKeyphraseSupport,msPdfOOUI,msPdfPopupMarkerRenderer,msPdfShare,msPdfSharedLibrary,msPdfTextNote,msPdfTextNoteMoreMenu,msPdfThumbnailCache,msPdfUnderside,msPdfViewRestore,msPersonalizationUMA,msPriceComparison,msPromptDefaultHandlerForPDF,msReactiveSearch,msReadAloud,msReadAloudPdf,msRedirectToShoreline,msRevokeExtensions,msSaasDlp,msShoppingTrigger,msShorelineSearch,msShorelineSearchFindOnPageWebUI,msShowOfflineGameEntrance,msShowReadAloudIconInAddressBar,msShowUXForAADPrtSSOForNonAADProfile,msSmartScreenProtection,msSuspendMessageForNewSessionWhenHavingPendingNavigation,msSyncEdgeCollections,msTabResourceStats,msTokenizationAutofillInlineEnabled,msTouchMode,msTriggeringSignalGenerator,msUserUnderstanding,msVideoSuperResolutionUI,msWalletBuyNow,msWalletCheckout,msWalletDiagnosticDataLogger,msWalletHubEntry,msWalletHubIntlP3,msWalletPartialCard,msWalletPasswordCategorization,msWalletPasswordCategorizationPlatformExpansion,msWalletTokenizationCardMetadata,msWalletTokenizedAutofill,msWebAssist,msWebAssistHistorySearchService,msWebOOUI,msWindowsUserActivities,msZipPayVirtualCard --variations-seed-version --mojo-platform-channel-handle=2428 /prefetch:8C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\136.0.3240.64\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
136.0.3240.64
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\136.0.3240.64\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\136.0.3240.64\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3272"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\136.0.3240.64\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Roaming\CursorX.exe\EBWebView" --webview-exe-name=CursorX.exe --webview-exe-version=2.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=1868,i,8121855413893484989,13581974185914366634,262144 --enable-features=ForceSWDCompWhenDCompFallbackRequired,msAggressiveCacheTrimming,msCustomDataPartition,msWebView2NoTabForScreenShare,msWindowsTaskManager --disable-features=BackForwardCache,BackgroundTabLoadingFromPerformanceManager,CloseOmniboxPopupOnInactiveAreaClick,CollectAVProductsInfo,CollectCodeIntegrityInfo,EnableHangWatcher,FilterAdsOnAbusiveSites,GetWifiProtocol,LoginDetection,MediaFoundationCameraUsageMonitoring,PreconnectToSearch,SafetyHub,SegmentationPlatform,SpareRendererForSitePerProcess,Ukm,WebPayments,msAITrackerClassification,msAbydosForWindowlessWV2,msAffirmVirtualCard,msAllowChromeWebstore,msAllowMSAPrtSSOForNonMSAProfile,msApplicationGuard,msAskBeforeClosingMultipleTabs,msAutoToggleAADPrtSSOForNonAADProfile,msAutofillEdgeCoupons,msAutofillEdgeCouponsAutoApply,msAutofillEdgeServiceRequest,msAutomaticTabFreeze,msBrowserSettingsSupported,msCoarseGeolocationService,msDataProtection,msDesktopMode,msDesktopRewards,msDisableVariationsSeedFetchThrottling,msEEProactiveHistory,msETFOffstoreExtensionFileDataCollection,msETFPasswordTheftDNRActionSignals,msEdgeAdPlatformUI,msEdgeAddWebCapturetoCollections,msEdgeAutofillAdvancedSuggestionsBasic,msEdgeAutofillOneClickAutocomplete,msEdgeAutofillSaveGSPR100InDb,msEdgeAutofillShowDeployedPassword,msEdgeAutofillSs,msEdgeBrowserEssentialsShowUpdateSection,msEdgeCloudConfigService,msEdgeCloudConfigServiceV2,msEdgeCohorts,msEdgeCollectionsPrismExperiment1,msEdgeCollectionsPrismOverallMigration,msEdgeComposeNext,msEdgeEnableNurturingFramework,msEdgeEnclavePrefsBasic,msEdgeEnclavePrefsNotification,msEdgeFaviconService,msEdgeHJTelemetry,msEdgeHubAppSkype,msEdgeImageEditorUI,msEdgeLinkDoctor,msEdgeMouseGestureDefaultEnabled,msEdgeMouseGestureSupported,msEdgeNewDeviceFre,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgePDFCMHighlightUX,msEdgePasswordIris,msEdgePasswordIrisSaveBubble,msEdgeProngPersonalization,msEdgeReadingView,msEdgeRose,msEdgeSendTabToSelf,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingPersistentStorage,msEdgeShoppingUI,msEdgeSmartFind,msEdgeSuperDragDefaultEnabled,msEdgeSuperDragDropSupported,msEdgeTipping,msEdgeTranslate,msEdgeUseCaptivePortalService,msEdgeWebContentFilteringFeedback,msEdgeWorkSearchBanner,msEnableCustomJobMemoryLimitsOnXbox,msEnableMIPForPDF,msEnablePdfUpsell,msEnableThirdPartyScanning,msEnableWebSignInCta,msEnableWebToBrowserSignIn,msEndpointDlp,msEntityExtraction,msExtensionTelemetryFramework,msExternalTaskManager,msFileSystemAccessDirectoryIterationBlocklistCheck,msForceBrowserSignIn,msForeignSessionsPage,msGeolocationAccessService,msGeolocationOSLocationPermissionFallback,msGeolocationSQMService,msGeolocationService,msGrowthInfraLaunchSourceLogging,msGuidedSwitchAllowed,msHubPinPersist,msImplicitSignin,msIrm,msIrmv2,msKlarnaVirtualCard,msLoadStatistics,msLogIsEdgePinnedToTaskbarOnLaunch,msMIPCrossTenantPdfViewSupport,msMdatpWebSiteDlp,msNotificationPermissionForPWA,msOnHoverSearchInSidebar,msOpenOfficeDocumentsInWebViewer,msPasswordBreachDetection,msPdfAnnotationsVisibility,msPdfDataRecovery,msPdfDigitalSignatureRead,msPdfFreeText,msPdfFreeTextForCJK,msPdfHighlightMode,msPdfInking,msPdfKeyphraseSupport,msPdfOOUI,msPdfPopupMarkerRenderer,msPdfShare,msPdfSharedLibrary,msPdfTextNote,msPdfTextNoteMoreMenu,msPdfThumbnailCache,msPdfUnderside,msPdfViewRestore,msPersonalizationUMA,msPriceComparison,msPromptDefaultHandlerForPDF,msReactiveSearch,msReadAloud,msReadAloudPdf,msRedirectToShoreline,msRevokeExtensions,msSaasDlp,msShoppingTrigger,msShorelineSearch,msShorelineSearchFindOnPageWebUI,msShowOfflineGameEntrance,msShowReadAloudIconInAddressBar,msShowUXForAADPrtSSOForNonAADProfile,msSmartScreenProtection,msSuspendMessageForNewSessionWhenHavingPendingNavigation,msSyncEdgeCollections,msTabResourceStats,msTokenizationAutofillInlineEnabled,msTouchMode,msTriggeringSignalGenerator,msUserUnderstanding,msVideoSuperResolutionUI,msWalletBuyNow,msWalletCheckout,msWalletDiagnosticDataLogger,msWalletHubEntry,msWalletHubIntlP3,msWalletPartialCard,msWalletPasswordCategorization,msWalletPasswordCategorizationPlatformExpansion,msWalletTokenizationCardMetadata,msWalletTokenizedAutofill,msWebAssist,msWebAssistHistorySearchService,msWebOOUI,msWindowsUserActivities,msZipPayVirtualCard --variations-seed-version --mojo-platform-channel-handle=3460 /prefetch:1C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\136.0.3240.64\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
136.0.3240.64
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\136.0.3240.64\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\136.0.3240.64\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3784"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" -EmbeddingC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.57
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
Total events
17 503
Read events
14 643
Write events
2 774
Delete events
86

Modification events

(PID) Process:(4892) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(4892) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Microsoft Edge Update
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.57\MicrosoftEdgeUpdateCore.exe"
(PID) Process:(4892) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:edgeupdate_task_name_c
Value:
MicrosoftEdgeUpdateTaskUserS-1-5-21-1693682860-607145093-2874071422-1001Core{251E3AB3-9BD0-4549-9B66-F3B39E21C4E6}
(PID) Process:(4892) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:edgeupdate_task_name_ua
Value:
MicrosoftEdgeUpdateTaskUserS-1-5-21-1693682860-607145093-2874071422-1001UA{70A18D5F-8648-4243-9809-DD88221976CB}
(PID) Process:(4152) MicrosoftEdgeUpdate.exeKey:HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(4152) MicrosoftEdgeUpdate.exeKey:HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(4152) MicrosoftEdgeUpdate.exeKey:HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{79F05C14-E714-4C12-9924-93C812894CB0}\InProcServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(6708) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32
Operation:delete keyName:(default)
Value:
(PID) Process:(672) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32
Operation:delete keyName:(default)
Value:
(PID) Process:(672) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}
Operation:delete keyName:(default)
Value:
Executable files
211
Suspicious files
107
Text files
30
Unknown types
0

Dropped files

PID
Process
Filename
Type
5608MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUE31E.tmp\MicrosoftEdgeUpdateOnDemand.exeexecutable
MD5:404C7C261CA1C9FBA7774897E871C538
SHA256:4C52D2B1CAA23F4BDEEF21AE5A5C0B875F9E555887D1D6CB84E65ECE94F8C3A7
5608MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUE31E.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeexecutable
MD5:A2B91A80F7A2A32ABF8F2E524C07EB6B
SHA256:31DAB919FB0568B18E4A9C6CAF9F6C327AB312E226B05A8FB3C0C48895DEB03D
5608MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUE31E.tmp\MicrosoftEdgeUpdate.exeexecutable
MD5:775BFFE023242A224DC00B190CDD6B0E
SHA256:868D0B887CED2B9C96F69256626EF20E06E1EA582412E02C77B67179F0BB488A
5608MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUE31E.tmp\msedgeupdate.dllexecutable
MD5:C4850C9C841ED29FF08A8860C8B48175
SHA256:F7BAC71570109778D3E971786340BB59955E8779C792B2EE74D2598E9C6F5569
5112CursorX.exeC:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exeexecutable
MD5:A7E58B2280FE3768A007DE5BFCED6E1E
SHA256:3B8733318F3FD0B18714B651F1558B063A3EADBE287695B6A36BA45FAEF3DECA
5608MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUE31E.tmp\psmachine_64.dllexecutable
MD5:0CB0C27CCF6EF90C18EAC48BE737B810
SHA256:F22FF96887116A74DCD13CED31AD53A3F16F9A13E5A1B7BF3026602480E06BE8
5608MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUE31E.tmp\psmachine.dllexecutable
MD5:FAEE39F0FC56E10355464558799A1C3C
SHA256:6308D2A3DBCDCC92E81B1185A8A0F86B86F865436FD2FB1F92ECE3A5BCD30F2B
5608MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUE31E.tmp\MicrosoftEdgeComRegisterShellARM64.exeexecutable
MD5:5FB2A3D78FA87A1A6250E1BCA55CCAD7
SHA256:B80CDCE8D4A0E484078F0555428B71DFA573EC0EEC644D84554C469C50227197
5608MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUE31E.tmp\MicrosoftEdgeUpdateBroker.exeexecutable
MD5:74ABCEE07CF78D7DB223D6BDB5DD5CCA
SHA256:7E4AF81ED4C0B300D182ABE757ACD5436D160E35221B7B38CC0B14C21D70768B
5608MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUE31E.tmp\EdgeUpdate.datbinary
MD5:369BBC37CFF290ADB8963DC5E518B9B8
SHA256:3D7EC761BEF1B1AF418B909F1C81CE577C769722957713FDAFBC8131B0A0C7D3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
36
DNS requests
27
Threats
12

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6544
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
GET
200
2.16.168.124:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6372
svchost.exe
HEAD
200
208.89.74.27:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d030d76f-35e6-4c51-9279-28644aa334bb?P1=1747930932&P2=404&P3=2&P4=J3MqHhZNqN0FclsFeIfp5eaYu68HLyZ0OE8J6X7bqVbNyDhF4f8gV7y%2bIu2LbBOW9Rf8o6QdYhpmNmFObYUNOw%3d%3d
unknown
whitelisted
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2040
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
2104
svchost.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6372
svchost.exe
GET
200
208.89.74.27:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d030d76f-35e6-4c51-9279-28644aa334bb?P1=1747930932&P2=404&P3=2&P4=J3MqHhZNqN0FclsFeIfp5eaYu68HLyZ0OE8J6X7bqVbNyDhF4f8gV7y%2bIu2LbBOW9Rf8o6QdYhpmNmFObYUNOw%3d%3d
unknown
whitelisted
2040
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2.16.168.124:80
crl.microsoft.com
Akamai International B.V.
RU
whitelisted
23.219.150.101:80
www.microsoft.com
AKAMAI-AS
CL
whitelisted
2104
svchost.exe
23.219.150.101:80
www.microsoft.com
AKAMAI-AS
CL
whitelisted
3216
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
40.126.31.128:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5112
CursorX.exe
23.35.238.131:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.238
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 2.16.168.124
  • 2.16.168.114
whitelisted
www.microsoft.com
  • 23.219.150.101
  • 23.35.229.160
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
login.live.com
  • 40.126.31.128
  • 20.190.159.128
  • 40.126.31.130
  • 20.190.159.131
  • 20.190.159.73
  • 40.126.31.131
  • 20.190.159.129
  • 20.190.159.75
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
msedge.sf.dl.delivery.mp.microsoft.com
  • 23.48.23.14
  • 23.48.23.55
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted

Threats

PID
Process
Class
Message
6372
svchost.exe
Misc activity
ET INFO Packed Executable Download
5740
msedgewebview2.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
5740
msedgewebview2.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
5740
msedgewebview2.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
5740
msedgewebview2.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
5740
msedgewebview2.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
5740
msedgewebview2.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
5740
msedgewebview2.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
5740
msedgewebview2.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
5740
msedgewebview2.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
CursorX.exe