URL:

www.bing.com/apps/wallpaper/

Full analysis: https://app.any.run/tasks/a9cc5fcd-b928-4b78-9a39-46d26af80b4b
Verdict: Malicious activity
Analysis date: August 27, 2025, 00:26:42
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
qrcode
Indicators:
MD5:

C31033855C163ECE6B2AE427A36DC06E

SHA1:

DDC4CD4FE0871836F729DBC703BC34705DA3ED03

SHA256:

6FE67C3FB906C443FF7F75D7D75567ABEB41D2B98035F52D12E43931FDB28679

SSDEEP:

3:E0pVEVyK:5I

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 7060)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • BingWallpaperInstaller.exe (PID: 7892)
      • BingWallpaper.exe (PID: 1944)
      • a7e701ec-6553-4b9e-8654-5a87775c2fef.exe (PID: 7528)
      • MicrosoftEdgeUpdate.exe (PID: 7060)
      • MicrosoftEdge_X64_139.0.3405.119.exe (PID: 2400)
      • setup.exe (PID: 7424)

    • Executable content was dropped or overwritten

      • BingWallpaperInstaller.exe (PID: 7892)
      • BingWallpaper.exe (PID: 1944)
      • a7e701ec-6553-4b9e-8654-5a87775c2fef.exe (PID: 7528)
      • MicrosoftEdgeUpdate.exe (PID: 7060)
      • MicrosoftEdge_X64_139.0.3405.119.exe (PID: 2400)
      • setup.exe (PID: 7424)

    • Reads security settings of Internet Explorer

      • BingWallpaperInstaller.exe (PID: 7892)
      • BingWallpaper.exe (PID: 1944)
      • MicrosoftEdgeUpdate.exe (PID: 7060)
      • MicrosoftEdgeUpdate.exe (PID: 8032)

    • Reads the Internet Settings

      • BingWallpaper.exe (PID: 1944)

    • Reads settings of System Certificates

      • BingWallpaper.exe (PID: 1944)

    • Starts a Microsoft application from unusual location

      • a7e701ec-6553-4b9e-8654-5a87775c2fef.exe (PID: 7528)
      • MicrosoftEdgeUpdate.exe (PID: 7060)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 7060)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7408)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7800)
      • MicrosoftEdgeUpdate.exe (PID: 7392)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7324)

    • Application launched itself

      • setup.exe (PID: 7424)
      • MicrosoftEdgeUpdate.exe (PID: 8032)

    • Searches for installed software

      • setup.exe (PID: 7424)

    • Creates a software uninstall entry

      • setup.exe (PID: 7424)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 4744)

    • Reads the computer name

      • identity_helper.exe (PID: 7824)
      • BingWallpaper.exe (PID: 1944)
      • MicrosoftEdgeUpdate.exe (PID: 7060)
      • BingWallpaperInstaller.exe (PID: 7892)
      • MicrosoftEdgeUpdate.exe (PID: 7392)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7408)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7800)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7324)
      • MicrosoftEdgeUpdate.exe (PID: 8144)
      • MicrosoftEdgeUpdate.exe (PID: 7960)
      • MicrosoftEdgeUpdate.exe (PID: 8032)
      • MicrosoftEdge_X64_139.0.3405.119.exe (PID: 2400)
      • BingWallpaper.exe (PID: 8160)
      • setup.exe (PID: 7424)
      • MicrosoftEdgeUpdate.exe (PID: 1324)

    • Checks supported languages

      • identity_helper.exe (PID: 7824)
      • BingWallpaper.exe (PID: 1944)
      • a7e701ec-6553-4b9e-8654-5a87775c2fef.exe (PID: 7528)
      • MicrosoftEdgeUpdate.exe (PID: 7060)
      • BingWallpaperInstaller.exe (PID: 7892)
      • MicrosoftEdgeUpdate.exe (PID: 7392)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7800)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7408)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7324)
      • MicrosoftEdgeUpdate.exe (PID: 8144)
      • MicrosoftEdgeUpdate.exe (PID: 8032)
      • MicrosoftEdgeUpdate.exe (PID: 7960)
      • MicrosoftEdge_X64_139.0.3405.119.exe (PID: 2400)
      • setup.exe (PID: 7424)
      • setup.exe (PID: 7364)
      • BingWallpaper.exe (PID: 8160)
      • MicrosoftEdgeUpdate.exe (PID: 1324)

    • Reads Environment values

      • identity_helper.exe (PID: 7824)
      • MicrosoftEdgeUpdate.exe (PID: 8144)
      • MicrosoftEdgeUpdate.exe (PID: 1324)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 4744)

    • The sample compiled with english language support

      • BingWallpaperInstaller.exe (PID: 7892)
      • BingWallpaper.exe (PID: 1944)
      • a7e701ec-6553-4b9e-8654-5a87775c2fef.exe (PID: 7528)
      • MicrosoftEdgeUpdate.exe (PID: 7060)
      • MicrosoftEdge_X64_139.0.3405.119.exe (PID: 2400)
      • setup.exe (PID: 7424)

    • Checks proxy server information

      • BingWallpaperInstaller.exe (PID: 7892)
      • MicrosoftEdgeUpdate.exe (PID: 8144)
      • MicrosoftEdgeUpdate.exe (PID: 8032)
      • slui.exe (PID: 2356)
      • MicrosoftEdgeUpdate.exe (PID: 1324)

    • Reads the software policy settings

      • BingWallpaperInstaller.exe (PID: 7892)
      • BingWallpaper.exe (PID: 1944)
      • MicrosoftEdgeUpdate.exe (PID: 8032)
      • MicrosoftEdgeUpdate.exe (PID: 8144)
      • MicrosoftEdgeUpdate.exe (PID: 1324)
      • slui.exe (PID: 2356)

    • The sample compiled with Indonesian language support

      • BingWallpaperInstaller.exe (PID: 7892)

    • The sample compiled with chinese language support

      • BingWallpaperInstaller.exe (PID: 7892)

    • The sample compiled with japanese language support

      • BingWallpaperInstaller.exe (PID: 7892)

    • The sample compiled with korean language support

      • BingWallpaperInstaller.exe (PID: 7892)

    • The sample compiled with german language support

      • BingWallpaperInstaller.exe (PID: 7892)

    • The sample compiled with czech language support

      • BingWallpaperInstaller.exe (PID: 7892)

    • The sample compiled with spanish language support

      • BingWallpaperInstaller.exe (PID: 7892)

    • The sample compiled with french language support

      • BingWallpaperInstaller.exe (PID: 7892)

    • The sample compiled with bulgarian language support

      • BingWallpaperInstaller.exe (PID: 7892)

    • The sample compiled with Italian language support

      • BingWallpaperInstaller.exe (PID: 7892)

    • Creates files or folders in the user directory

      • BingWallpaper.exe (PID: 1944)
      • MicrosoftEdgeUpdate.exe (PID: 7060)
      • MicrosoftEdgeUpdate.exe (PID: 8032)
      • MicrosoftEdge_X64_139.0.3405.119.exe (PID: 2400)
      • setup.exe (PID: 7364)
      • setup.exe (PID: 7424)

    • Process checks computer location settings

      • BingWallpaper.exe (PID: 1944)
      • BingWallpaperInstaller.exe (PID: 7892)
      • MicrosoftEdgeUpdate.exe (PID: 7060)
      • setup.exe (PID: 7424)

    • Create files in a temporary directory

      • BingWallpaper.exe (PID: 1944)
      • a7e701ec-6553-4b9e-8654-5a87775c2fef.exe (PID: 7528)
      • BingWallpaperInstaller.exe (PID: 7892)

    • Disables trace logs

      • BingWallpaperInstaller.exe (PID: 7892)

    • Reads the machine GUID from the registry

      • BingWallpaperInstaller.exe (PID: 7892)
      • MicrosoftEdgeUpdate.exe (PID: 8032)

    • Manual execution by a user

      • BingWallpaper.exe (PID: 8160)

    • Launching a file from a Registry key

      • MicrosoftEdgeUpdate.exe (PID: 7060)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
194
Monitored processes
50
Malicious processes
7
Suspicious processes
2

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs bingwallpaperinstaller.exe slui.exe bingwallpaper.exe a7e701ec-6553-4b9e-8654-5a87775c2fef.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs microsoftedge_x64_139.0.3405.119.exe setup.exe setup.exe no specs bingwallpaper.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe no specs microsoftedgeupdate.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
512"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4324,i,7508797619879910095,5817881070499363713,262144 --variations-seed-version --mojo-platform-channel-handle=4264 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1324"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNjUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNjUiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7NTM0M0RCRTYtNkM2MS00MDY3LTg3OUUtOTk3MDA3NEQxN0U5fSIgdXNlcmlkPSJ7NkIyQ0NEMjUtOUUzMS00QzY5LUFCMTctNTI2NzI4RkYyNjlCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBNDZDMEIxQS1EOTM2LTRFREEtQTE5My1CQTE2Mjg2M0E5RkV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzkuMC4zNDA1LjExOSIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNjg0MTMyNTg1MCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE2ODQxMzI1ODUwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTY5NTI0MTQxMzkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzRmZmIxN2ZjLTE1MWMtNGZhMC05ZDQ4LWI5N2M2M2NlOTcwYT9QMT0xNzU2ODU5MjY3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWE1UXo0eE9VRVJQZmtFbjhqUGJYZDNFb1J4VlYxQTFlTVByTTMxaTZVTUlrdENtNjQ0TE9iOEglMmZ1MVM0alA5ZXBzcCUyYk12VmhzUVlKdFZVbWk4TTZ0dyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE4MjY5ODA2NCIgdG90YWw9IjE4MjY5ODA2NCIgZG93bmxvYWRfdGltZV9tcz0iNzI2MCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE2OTUyNTUwNzIwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTY5NzA2NTExMDUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjE3MzI2MTgyMzA1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMTg3IiBkb3dubG9hZF90aW1lX21zPSIxMTEwNiIgZG93bmxvYWRlZD0iMTgyNjk4MDY0IiB0b3RhbD0iMTgyNjk4MDY0IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSIzNTU1MyIvPjwvYXBwPjwvcmVxdWVzdD4C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.65
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
1352"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2744,i,7508797619879910095,5817881070499363713,262144 --variations-seed-version --mojo-platform-channel-handle=2756 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1412"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=7500,i,7508797619879910095,5817881070499363713,262144 --variations-seed-version --mojo-platform-channel-handle=7876 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1800"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --disable-quic --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=4992,i,7508797619879910095,5817881070499363713,262144 --variations-seed-version --mojo-platform-channel-handle=7764 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1944"C:\Program Files\WindowsApps\Microsoft.BingWallpaper_1.1.422.0_x86__8wekyb3d8bbwe\BingWallpaper.exe" microsoft-bingwallpaper://launch/??supresswelcomescreen=true&themename=bingC:\Program Files\WindowsApps\Microsoft.BingWallpaper_1.1.422.0_x86__8wekyb3d8bbwe\BingWallpaper.exe
BingWallpaperInstaller.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
BingWallpaper
Version:
1.0.0.0
Modules
Images
c:\program files\windowsapps\microsoft.bingwallpaper_1.1.422.0_x86__8wekyb3d8bbwe\bingwallpaper.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
2356C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2400"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{74E1793A-A594-4425-ADA0-82449F092D4B}\MicrosoftEdge_X64_139.0.3405.119.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --user-levelC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{74E1793A-A594-4425-ADA0-82449F092D4B}\MicrosoftEdge_X64_139.0.3405.119.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
139.0.3405.119
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{74e1793a-a594-4425-ada0-82449f092d4b}\microsoftedge_x64_139.0.3405.119.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2596"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-quic --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=6908,i,7508797619879910095,5817881070499363713,262144 --variations-seed-version --mojo-platform-channel-handle=6900 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3948"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=7984,i,7508797619879910095,5817881070499363713,262144 --variations-seed-version --mojo-platform-channel-handle=7876 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
22 637
Read events
21 032
Write events
1 538
Delete events
67

Modification events

(PID) Process:(4744) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(4744) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(4744) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(4744) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(4744) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(4744) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(4744) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
4310CA20E49B2F00
(PID) Process:(4744) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\459622
Operation:writeName:WindowTabManagerFileMappingId
Value:
{CDB0F948-BA74-415C-9ACC-1B4B02876B5F}
(PID) Process:(4744) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\459622
Operation:writeName:WindowTabManagerFileMappingId
Value:
{7EDC77D2-3EE3-4C37-9A34-CE73F760768B}
(PID) Process:(4744) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\459622
Operation:writeName:WindowTabManagerFileMappingId
Value:
{EC9671D7-64FF-41F8-BE7F-5899C973D916}
Executable files
219
Suspicious files
172
Text files
114
Unknown types
0

Dropped files

PID
Process
Filename
Type
4744msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF18d6f2.TMP
MD5:
SHA256:
4744msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
4744msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF18d702.TMP
MD5:
SHA256:
4744msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF18d702.TMP
MD5:
SHA256:
4744msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF18d702.TMP
MD5:
SHA256:
4744msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
4744msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
4744msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
4744msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF18d731.TMP
MD5:
SHA256:
4744msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
26
TCP/UDP connections
130
DNS requests
105
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4456
msedge.exe
GET
200
150.171.27.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:xojnFmS7GFQIu7TI98-XCC3xmJXbuquobYo2IgOFNIc&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
72
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1268
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1268
svchost.exe
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4744
msedge.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
whitelisted
7092
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7092
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
4744
msedge.exe
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7600
svchost.exe
HEAD
200
199.232.210.172:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/4ffb17fc-151c-4fa0-9d48-b97c63ce970a?P1=1756859267&P2=404&P3=2&P4=a5Qz4xOUERPfkEn8jPbXd3EoRxVV1A1eMPrM31i6UMIktCm644LOb8H%2fu1S4jP9epsp%2bMvVhsQYJtVUmi8M6tw%3d%3d
unknown
whitelisted
7600
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bf8090eb-6e5c-4c51-9250-5bf9b46cf160?P1=1756475398&P2=404&P3=2&P4=Mhtc9BhoD%2foka5%2fL650j4s6ky8gve2tRocpcZy9D%2bZcz%2fNCisHNtIXgMAKXFXlSZ%2bOx4jGR0RglFGYtVeA3mvw%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1268
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1976
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
4456
msedge.exe
150.171.22.17:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4456
msedge.exe
150.171.27.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4456
msedge.exe
2.16.241.201:80
www.bing.com
Akamai International B.V.
DE
whitelisted
4456
msedge.exe
150.171.27.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4456
msedge.exe
2.16.241.201:443
www.bing.com
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.124.78.146
  • 51.104.136.2
whitelisted
google.com
  • 216.58.206.78
whitelisted
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted
config.edge.skype.com
  • 150.171.22.17
  • 52.123.243.196
  • 52.123.243.74
  • 52.123.243.216
  • 52.123.243.194
whitelisted
www.bing.com
  • 2.16.241.201
  • 2.16.241.218
  • 95.100.158.114
  • 23.11.206.107
  • 23.3.89.113
  • 23.3.89.122
whitelisted
copilot.microsoft.com
  • 2.16.241.224
  • 2.16.241.220
whitelisted
bing.com
  • 150.171.27.10
  • 150.171.28.10
whitelisted
bat.bing.com
  • 150.171.28.10
  • 150.171.27.10
whitelisted
www.clarity.ms
  • 13.107.253.44
whitelisted
scripts.clarity.ms
  • 13.107.253.44
  • 13.107.246.44
whitelisted

Threats

PID
Process
Class
Message
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
7600
svchost.exe
Misc activity
ET INFO Packed Executable Download
Misc activity
ET INFO Packed Executable Download
Process
Message
BingWallpaper.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
BingWallpaper.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
www.bing.com/apps/wallpaper/