Malware analysis MICROSOFTEDGEWEBVIEW2SETUP.EXE Malicious activity

Add for printing

File name:	MICROSOFTEDGEWEBVIEW2SETUP.EXE
Full analysis:	https://app.any.run/tasks/da1ebb1d-1960-4188-ac82-264ac9f1f672
Verdict:	Malicious activity
Analysis date:	September 14, 2024, 18:57:13
OS:	Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows
MD5:	D2EBD82A5D3FAC11D44D90D8DF253BB9
SHA1:	BA94B456E111EA9573FE150AD4090A66540C9938
SHA256:	04B65AA7B23D0C7EBBD6E022A600FBC43C0EE896ED280E48AC59E17FB0A2311D
SSDEEP:	49152:zTwFJC8q0b7NALZ0aKJUb41o2M7nmB+181WHm0ZHjQsfSnAMveSC+1b7hGtPCPDU:zqnnNSDN1mS81WHm0ljj1MJr1b9pDsCQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 120 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 60 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (122.0.6261.70)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (122.0.2365.59)
Microsoft Edge Update (1.3.185.17)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (123.0)
Mozilla Maintenance Service (123.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Skype version 8.104 (8.104)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
- Changes the autorun value in the registry
  - MicrosoftEdgeUpdate.exe (PID: 1964)
SUSPICIOUS
- Starts itself from another location
  - MicrosoftEdgeUpdate.exe (PID: 1964)
- Creates/Modifies COM task schedule object
  - MicrosoftEdgeUpdate.exe (PID: 320)
  - MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 2180)
  - MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7052)
  - MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3964)
- Executable content was dropped or overwritten
  - MicrosoftEdgeUpdate.exe (PID: 1964)
  - MICROSOFTEDGEWEBVIEW2SETUP.EXE.exe (PID: 3728)
- Starts a Microsoft application from unusual location
  - MICROSOFTEDGEWEBVIEW2SETUP.EXE.exe (PID: 3728)
- Reads security settings of Internet Explorer
  - MicrosoftEdgeUpdate.exe (PID: 1964)
- Potential Corporate Privacy Violation
  - MicrosoftEdgeUpdate.exe (PID: 5344)
INFO
- Creates files or folders in the user directory
  - MicrosoftEdgeUpdate.exe (PID: 1964)
- Checks supported languages
  - MicrosoftEdgeUpdate.exe (PID: 320)
  - MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 2180)
  - MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7052)
  - MICROSOFTEDGEWEBVIEW2SETUP.EXE.exe (PID: 3728)
  - MicrosoftEdgeUpdate.exe (PID: 1964)
  - MicrosoftEdgeUpdate.exe (PID: 5692)
  - MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3964)
  - MicrosoftEdgeUpdate.exe (PID: 5164)
  - MicrosoftEdgeUpdate.exe (PID: 5344)
- Create files in a temporary directory
  - MicrosoftEdgeUpdate.exe (PID: 1964)
  - MICROSOFTEDGEWEBVIEW2SETUP.EXE.exe (PID: 3728)
  - MicrosoftEdgeUpdate.exe (PID: 5344)
- Reads the computer name
  - MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 2180)
  - MicrosoftEdgeUpdate.exe (PID: 320)
  - MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7052)
  - MicrosoftEdgeUpdate.exe (PID: 1964)
  - MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3964)
  - MicrosoftEdgeUpdate.exe (PID: 5692)
  - MicrosoftEdgeUpdate.exe (PID: 5344)
  - MicrosoftEdgeUpdate.exe (PID: 5164)
- Process checks computer location settings
  - MicrosoftEdgeUpdate.exe (PID: 1964)
- Reads Environment values
  - MicrosoftEdgeUpdate.exe (PID: 5692)
- Checks proxy server information
  - MicrosoftEdgeUpdate.exe (PID: 5692)
  - MicrosoftEdgeUpdate.exe (PID: 5344)
- Reads the software policy settings
  - MicrosoftEdgeUpdate.exe (PID: 5692)
  - MicrosoftEdgeUpdate.exe (PID: 5344)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win64 Executable (generic) (76.4)
.exe	\|	Win32 Executable (generic) (12.4)
.exe	\|	Generic Win/DOS Executable (5.5)
.exe	\|	DOS Executable Generic (5.5)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2024:09:04 15:33:37+00:00
ImageFileCharacteristics:	Executable, 32-bit
PEType:	PE32
LinkerVersion:	14.31
CodeSize:	110592
InitializedDataSize:	1512960
UninitializedDataSize:	-
EntryPoint:	0x83f0
OSVersion:	5.1
ImageVersion:	-
SubsystemVersion:	5.1
Subsystem:	Windows GUI
FileVersionNumber:	1.3.195.19
ProductVersionNumber:	1.3.195.19
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Windows NT 32-bit
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	English (U.S.)
CharacterSet:	Unicode
CompanyName:	Microsoft Corporation
FileDescription:	Microsoft Edge Update Setup
FileVersion:	1.3.195.19
InternalName:	Microsoft Edge Update Setup
LegalCopyright:	Copyright Microsoft Corporation
OriginalFileName:	MicrosoftEdgeUpdateSetup.exe
ProductName:	Microsoft Edge Update
ProductVersion:	1.3.195.19
UpstreamVersion:	1.3.99.0
LanguageId:	en

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

139

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

320

"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

—

MicrosoftEdgeUpdate.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge Update

Exit code:

Version:

1.3.195.19

Modules

Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll

1964

C:\Users\admin\AppData\Local\Temp\EUA7E1.tmp\MicrosoftEdgeUpdate.exe /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Users\admin\AppData\Local\Temp\EUA7E1.tmp\MicrosoftEdgeUpdate.exe

MICROSOFTEDGEWEBVIEW2SETUP.EXE.exe

User:

admin

Integrity Level:

MEDIUM

Modules

Images
c:\users\admin\appdata\local\temp\eua7e1.tmp\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll

2180

"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe" /user

C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe

—

MicrosoftEdgeUpdate.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge Update COM Registration Helper

Exit code:

Version:

1.3.195.19

Modules

Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.195.19\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll

3728

"C:\Users\admin\AppData\Local\Temp\MICROSOFTEDGEWEBVIEW2SETUP.EXE.exe"

C:\Users\admin\AppData\Local\Temp\MICROSOFTEDGEWEBVIEW2SETUP.EXE.exe

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge Update Setup

Version:

1.3.195.19

Modules

Images
c:\users\admin\appdata\local\temp\microsoftedgewebview2setup.exe.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll

3964

"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe" /user

C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe

—

MicrosoftEdgeUpdate.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge Update COM Registration Helper

Exit code:

Version:

1.3.195.19

Modules

Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.195.19\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll

5164

"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=false" /installsource taggedmi /sessionid "{A1D10ED6-96A5-4646-957F-08F40E7C0F31}"

C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

—

MicrosoftEdgeUpdate.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge Update

Version:

1.3.195.19

Modules

Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll

5344

"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" -Embedding

C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

svchost.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge Update

Version:

1.3.195.19

Modules

Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll

5692

"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTkiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7QTFEMTBFRDYtOTZBNS00NjQ2LTk1N0YtMDhGNDBFN0MwRjMxfSIgdXNlcmlkPSJ7NjExQzhGMUMtMjQ0NC00RjA5LUFDOTAtNEU4RERFQjQzNEFGfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0U4MEE3NkJGLUYwMzQtNEQ1QS1BQTU2LTYyNEQwNTQzMUI2Nn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI0IiBwaHlzbWVtb3J5PSI0IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDUuNDA0NiIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJERUxMIiBwcm9kdWN0X25hbWU9IkRFTEwiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjE5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjI1NTc4NDU5NSIgaW5zdGFsbF90aW1lX21zPSIxMDc5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

MicrosoftEdgeUpdate.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge Update

Exit code:

Version:

1.3.195.19

Modules

Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll

6464

"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEvent

C:\Windows\System32\slui.exe

—

SppExtComObj.Exe

User:

NETWORK SERVICE

Company:

Microsoft Corporation

Integrity Level:

SYSTEM

Description:

Windows Activation Client

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll

6540

C:\WINDOWS\system32\SppExtComObj.exe -Embedding

C:\Windows\System32\SppExtComObj.Exe

—

svchost.exe

User:

NETWORK SERVICE

Company:

Microsoft Corporation

Integrity Level:

SYSTEM

Description:

KMS Connection Broker

Version:

10.0.19041.3996 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll

Add for printing

Total events

4 170

Read events

2 510

Write events

1 626

Delete events

Modification events


(PID) Process:	(1964) MicrosoftEdgeUpdate.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:	delete value	Name:	eulaaccepted
Value:
(PID) Process:	(1964) MicrosoftEdgeUpdate.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:	write	Name:	path
Value: C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(PID) Process:	(1964) MicrosoftEdgeUpdate.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:	write	Name:	UninstallCmdLine
Value: "C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /uninstall
(PID) Process:	(1964) MicrosoftEdgeUpdate.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:	write	Name:	pv
Value: 1.3.195.19
(PID) Process:	(1964) MicrosoftEdgeUpdate.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:	write	Name:	name
Value: Microsoft Edge Update
(PID) Process:	(1964) MicrosoftEdgeUpdate.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:	write	Name:	pv
Value: 1.3.195.19
(PID) Process:	(1964) MicrosoftEdgeUpdate.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:	write	Name:	Microsoft Edge Update
Value: "C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateCore.exe"
(PID) Process:	(1964) MicrosoftEdgeUpdate.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:	write	Name:	edgeupdate_task_name_c
Value: MicrosoftEdgeUpdateTaskUserS-1-5-21-1693682860-607145093-2874071422-1001Core{4440B99B-8470-4C7B-BB74-7B395DBC28AA}
(PID) Process:	(1964) MicrosoftEdgeUpdate.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:	write	Name:	edgeupdate_task_name_ua
Value: MicrosoftEdgeUpdateTaskUserS-1-5-21-1693682860-607145093-2874071422-1001UA{6B7A06C8-EEDE-4B42-A85D-BAF1B5EB7FFD}
(PID) Process:	(1964) MicrosoftEdgeUpdate.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:	write	Name:	LastOSVersion
Value: 1C0100000A00000000000000654A000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100

Add for printing

Executable files

201

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
3728	MICROSOFTEDGEWEBVIEW2SETUP.EXE.exe	C:\Users\admin\AppData\Local\Temp\EUA7E1.tmp\MicrosoftEdgeUpdate.exe		executable
		MD5:B0D94FFD264B31A419E84A9B027D926B	SHA256:F471D9FF608FE58DA68A49AF83A7FD9A3D6BF5A5757D340F7B8224B6CD8BDDF6
3728	MICROSOFTEDGEWEBVIEW2SETUP.EXE.exe	C:\Users\admin\AppData\Local\Temp\EUA7E1.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe		executable
		MD5:1D35F02C24D817CD9AE2B9BD75A4C135	SHA256:0ABF4F0FE0033A56EBDAFF875B63CC083FD9C8628D2FB2AB5826D3C0C687B262
3728	MICROSOFTEDGEWEBVIEW2SETUP.EXE.exe	C:\Users\admin\AppData\Local\Temp\EUA7E1.tmp\MicrosoftEdgeUpdateOnDemand.exe		executable
		MD5:B24A7473192E02CA5A8EF0A6CDF5A7FA	SHA256:2FB732A43AF16159B58EEA7950EE63FF6ED21EE78303C584FCC580F92D997BF5
3728	MICROSOFTEDGEWEBVIEW2SETUP.EXE.exe	C:\Users\admin\AppData\Local\Temp\EUA7E1.tmp\psmachine.dll		executable
		MD5:440CC4D0CE247CA6F5B9A3D30192B844	SHA256:C5EC4633F80C54FE8D77BDE05A952B11B4B647A2FFC10E43D0370154780D21F7
3728	MICROSOFTEDGEWEBVIEW2SETUP.EXE.exe	C:\Users\admin\AppData\Local\Temp\EUA7E1.tmp\MicrosoftEdgeUpdateBroker.exe		executable
		MD5:3234CB9CE73386F54FD0CA140CE1EA34	SHA256:CA798DAEAD23EB45E054C22D59688873710A3AEEB56AD58DFFB9DBD7DF7619AB
3728	MICROSOFTEDGEWEBVIEW2SETUP.EXE.exe	C:\Users\admin\AppData\Local\Temp\EUA7E1.tmp\MicrosoftEdgeComRegisterShellARM64.exe		executable
		MD5:3A6B04122205EC351F8FBEF3E20F65C4	SHA256:7BA65317643FBC0D03195BDEEBA318732823A91EF27F62483D5FC0ED3FEA4912
3728	MICROSOFTEDGEWEBVIEW2SETUP.EXE.exe	C:\Users\admin\AppData\Local\Temp\EUA7E1.tmp\psuser_64.dll		executable
		MD5:72AA2974228D0D4E62A8E3C670DB1204	SHA256:632762238CDB97D88C6527AD5D2AAD7A84C61550545458F69CE5EDB504E659C0
3728	MICROSOFTEDGEWEBVIEW2SETUP.EXE.exe	C:\Users\admin\AppData\Local\Temp\EUA7E1.tmp\MicrosoftEdgeUpdateCore.exe		executable
		MD5:E468FE744CBAEBC00B08578F6C71FBC0	SHA256:7C75C35F4222E83088DE98BA25595EB76013450FC959D7FEEFCAB592D1C9839F
3728	MICROSOFTEDGEWEBVIEW2SETUP.EXE.exe	C:\Users\admin\AppData\Local\Temp\EUA7E1.tmp\psmachine_arm64.dll		executable
		MD5:26A613B3E85F99F277C72E089BA55A96	SHA256:81078F06FAE5DC44257EEFC39675449A4E8D9CEB4910750BABF0914F5361017D
3728	MICROSOFTEDGEWEBVIEW2SETUP.EXE.exe	C:\Users\admin\AppData\Local\Temp\EUA7E1.tmp\psuser.dll		executable
		MD5:33BF134B69D77316BD814D8904F27B35	SHA256:55C9EB7C7FD62B2173F2203421E85DFAD845C169B1225FF4CA1A9E0CFFEA2B0D

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
5344	MicrosoftEdgeUpdate.exe	GET	—	2.19.126.155:80	http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/3c0de2bf-65bf-49d5-acb1-379ba8215c60?P1=1726945044&P2=404&P3=2&P4=aieUqWMcfJvuaWFEsYyl8jrwIrijADlaQ3GM0Y1FFo65PFy3urTgkksa5e%2f%2fDzOCO6DBUUJI7iePwC%2fmry7e2A%3d%3d	unknown	—	—	whitelisted
6160	svchost.exe	GET	200	88.221.169.152:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
2108	svchost.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	unknown	—	—	whitelisted
4076	SIHClient.exe	GET	200	88.221.169.152:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl	unknown	—	—	whitelisted
4076	SIHClient.exe	GET	200	88.221.169.152:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
6160	svchost.exe	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
6652	RUXIMICS.exe	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
2120	MoUsoCoreWorker.exe	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
5692	MicrosoftEdgeUpdate.exe	13.107.42.16:443	config.edge.skype.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
5344	MicrosoftEdgeUpdate.exe	20.166.2.191:443	msedge.api.cdp.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
5344	MicrosoftEdgeUpdate.exe	2.19.126.155:80	msedge.f.tlu.dl.delivery.mp.microsoft.com	Akamai International B.V.	DE	whitelisted
6160	svchost.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
6160	svchost.exe	88.221.169.152:80	www.microsoft.com	AKAMAI-AS	DE	whitelisted
3260	svchost.exe	40.113.103.199:443	client.wns.windows.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted

DNS requests

Domain	IP	Reputation
settings-win.data.microsoft.com	51.124.78.146 51.104.136.2 13.71.55.58 40.127.240.158	whitelisted
google.com	142.250.184.238	whitelisted
config.edge.skype.com	13.107.42.16	whitelisted
msedge.api.cdp.microsoft.com	20.166.2.191	whitelisted
msedge.f.tlu.dl.delivery.mp.microsoft.com	2.19.126.155 2.19.126.157	whitelisted
www.microsoft.com	88.221.169.152	whitelisted
client.wns.windows.com	40.113.103.199	whitelisted
login.live.com	20.190.159.2 20.190.159.68 20.190.159.75 20.190.159.4 40.126.31.71 40.126.31.67 20.190.159.0 20.190.159.64	whitelisted
ocsp.digicert.com	192.229.221.95	whitelisted
slscr.update.microsoft.com	40.68.123.157	whitelisted

Threats

PID	Process	Class	Message
5344	MicrosoftEdgeUpdate.exe	Potential Corporate Privacy Violation	ET POLICY PE EXE or DLL Windows file download HTTP

Add for printing

No debug info

General Info

MICROSOFTEDGEWEBVIEW2SETUP.EXE

D2EBD82A5D3FAC11D44D90D8DF253BB9

BA94B456E111EA9573FE150AD4090A66540C9938

04B65AA7B23D0C7EBBD6E022A600FBC43C0EE896ED280E48AC59E17FB0A2311D

49152:zTwFJC8q0b7NALZ0aKJUb41o2M7nmB+181WHm0ZHjQsfSnAMveSC+1b7hGtPCPDU:zqnnNSDN1mS81WHm0ljj1MJr1b9pDsCQ

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

Changes the autorun value in the registry

SUSPICIOUS

Starts itself from another location

Creates/Modifies COM task schedule object

Executable content was dropped or overwritten

Starts a Microsoft application from unusual location

Reads security settings of Internet Explorer

Potential Corporate Privacy Violation

INFO

Creates files or folders in the user directory

Checks supported languages

Create files in a temporary directory

Reads the computer name

Process checks computer location settings

Reads Environment values

Checks proxy server information

Reads the software policy settings

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings