File name:

42d8d35183db614ea14e4c4d64ab3810526145509139b7b94b107df0ad626d0d.exe

Full analysis: https://app.any.run/tasks/6aa76e1b-0297-4da7-a0eb-207e62f41263
Verdict: Malicious activity
Analysis date: April 22, 2026, 13:59:57
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto-reg
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

9BF01FD8E552032B60DBDA68763E9C1D

SHA1:

8C26DCC73C7CFF235387B1027B0776B75AD03307

SHA256:

42D8D35183DB614EA14E4C4D64AB3810526145509139B7B94B107DF0AD626D0D

SSDEEP:

98304:moqahG8uCcHjL7roqxgIYkxF7j17AFHCAKv3DVkBsaEd5fYz3Fd4f9mi1cIaCHGE:oAwPEdyG1YfVv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 4684)

    • Potential DLL hijacking behavior detected

      • msedgewebview2.exe (PID: 7348)

    • Scans artifacts that could help determine the target

      • msedgewebview2.exe (PID: 5660)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • 42d8d35183db614ea14e4c4d64ab3810526145509139b7b94b107df0ad626d0d.exe (PID: 7260)

    • Silent install from TEMP directory

      • 42d8d35183db614ea14e4c4d64ab3810526145509139b7b94b107df0ad626d0d.exe (PID: 7260)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7684)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 7684)
      • MicrosoftEdgeUpdate.exe (PID: 4684)

    • Searches for installed software

      • 42d8d35183db614ea14e4c4d64ab3810526145509139b7b94b107df0ad626d0d.exe (PID: 7260)
      • setup.exe (PID: 2680)
      • msedgewebview2.exe (PID: 5660)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 2812)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 2588)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6632)
      • MicrosoftEdgeUpdate.exe (PID: 7340)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 4684)

    • Application launched itself

      • MicrosoftEdgeUpdate.exe (PID: 6532)
      • msedgewebview2.exe (PID: 5660)

  • INFO

    • The sample compiled with english language support

      • 42d8d35183db614ea14e4c4d64ab3810526145509139b7b94b107df0ad626d0d.exe (PID: 7260)

    • Checks supported languages

      • 42d8d35183db614ea14e4c4d64ab3810526145509139b7b94b107df0ad626d0d.exe (PID: 7260)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7684)
      • MicrosoftEdgeUpdate.exe (PID: 4684)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 2812)
      • MicrosoftEdgeUpdate.exe (PID: 7340)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6632)
      • MicrosoftEdgeUpdate.exe (PID: 2648)
      • MicrosoftEdgeUpdate.exe (PID: 6532)
      • MicrosoftEdgeUpdateCore.exe (PID: 1400)
      • MicrosoftEdgeUpdate.exe (PID: 488)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 2588)
      • MicrosoftEdgeUpdate.exe (PID: 7244)
      • MicrosoftEdge_X64_147.0.3912.72.exe (PID: 5888)
      • setup.exe (PID: 2680)
      • MicrosoftEdgeUpdate.exe (PID: 4872)
      • CursorPro.exe (PID: 2452)
      • msedgewebview2.exe (PID: 4708)
      • msedgewebview2.exe (PID: 5660)
      • msedgewebview2.exe (PID: 7348)
      • msedgewebview2.exe (PID: 6404)
      • msedgewebview2.exe (PID: 2332)
      • msedgewebview2.exe (PID: 2656)
      • identity_helper.exe (PID: 8044)

    • Reads the computer name

      • 42d8d35183db614ea14e4c4d64ab3810526145509139b7b94b107df0ad626d0d.exe (PID: 7260)
      • MicrosoftEdgeUpdate.exe (PID: 4684)
      • MicrosoftEdgeUpdate.exe (PID: 7340)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6632)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 2812)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 2588)
      • MicrosoftEdgeUpdate.exe (PID: 2648)
      • MicrosoftEdgeUpdate.exe (PID: 6532)
      • MicrosoftEdgeUpdateCore.exe (PID: 1400)
      • MicrosoftEdgeUpdate.exe (PID: 488)
      • MicrosoftEdgeUpdate.exe (PID: 7244)
      • MicrosoftEdge_X64_147.0.3912.72.exe (PID: 5888)
      • setup.exe (PID: 2680)
      • CursorPro.exe (PID: 2452)
      • msedgewebview2.exe (PID: 5660)
      • msedgewebview2.exe (PID: 7348)
      • msedgewebview2.exe (PID: 6404)
      • identity_helper.exe (PID: 8044)
      • MicrosoftEdgeUpdate.exe (PID: 4872)

    • Create files in a temporary directory

      • MicrosoftEdgeWebview2Setup.exe (PID: 7684)
      • MicrosoftEdgeUpdate.exe (PID: 4684)
      • 42d8d35183db614ea14e4c4d64ab3810526145509139b7b94b107df0ad626d0d.exe (PID: 7260)
      • msedgewebview2.exe (PID: 5660)

    • Creates files or folders in the user directory

      • MicrosoftEdgeUpdate.exe (PID: 4684)
      • MicrosoftEdgeUpdate.exe (PID: 6532)
      • MicrosoftEdge_X64_147.0.3912.72.exe (PID: 5888)
      • setup.exe (PID: 2680)
      • 42d8d35183db614ea14e4c4d64ab3810526145509139b7b94b107df0ad626d0d.exe (PID: 7260)
      • msedgewebview2.exe (PID: 5660)
      • msedgewebview2.exe (PID: 4708)
      • CursorPro.exe (PID: 2452)
      • msedgewebview2.exe (PID: 6404)

    • Launching a file from a Registry key

      • MicrosoftEdgeUpdate.exe (PID: 4684)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 7244)
      • MicrosoftEdgeUpdate.exe (PID: 4872)
      • msedgewebview2.exe (PID: 5660)
      • identity_helper.exe (PID: 8044)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 4684)
      • setup.exe (PID: 2680)
      • 42d8d35183db614ea14e4c4d64ab3810526145509139b7b94b107df0ad626d0d.exe (PID: 7260)
      • msedgewebview2.exe (PID: 5660)
      • msedgewebview2.exe (PID: 2656)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 4684)
      • MicrosoftEdgeUpdate.exe (PID: 6532)
      • 42d8d35183db614ea14e4c4d64ab3810526145509139b7b94b107df0ad626d0d.exe (PID: 7260)
      • msedgewebview2.exe (PID: 5660)
      • CursorPro.exe (PID: 2452)

    • Reads the machine GUID from the registry

      • MicrosoftEdgeUpdate.exe (PID: 7244)
      • MicrosoftEdgeUpdate.exe (PID: 6532)
      • MicrosoftEdgeUpdate.exe (PID: 4872)
      • msedgewebview2.exe (PID: 5660)
      • CursorPro.exe (PID: 2452)

    • Manual execution by a user

      • MicrosoftEdgeUpdateCore.exe (PID: 1400)
      • msedge.exe (PID: 7908)

    • There is functionality for taking screenshot (YARA)

      • 42d8d35183db614ea14e4c4d64ab3810526145509139b7b94b107df0ad626d0d.exe (PID: 7260)

    • Creates a software uninstall entry

      • setup.exe (PID: 2680)
      • 42d8d35183db614ea14e4c4d64ab3810526145509139b7b94b107df0ad626d0d.exe (PID: 7260)

    • Reads CPU info

      • msedgewebview2.exe (PID: 5660)

    • Application launched itself

      • msedge.exe (PID: 7804)
      • msedge.exe (PID: 4260)
      • msedge.exe (PID: 7908)
      • msedge.exe (PID: 8412)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:03:08 23:05:20+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 139776
UninitializedDataSize: 2048
EntryPoint: 0x369f
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 4.4.18.0
ProductVersionNumber: 4.4.18.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: CursorPro
FileVersion: 4.4.18
LegalCopyright: -
ProductName: CursorPro
ProductVersion: 4.4.18
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
189
Monitored processes
47
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start 42d8d35183db614ea14e4c4d64ab3810526145509139b7b94b107df0ad626d0d.exe slui.exe microsoftedgewebview2setup.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe microsoftedgeupdatecore.exe no specs microsoftedgeupdate.exe no specs microsoftedge_x64_147.0.3912.72.exe no specs setup.exe no specs microsoftedgeupdate.exe cursorpro.exe no specs cursorpro.exe msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
488"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /cC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateCore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.229.3
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
1296"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3656,i,3326630268189515599,12283798639777465053,262144 --variations-seed-version --mojo-platform-channel-handle=3948 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1400"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.229.3\MicrosoftEdgeUpdateCore.exe"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.229.3\MicrosoftEdgeUpdateCore.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.229.3
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.229.3\microsoftedgeupdatecore.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
1860"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.92 --initial-client-data=0x284,0x288,0x28c,0x27c,0x294,0x7ffe0917f208,0x7ffe0917f214,0x7ffe0917f220C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1860"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5648,i,3326630268189515599,12283798639777465053,262144 --variations-seed-version --mojo-platform-channel-handle=5664 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\identity_helper.exe
c:\windows\system32\ntdll.dll
1904"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3648,i,3326630268189515599,12283798639777465053,262144 --variations-seed-version --mojo-platform-channel-handle=3680 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2260"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2392,i,3326630268189515599,12283798639777465053,262144 --variations-seed-version --mojo-platform-channel-handle=2344 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2332"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\147.0.3912.72\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\com.yuxin.CursorPro\EBWebView" --webview-exe-name=CursorPro.exe --webview-exe-version=4.4.18 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --startup-read-main-dll --metrics-shmem-handle=1888,i,870748663980495865,3117893466481465177,524288 --field-trial-handle=1812,i,1264260534705173952,11831982108743714750,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --pseudonymization-salt-handle=1824,i,7507507627456328558,4333679356532408239,4 --trace-process-track-uuid=3190708990060038890 --mojo-platform-channel-handle=2344 /prefetch:8C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\147.0.3912.72\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
147.0.3912.72
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\147.0.3912.72\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\147.0.3912.72\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
2452"C:\Users\admin\AppData\Local\CursorPro\CursorPro.exe" C:\Users\admin\AppData\Local\CursorPro\CursorPro.exe
42d8d35183db614ea14e4c4d64ab3810526145509139b7b94b107df0ad626d0d.exe
User:
admin
Company:
yuxin
Integrity Level:
HIGH
Description:
CursorPro
Version:
4.4.18
Modules
Images
c:\users\admin\appdata\local\cursorpro\cursorpro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
2588"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.229.3\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.229.3\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.229.3
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.229.3\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
Total events
24 574
Read events
22 236
Write events
2 270
Delete events
68

Modification events

(PID) Process:(2664) slui.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\3d\52C64B7E
Operation:writeName:@%SystemRoot%\System32\sppcomapi.dll,-3200
Value:
Software Licensing
(PID) Process:(4684) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(4684) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:path
Value:
C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(PID) Process:(4684) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:CopilotUpdatePath
Value:
C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\CopilotUpdate.exe
(PID) Process:(4684) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:UninstallCmdLine
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /uninstall
(PID) Process:(4684) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.229.3
(PID) Process:(4684) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:name
Value:
Microsoft Edge Update
(PID) Process:(4684) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.229.3
(PID) Process:(4684) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Microsoft Edge Update
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.229.3\MicrosoftEdgeUpdateCore.exe"
(PID) Process:(7340) MicrosoftEdgeUpdate.exeKey:HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32
Operation:delete keyName:(default)
Value:
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
726042d8d35183db614ea14e4c4d64ab3810526145509139b7b94b107df0ad626d0d.exeC:\Users\admin\AppData\Local\Temp\nse7FC.tmp\modern-wizard.bmp
MD5:CBE40FD2B1EC96DAEDC65DA172D90022
SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
726042d8d35183db614ea14e4c4d64ab3810526145509139b7b94b107df0ad626d0d.exeC:\Users\admin\AppData\Local\Temp\nse7FC.tmp\nsDialogs.dll
MD5:8F0E7415F33843431DF308BB8E06AF81
SHA256:BB49F15FA83452370047A7801E39FC7F64E70C7545B8999BB85AA4749EAA048B
726042d8d35183db614ea14e4c4d64ab3810526145509139b7b94b107df0ad626d0d.exeC:\Users\admin\AppData\Local\Temp\nse7FC.tmp\NSISdl.dll
MD5:8EABBE36E8B52E69322780D0F541FD19
SHA256:DDF40229DD9D6B268902D8DEA88C8A04AACF1AF218DD29F6DCD35BABC54AC08D
726042d8d35183db614ea14e4c4d64ab3810526145509139b7b94b107df0ad626d0d.exeC:\Users\admin\AppData\Local\Temp\nse7FC.tmp\System.dll
MD5:9B38A1B07A0EBC5C7E59E63346ECC2DB
SHA256:C881253DAFCF1322A771139B1A429EC1E78C507CA81A218A20DC1A4B25ABBFE7
7684MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU21FB.tmp\MicrosoftEdgeComRegisterShellARM64.exe
MD5:77644DC395CDB1387F1ED85C746323A1
SHA256:72410E10CA13E97C8FE10872EB17A0895B963B217623459F919938FFD8349E7F
7684MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU21FB.tmp\psuser_arm64.dll
MD5:4447469F6217910E162D57A12A8E3801
SHA256:C83A60065163A42C680F02EEEC2D8DC1A4CDA238239E08290A47E9113C9E1710
7684MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU21FB.tmp\NOTICE.TXT
MD5:6DD5BF0743F2366A0BDD37E302783BCD
SHA256:91D3FC490565DED7621FF5198960E501B6DB857D5DD45AF2FE7C3ECD141145F5
7684MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU21FB.tmp\EdgeUpdate.dat
MD5:369BBC37CFF290ADB8963DC5E518B9B8
SHA256:3D7EC761BEF1B1AF418B909F1C81CE577C769722957713FDAFBC8131B0A0C7D3
7684MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU21FB.tmp\psmachine_arm64.dll
MD5:A7C3AC6E6331E875C24EBE8606DAADEC
SHA256:520C7E69DB07BDBE2FC60900C46EAAF0F0BE37498653AC7576EB6EDCC572C587
7684MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU21FB.tmp\psuser_64.dll
MD5:9C8702C3DA7626F988FF00D52FE10643
SHA256:76F9640D3D94EAFBF71A29E9E4FF46F35ABE2142E9B88DCAD5D44D05C75B6526
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
115
TCP/UDP connections
89
DNS requests
63
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5276
MoUsoCoreWorker.exe
GET
304
40.127.240.158:443
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3094&FlightIds=&UpdateOfferedDays=4294967295&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&sku=48&ActivationChannel=Retail&AttrDataVer=186&IsMDMEnrolled=0&ProcessorCores=6&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&TotalPhysicalRAM=6144&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260281&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&UpdateServiceUrl=http%3A%2F%2Fneverupdatewindows10.com&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30
US
whitelisted
6532
MicrosoftEdgeUpdate.exe
POST
200
135.232.92.34:443
https://msedge.api.cdp.microsoft.com/api/v2/contents/Browser/namespaces/Default/names?action=batchupdates
US
103 b
whitelisted
5316
svchost.exe
POST
400
20.190.159.68:443
https://login.live.com/ppsecure/deviceaddcredential.srf
US
203 b
whitelisted
680
svchost.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
814 b
whitelisted
5276
MoUsoCoreWorker.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
814 b
whitelisted
680
svchost.exe
GET
200
40.127.240.158:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/WaasMedic?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&appVer=10.0.19041.3758&ring=Retail&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4
US
3.41 Kb
whitelisted
2664
slui.exe
POST
500
48.192.1.65:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
US
512 b
whitelisted
2664
slui.exe
POST
500
48.192.1.65:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
US
whitelisted
5316
svchost.exe
POST
200
20.190.159.68:443
https://login.live.com/RST2.srf
US
1.24 Kb
whitelisted
7832
SIHClient.exe
GET
304
135.233.95.144:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5276
MoUsoCoreWorker.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
7312
slui.exe
48.192.1.65:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
680
svchost.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5532
SearchApp.exe
2.16.241.219:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
680
svchost.exe
2.16.164.120:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
680
svchost.exe
23.52.181.212:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
5276
MoUsoCoreWorker.exe
23.52.181.212:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
5276
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
activation-v2.sls.microsoft.com
  • 48.192.1.65
whitelisted
www.bing.com
  • 2.16.241.219
  • 2.16.241.227
  • 2.16.241.220
  • 2.16.241.200
  • 2.16.241.201
  • 2.16.241.223
  • 2.16.241.221
  • 2.16.241.222
  • 2.16.241.217
  • 23.36.162.74
  • 23.36.162.87
  • 23.36.162.76
  • 23.36.162.70
  • 23.36.162.73
  • 23.36.162.71
  • 23.36.162.75
  • 23.36.162.78
  • 23.36.162.69
  • 23.36.162.79
  • 23.36.162.77
whitelisted
google.com
  • 142.251.20.102
  • 142.251.20.100
  • 142.251.20.101
  • 142.251.20.113
  • 142.251.20.139
  • 142.251.20.138
whitelisted
crl.microsoft.com
  • 2.16.164.120
  • 2.16.164.49
whitelisted
www.microsoft.com
  • 23.52.181.212
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
login.live.com
  • 20.190.159.68
  • 20.190.159.129
  • 40.126.31.1
  • 40.126.31.71
  • 20.190.159.75
  • 40.126.31.128
  • 40.126.31.131
  • 40.126.31.130
  • 20.190.159.0
  • 20.190.159.2
  • 40.126.31.129
  • 20.190.159.131
  • 20.190.159.64
whitelisted
go.microsoft.com
  • 23.52.181.141
whitelisted
msedge.sf.dl.delivery.mp.microsoft.com
  • 199.232.210.172
  • 199.232.214.172
whitelisted

Threats

PID
Process
Class
Message
7260
42d8d35183db614ea14e4c4d64ab3810526145509139b7b94b107df0ad626d0d.exe
Misc activity
ET INFO Packed Executable Download
7052
svchost.exe
Misc activity
ET INFO Packed Executable Download
Misc activity
ET HUNTING Suspicious User-Agent Observed (Mozilla/5.0 (Windows NT XX.X Win64 x64) AppleWebKit/XXX.XX)
2452
CursorPro.exe
Misc activity
ET HUNTING Suspicious User-Agent Observed (Mozilla/5.0 (Windows NT XX.X Win64 x64) AppleWebKit/XXX.XX)
Misc activity
ET HUNTING Suspicious User-Agent Observed (Mozilla/5.0 (Windows NT XX.X Win64 x64) AppleWebKit/XXX.XX)
2452
CursorPro.exe
Misc activity
ET HUNTING Suspicious User-Agent Observed (Mozilla/5.0 (Windows NT XX.X Win64 x64) AppleWebKit/XXX.XX)
Misc activity
ET HUNTING Suspicious User-Agent Observed (Mozilla/5.0 (Windows NT XX.X Win64 x64) AppleWebKit/XXX.XX)
2452
CursorPro.exe
Misc activity
ET HUNTING Suspicious User-Agent Observed (Mozilla/5.0 (Windows NT XX.X Win64 x64) AppleWebKit/XXX.XX)
Process
Message
msedgewebview2.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Local\com.yuxin.CursorPro directory exists )
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
42d8d35183db614ea14e4c4d64ab3810526145509139b7b94b107df0ad626d0d.exe