URL:

http://au.download.windowsupdate.com/d/msdownload/update/software/defu/2026/02/updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe

Full analysis: https://app.any.run/tasks/d8cd2a82-426e-4057-8cf3-fcc121692876
Verdict: Malicious activity
Analysis date: February 13, 2026, 03:59:08
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MD5:

CFC401A39D0EF6C9A84E5F8A9B382583

SHA1:

ABAD47B246725737ED1FE6D7E2826DCD683CCB03

SHA256:

56C663D074F40B582EF5675944C50E81B763F363F475F4DD1FB40C27D1B98F23

SSDEEP:

3:N1KfV4EWd9r4ExKVKSLJkACANHtGoAymyKmhlRDJfckyWhTyHDERPXSErN:CNKd9AVxNf7DJf7TyjOX3rN

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Scans artifacts that could help determine the target

      • MpSigStub.exe (PID: 9072)
      • MpSigStub.exe (PID: 8888)
      • MpSigStub.exe (PID: 8224)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • msedge.exe (PID: 7868)
      • msedge.exe (PID: 8196)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4776)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 5544)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4940)

    • The process creates files with name similar to system file names

      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4776)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 5544)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4940)

    • Executable content was dropped or overwritten

      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4776)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 5544)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4940)

    • Starts a Microsoft application from unusual location

      • MpSigStub.exe (PID: 9072)
      • MpRecovery.exe (PID: 4800)
      • MpRecovery.exe (PID: 4516)
      • MpSigStub.exe (PID: 8888)
      • MpSigStub.exe (PID: 8224)
      • MpRecovery.exe (PID: 1432)

    • Drops a system driver (possible attempt to evade defenses)

      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4776)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 5544)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4940)

    • Reads the date of Windows installation

      • MpSigStub.exe (PID: 9072)
      • MpSigStub.exe (PID: 8888)
      • MpSigStub.exe (PID: 8224)

  • INFO

    • Checks supported languages

      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4776)
      • identity_helper.exe (PID: 6364)
      • MpSigStub.exe (PID: 9072)
      • MpRecovery.exe (PID: 4800)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 5544)
      • MpSigStub.exe (PID: 8888)
      • MpRecovery.exe (PID: 4516)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4940)
      • MpSigStub.exe (PID: 8224)
      • MpRecovery.exe (PID: 1432)

    • The sample compiled with english language support

      • msedge.exe (PID: 8196)
      • msedge.exe (PID: 7868)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4776)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 5544)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4940)

    • Drops script file

      • msedge.exe (PID: 7856)

    • Reads the computer name

      • identity_helper.exe (PID: 6364)
      • MpSigStub.exe (PID: 9072)
      • MpRecovery.exe (PID: 4800)
      • MpSigStub.exe (PID: 8888)
      • MpRecovery.exe (PID: 4516)
      • MpSigStub.exe (PID: 8224)
      • MpRecovery.exe (PID: 1432)

    • Create files in a temporary directory

      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4776)
      • MpSigStub.exe (PID: 9072)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 5544)
      • MpSigStub.exe (PID: 8888)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4940)
      • MpSigStub.exe (PID: 8224)

    • Reads Environment values

      • identity_helper.exe (PID: 6364)
      • MpSigStub.exe (PID: 9072)
      • MpSigStub.exe (PID: 8888)
      • MpSigStub.exe (PID: 8224)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 7868)
      • msedge.exe (PID: 8196)

    • Application launched itself

      • msedge.exe (PID: 8196)

    • Launching a file from the Downloads directory

      • msedge.exe (PID: 8196)

    • The sample compiled with bulgarian language support

      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4776)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 5544)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4940)

    • The sample compiled with arabic language support

      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4776)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 5544)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4940)

    • The sample compiled with japanese language support

      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4776)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 5544)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4940)

    • The sample compiled with spanish language support

      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4776)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 5544)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4940)

    • The sample compiled with french language support

      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4776)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 5544)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4940)

    • The sample compiled with Indonesian language support

      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4776)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 5544)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4940)

    • The sample compiled with Italian language support

      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4776)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 5544)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4940)

    • The sample compiled with portuguese language support

      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4776)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 5544)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4940)

    • The sample compiled with slovak language support

      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4776)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 5544)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4940)

    • The sample compiled with polish language support

      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4776)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 5544)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4940)

    • The sample compiled with swedish language support

      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4776)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 5544)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4940)

    • The sample compiled with russian language support

      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4776)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 5544)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4940)

    • The sample compiled with turkish language support

      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4776)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 5544)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4940)

    • The sample compiled with chinese language support

      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4776)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 5544)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4940)

    • The sample compiled with czech language support

      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4776)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 5544)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4940)

    • The sample compiled with german language support

      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4776)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 5544)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4940)

    • The sample compiled with korean language support

      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4776)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 5544)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4940)

    • Creates files or folders in the user directory

      • MpSigStub.exe (PID: 9072)

    • Reads product name

      • MpSigStub.exe (PID: 9072)
      • MpSigStub.exe (PID: 8888)
      • MpSigStub.exe (PID: 8224)

    • Process checks computer location settings

      • MpSigStub.exe (PID: 9072)
      • MpSigStub.exe (PID: 8888)
      • MpSigStub.exe (PID: 8224)

    • Reads CPU info

      • MpSigStub.exe (PID: 9072)
      • MpSigStub.exe (PID: 8888)
      • MpSigStub.exe (PID: 8224)

    • Creates files in the program directory

      • MpSigStub.exe (PID: 9072)
      • MpSigStub.exe (PID: 8888)
      • MpSigStub.exe (PID: 8224)

    • Checks proxy server information

      • MpSigStub.exe (PID: 9072)
      • MpSigStub.exe (PID: 8888)
      • MpSigStub.exe (PID: 8224)
      • slui.exe (PID: 6364)

    • Reads the machine GUID from the registry

      • MpSigStub.exe (PID: 9072)
      • MpSigStub.exe (PID: 8888)
      • MpSigStub.exe (PID: 8224)

    • Manual execution by a user

      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 7824)
      • updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe (PID: 4940)
      • cmd.exe (PID: 4924)

    • Gets the hash of the file via CERTUTIL.EXE

      • certutil.exe (PID: 6216)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
214
Monitored processes
56
Malicious processes
0
Suspicious processes
7

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe no specs updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe conhost.exe no specs mpsigstub.exe mprecovery.exe no specs updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe no specs updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe conhost.exe no specs mpsigstub.exe mprecovery.exe no specs updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe no specs updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe conhost.exe no specs mpsigstub.exe mprecovery.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs conhost.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs certutil.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
144"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=7412,i,11804714350378949455,12378715450536823128,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=5348 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
492"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=7348,i,11804714350378949455,12378715450536823128,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=2792 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1432C:\Users\admin\AppData\Local\Temp\62FE7C17-8AE1-4047-A61B-83F7238B0760\MpRecovery.exeC:\Users\admin\AppData\Local\Temp\62FE7C17-8AE1-4047-A61B-83F7238B0760\MpRecovery.exeMpSigStub.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Malware Protection Recovery
Exit code:
2147944212
Version:
4.18.26010.5 (1e74b9adf5ed0dd9a81fac912007d1b65cd9b869)
Modules
Images
c:\users\admin\appdata\local\temp\62fe7c17-8ae1-4047-a61b-83f7238b0760\mprecovery.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\version.dll
1676"C:\Users\admin\Downloads\updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe" C:\Users\admin\Downloads\updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
AntiMalware Platform Update (amd64fre)
Exit code:
3221226540
Version:
4.18.26010.5
Modules
Images
c:\users\admin\downloads\updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe
c:\windows\system32\ntdll.dll
1868"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3512,i,11804714350378949455,12378715450536823128,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=3624 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2016"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=7664,i,11804714350378949455,12378715450536823128,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=4048 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2572"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6260,i,11804714350378949455,12378715450536823128,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2748"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=7052,i,11804714350378949455,12378715450536823128,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=6788 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2752"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5452,i,11804714350378949455,12378715450536823128,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=7540 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3040"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=7868,i,11804714350378949455,12378715450536823128,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=7936 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
10 659
Read events
10 578
Write events
75
Delete events
6

Modification events

(PID) Process:(9072) MpSigStub.exeKey:\REGISTRY\A\{94ae1a40-688d-be8a-b9a0-1fa0ba94b2fe}\Root\InventoryApplicationFile
Operation:writeName:WritePermissionsCheck
Value:
1
(PID) Process:(9072) MpSigStub.exeKey:\REGISTRY\A\{94ae1a40-688d-be8a-b9a0-1fa0ba94b2fe}\Root\InventoryApplicationFile\PermissionsCheckTestKey
Operation:delete keyName:(default)
Value:
(PID) Process:(9072) MpSigStub.exeKey:\REGISTRY\A\{94ae1a40-688d-be8a-b9a0-1fa0ba94b2fe}\Root\InventoryApplicationFile\mpsigstub.exe|b2d1508698bd6745
Operation:writeName:ProgramId
Value:
0006b073ddf5451cfb10fdf2389ce3c1e4cd00000904
(PID) Process:(9072) MpSigStub.exeKey:\REGISTRY\A\{94ae1a40-688d-be8a-b9a0-1fa0ba94b2fe}\Root\InventoryApplicationFile\mpsigstub.exe|b2d1508698bd6745
Operation:writeName:FileId
Value:
000076e325582d95a5b3882b6e42a63d866046b01e0b
(PID) Process:(9072) MpSigStub.exeKey:\REGISTRY\A\{94ae1a40-688d-be8a-b9a0-1fa0ba94b2fe}\Root\InventoryApplicationFile\mpsigstub.exe|b2d1508698bd6745
Operation:writeName:LowerCaseLongPath
Value:
c:\users\admin\appdata\local\temp\9868e4dc-e81c-4dde-930d-65bbee7c25e6\mpsigstub.exe
(PID) Process:(9072) MpSigStub.exeKey:\REGISTRY\A\{94ae1a40-688d-be8a-b9a0-1fa0ba94b2fe}\Root\InventoryApplicationFile\mpsigstub.exe|b2d1508698bd6745
Operation:writeName:LongPathHash
Value:
mpsigstub.exe|b2d1508698bd6745
(PID) Process:(9072) MpSigStub.exeKey:\REGISTRY\A\{94ae1a40-688d-be8a-b9a0-1fa0ba94b2fe}\Root\InventoryApplicationFile\mpsigstub.exe|b2d1508698bd6745
Operation:writeName:Name
Value:
MpSigStub.exe
(PID) Process:(9072) MpSigStub.exeKey:\REGISTRY\A\{94ae1a40-688d-be8a-b9a0-1fa0ba94b2fe}\Root\InventoryApplicationFile\mpsigstub.exe|b2d1508698bd6745
Operation:writeName:OriginalFileName
Value:
mpsigstub.exe
(PID) Process:(9072) MpSigStub.exeKey:\REGISTRY\A\{94ae1a40-688d-be8a-b9a0-1fa0ba94b2fe}\Root\InventoryApplicationFile\mpsigstub.exe|b2d1508698bd6745
Operation:writeName:Publisher
Value:
microsoft corporation
(PID) Process:(9072) MpSigStub.exeKey:\REGISTRY\A\{94ae1a40-688d-be8a-b9a0-1fa0ba94b2fe}\Root\InventoryApplicationFile\mpsigstub.exe|b2d1508698bd6745
Operation:writeName:Version
Value:
1.1.26010.5 (1e74b9adf5ed0dd9a81fac912007d1b65cd9b869)
Executable files
626
Suspicious files
49
Text files
434
Unknown types
2

Dropped files

PID
Process
Filename
Type
8196msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF1e52e0.TMP
MD5:
SHA256:
8196msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
8196msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF1e52f0.TMP
MD5:
SHA256:
8196msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF1e5300.TMP
MD5:
SHA256:
8196msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF1e52f0.TMP
MD5:
SHA256:
8196msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
8196msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
8196msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF1e5300.TMP
MD5:
SHA256:
8196msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
8196msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
131
TCP/UDP connections
75
DNS requests
76
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7868
msedge.exe
GET
304
150.171.28.11:443
https://edge.microsoft.com/abusiveadblocking/api/v1/blocklist
US
whitelisted
7868
msedge.exe
GET
2.16.164.72:80
http://au.download.windowsupdate.com/d/msdownload/update/software/defu/2026/02/updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe
NL
unknown
7868
msedge.exe
GET
200
150.171.22.17:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=Edge%2CEdgeConfig%2CEdgeServices%2CEdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=66&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1766135237&lafgdate=0
US
text
4.47 Kb
whitelisted
GET
200
131.253.33.203:80
http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ3L3%2F%2Fa6ADK8NraY2GXzVaYrHG4AQUb6t%2B2v%2BXQ3LsO2d33oJhNYhHQoUCEzMAAAAGb6JMMcOVb6sAAAAAAAY%3D
US
binary
960 b
whitelisted
7868
msedge.exe
GET
200
150.171.27.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:-f-CmC7OafVGiJtlhPEDK6ZP5coel4DrBEO0jrC7YV4&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
US
text
100 b
whitelisted
5568
SearchApp.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAjTxtAB8my1oj8MfWpz%2F7Y%3D
US
binary
313 b
whitelisted
7868
msedge.exe
GET
200
150.171.27.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
US
text
295 b
whitelisted
7868
msedge.exe
GET
200
150.171.27.11:443
https://edge.microsoft.com/extensionwebstorebase/v1/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=edgecrx&prodchannel=&prodversion=133.0.3065.92&lang=en-US&acceptformat=crx3,puff&x=id%3Djmjflgjpcpepeafmmgdpfkogkghcpiha%26v%3D1.2.1%26installedby%3Dother%26uc%26ping%3Dr%253D56%2526e%253D1
US
xml
413 b
whitelisted
7868
msedge.exe
GET
200
150.171.27.11:443
https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=edge_hub_apps_manifest_gz&version=4.11.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362
US
266 b
whitelisted
7868
msedge.exe
GET
200
150.171.27.11:443
https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=arbitration_priority_list&version=24.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362
US
271 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
8124
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2328
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5568
SearchApp.exe
104.126.37.144:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
5568
SearchApp.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
131.253.33.203:80
oneocsp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3412
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7868
msedge.exe
150.171.27.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 20.73.194.208
  • 4.231.128.59
whitelisted
self.events.data.microsoft.com
  • 40.79.173.41
  • 52.168.117.175
whitelisted
google.com
  • 142.251.127.113
  • 142.251.127.101
  • 142.251.127.100
  • 142.251.127.139
  • 142.251.127.138
  • 142.251.127.102
whitelisted
www.bing.com
  • 104.126.37.144
  • 104.126.37.163
  • 104.126.37.145
  • 104.126.37.128
  • 104.126.37.154
  • 104.126.37.130
  • 104.126.37.123
  • 104.126.37.176
  • 104.126.37.131
  • 2.16.204.141
  • 2.16.204.161
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
oneocsp.microsoft.com
  • 131.253.33.203
whitelisted
client.wns.windows.com
  • 172.211.123.249
  • 172.211.123.248
whitelisted
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
au.download.windowsupdate.com
  • 2.16.164.72
  • 2.16.164.105
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://au.download.windowsupdate.com/d/msdownload/update/software/defu/2026/02/updateplatform.amd64fre_488e91bf87861cdd269f6ec4b0a4a54807af843e.exe