File name:

UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exe

Full analysis: https://app.any.run/tasks/9bbf69b1-3d14-4ecc-add3-f3b8b5c269a6
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: May 20, 2026, 09:14:08
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
tsuloader
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 7 sections
MD5:

2CBC607A07891B42697307E83ABC2A81

SHA1:

71DFC43A6B54CFF1B3090FE73F9FCA741149C761

SHA256:

8AD642EA0CA962A280C86884D279BA07AEEE75E0389972913F2750CB8617F3B7

SSDEEP:

393216:OVRz+QDvZroUG+pxuRyJNwGVTu81QVJvYsq+yderJP/Qa/:8vtXG+uQJNw2TUjRygNf

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • MicrosoftEdgeWebview2Setup.exe (PID: 4304)
      • MicrosoftEdgeUpdate.exe (PID: 6628)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3112)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5304)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5548)
      • MicrosoftEdge_X64_148.0.3967.70.exe (PID: 4872)
      • setup.exe (PID: 2828)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exe (PID: 7604)
      • MicrosoftEdgeWebview2Setup.exe (PID: 4304)
      • MicrosoftEdge_X64_148.0.3967.70.exe (PID: 4872)
      • setup.exe (PID: 2828)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 4304)
      • MicrosoftEdgeUpdate.exe (PID: 6628)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 6628)

    • Disables SEHOP

      • MicrosoftEdgeUpdate.exe (PID: 6628)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3112)
      • MicrosoftEdgeUpdate.exe (PID: 7588)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5304)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5548)

    • Application launched itself

      • MicrosoftEdgeUpdate.exe (PID: 4236)

    • Executes as Windows Service

      • MicrosoftEdgeUpdate.exe (PID: 4236)

    • Searches for installed software

      • setup.exe (PID: 2828)

  • INFO

    • Checks supported languages

      • UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exe (PID: 7604)
      • MicrosoftEdgeWebview2Setup.exe (PID: 4304)
      • MicrosoftEdgeUpdate.exe (PID: 6628)
      • MicrosoftEdgeUpdate.exe (PID: 4708)
      • MicrosoftEdgeUpdate.exe (PID: 7588)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3112)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5304)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5548)
      • MicrosoftEdgeUpdate.exe (PID: 2792)
      • MicrosoftEdgeUpdate.exe (PID: 1140)
      • MicrosoftEdge_X64_148.0.3967.70.exe (PID: 4872)
      • MicrosoftEdgeUpdate.exe (PID: 5168)
      • MicrosoftEdgeUpdate.exe (PID: 4236)
      • setup.exe (PID: 2828)

    • Reads the computer name

      • UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exe (PID: 7604)
      • MicrosoftEdgeUpdate.exe (PID: 6628)
      • MicrosoftEdgeUpdate.exe (PID: 7588)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3112)
      • MicrosoftEdgeUpdate.exe (PID: 4708)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5304)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5548)
      • MicrosoftEdgeUpdate.exe (PID: 1140)
      • MicrosoftEdgeUpdate.exe (PID: 2792)
      • MicrosoftEdgeUpdate.exe (PID: 4236)
      • MicrosoftEdgeUpdate.exe (PID: 5168)
      • MicrosoftEdge_X64_148.0.3967.70.exe (PID: 4872)
      • setup.exe (PID: 2828)

    • Reads Environment values

      • UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exe (PID: 7604)
      • MicrosoftEdgeUpdate.exe (PID: 1140)
      • MicrosoftEdgeUpdate.exe (PID: 5168)

    • Create files in a temporary directory

      • UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exe (PID: 7604)
      • MicrosoftEdgeUpdate.exe (PID: 6628)

    • Reads Microsoft Office registry keys

      • UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exe (PID: 7604)

    • TSULoader has been detected

      • UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exe (PID: 7604)

    • Reads the machine GUID from the registry

      • UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exe (PID: 7604)

    • Creates files or folders in the user directory

      • UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exe (PID: 7604)

    • Reads security settings of Internet Explorer

      • UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exe (PID: 7604)
      • MicrosoftEdgeUpdate.exe (PID: 6628)

    • The sample compiled with english language support

      • UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exe (PID: 7604)
      • MicrosoftEdgeWebview2Setup.exe (PID: 4304)
      • MicrosoftEdgeUpdate.exe (PID: 6628)
      • setup.exe (PID: 2828)
      • MicrosoftEdge_X64_148.0.3967.70.exe (PID: 4872)

    • Process checks computer location settings

      • UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exe (PID: 7604)
      • MicrosoftEdgeUpdate.exe (PID: 6628)
      • setup.exe (PID: 2828)

    • Creates a software uninstall entry

      • setup.exe (PID: 2828)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:09:05 14:26:54+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 8192
InitializedDataSize: 37326848
UninitializedDataSize: -
EntryPoint: 0x15ad
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2025.1.9.1724
ProductVersionNumber: 6.9.22.0
FileFlagsMask: 0x003f
FileFlags: Special build
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
ProductName: UpSlide for ODDO BHF - Wealth Management
ProductVersion: 6.9.22
CompanyName: UpSlide
LegalCopyright: Copyright © 2014-2017 UpSlide
Email: support@upslide.net
WebSite: http://www.UpSlide.net
FileDescription: Installer for UpSlide for ODDO BHF - Wealth Management
FileVersion: 2025.1.9.1724
OriginalFileName: UpSlide for ODDO BHF - Wealth Management V6.9.22.exe
InternalName: TSULoader
Comments: WinNT (x86) Unicode Lib Rel
ProductCode: {BB9427B5-04E8-4086-AB3A-7473EE1EB9D3}
PackageCode: {C4D3E276-262C-45E4-4FCD-620DBA511AC9}
Arguments: -
SpecialBuild: -
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
140
Monitored processes
15
Malicious processes
7
Suspicious processes
3

Behavior graph

Click at the process to see the details
start upslide20for20oddo20bhf20-20wealth20management20v6.9.22.1.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe microsoftedge_x64_148.0.3967.70.exe setup.exe upslide20for20oddo20bhf20-20wealth20management20v6.9.22.1.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1140"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4yMzMuMyIgc2hlbGxfdmVyc2lvbj0iMS4zLjIzMy4zIiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezk2MTMwNDBGLTUzNTktNDExQy05OUY2LTE4MjZDQ0EyNzNCNX0iIHVzZXJpZD0ie0ZEOTg0NzM5LUExMjItNERCMC1CRTVCLTQ2RTNFMDlEODRFNH0iIGluc3RhbGxzb3VyY2U9Im90aGVyaW5zdGFsbGNtZCIgcmVxdWVzdGlkPSJ7MjRDNTQxMDYtNTMyMC00QUVCLUJEMkYtOUNGMzkxNUJCQTI5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjYiIHBoeXNtZW1vcnk9IjYiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS40MDQ2IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRFTEwiIHByb2R1Y3RfbmFtZT0iREVMTCIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE5NS40MyIgbmV4dHZlcnNpb249IjEuMy4yMzMuMyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTUyOTg0NjQyMSIgaW5zdGFsbF90aW1lX21zPSI2ODciLz48L2FwcD48L3JlcXVlc3Q-C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.233.3
Modules
Images
c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
2792"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{9613040F-5359-411C-99F6-1826CCA273B5}" /silentC:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update
Version:
1.3.233.3
Modules
Images
c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
2828"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0CE23C61-3D6A-4A37-9DEF-528816A4F198}\EDGEMITMP_39603.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0CE23C61-3D6A-4A37-9DEF-528816A4F198}\MicrosoftEdge_X64_148.0.3967.70.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-levelC:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0CE23C61-3D6A-4A37-9DEF-528816A4F198}\EDGEMITMP_39603.tmp\setup.exe
MicrosoftEdge_X64_148.0.3967.70.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Installer
Exit code:
0
Version:
148.0.3967.70
Modules
Images
c:\program files (x86)\microsoft\edgeupdate\install\{0ce23c61-3d6a-4a37-9def-528816a4f198}\edgemitmp_39603.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
3112"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.233.3\MicrosoftEdgeUpdateComRegisterShell64.exe" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.233.3\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.233.3
Modules
Images
c:\program files (x86)\microsoft\edgeupdate\1.3.233.3\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
4236"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svcC:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Edge Update
Version:
1.3.233.3
Modules
Images
c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
4304"C:\ProgramData\UpSlide\Tmp\MicrosoftEdgeWebview2Setup.exe" /silent /installC:\ProgramData\UpSlide\Tmp\MicrosoftEdgeWebview2Setup.exe
UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update Setup
Version:
1.3.233.3
Modules
Images
c:\programdata\upslide\tmp\microsoftedgewebview2setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
4624"C:\Users\admin\Desktop\UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exe" C:\Users\admin\Desktop\UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exeexplorer.exe
User:
admin
Company:
UpSlide
Integrity Level:
MEDIUM
Description:
Installer for UpSlide for ODDO BHF - Wealth Management
Exit code:
3221226540
Version:
2025.1.9.1724
Modules
Images
c:\users\admin\desktop\upslide20for20oddo20bhf20-20wealth20management20v6.9.22.1.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
4708"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvcC:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.233.3
Modules
Images
c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
4872"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0CE23C61-3D6A-4A37-9DEF-528816A4F198}\MicrosoftEdge_X64_148.0.3967.70.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-levelC:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{0CE23C61-3D6A-4A37-9DEF-528816A4F198}\MicrosoftEdge_X64_148.0.3967.70.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Installer
Version:
148.0.3967.70
Modules
Images
c:\program files (x86)\microsoft\edgeupdate\install\{0ce23c61-3d6a-4a37-9def-528816a4f198}\microsoftedge_x64_148.0.3967.70.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\shell32.dll
5168"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4yMzMuMyIgc2hlbGxfdmVyc2lvbj0iMS4zLjIzMy4zIiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezk2MTMwNDBGLTUzNTktNDExQy05OUY2LTE4MjZDQ0EyNzNCNX0iIHVzZXJpZD0ie0ZEOTg0NzM5LUExMjItNERCMC1CRTVCLTQ2RTNFMDlEODRFNH0iIGluc3RhbGxzb3VyY2U9ImxpbWl0ZWQiIHJlcXVlc3RpZD0iezFENzY0NUYyLUZFNTYtNDI4OC1BREE1LTk0NjE3QUM3RjMxNn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI2IiBwaHlzbWVtb3J5PSI2IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDUuNDA0NiIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJERUxMIiBwcm9kdWN0X25hbWU9IkRFTEwiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEzMy4wLjY5NDMuMTI3IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHQ0VCIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMTc2OCIgaW5zdGFsbGRhdGU9IjYyNjUiIGluc3RhbGxkYXRldGltZT0iMTYyNjQ0MTUxNiIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMTQ5MjQ0ODQ1Mjc0MDAwMCIgZmlyc3RfZnJlX3NlZW5fdGltZT0iMTMzMDU4MjU0OTI5OTcyMDEwIiBmaXJzdF9mcmVfc2Vlbl92ZXJzaW9uPSIxMDQuMC4xMjkzLjYzIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iODcxMTQ3NzUiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk1MzU2Mjc4NDMiLz48L2FwcD48L3JlcXVlc3Q-C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.233.3
Modules
Images
c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
Total events
19 369
Read events
15 784
Write events
3 475
Delete events
110

Modification events

(PID) Process:(7604) UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7604) UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7604) UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6628) MicrosoftEdgeUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe
Operation:writeName:DisableExceptionChainValidation
Value:
0
(PID) Process:(4708) MicrosoftEdgeUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}
Operation:delete keyName:(default)
Value:
(PID) Process:(4708) MicrosoftEdgeUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe
Operation:delete keyName:(default)
Value:
(PID) Process:(4708) MicrosoftEdgeUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MicrosoftEdgeUpdate.exe
Operation:writeName:AppID
Value:
{CECDDD22-2E72-4832-9606-A9B0E5E344B2}
(PID) Process:(4708) MicrosoftEdgeUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}
Operation:writeName:LocalService
Value:
edgeupdate
(PID) Process:(4708) MicrosoftEdgeUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}
Operation:writeName:ServiceParameters
Value:
/comsvc
(PID) Process:(4708) MicrosoftEdgeUpdate.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\edgeupdate
Operation:writeName:EventMessageFile
Value:
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.233.3\msedgeupdate.dll
Executable files
212
Suspicious files
7
Text files
8
Unknown types
6

Dropped files

PID
Process
Filename
Type
7604UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exeC:\ProgramData\UpSlide\Uninstall\{BB9427B5-04E8-4086-AB3A-7473EE1EB9D3}\_Setup.dllexecutable
MD5:16F716DDE4DD1524151AD8938D13F438
SHA256:56FA8C494D72E5A8D8340F4AD40C6F268B9FC8AA5834AFE17D5B2B60E58D99A7
7604UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exeC:\Users\admin\AppData\Local\Temp\B18CF8E2.datbinary
MD5:473D8B5BA9D392A9E858586D59498689
SHA256:DAD1E2BA312E50F9E689B47A515CC64FB4F1F7418AA9AB0A0C9EC1DE505AC5AB
7604UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exeC:\Users\admin\AppData\Local\Temp\TsuF3D83751.dllexecutable
MD5:BBCF39B98AC4C0494DE691C3D07964ED
SHA256:B733DFA5DE56AF6558075632A5AD481BFF5FF25B73BD041A221E9BD3CC0D0678
7604UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exeC:\Users\admin\AppData\Local\Temp\B18CF8E2\Setup.icoimage
MD5:BB9E23212CBA057E40B430B2E2C4359C
SHA256:1359F4EFED5F6A8C44C9658AC7F1D76970280E3D70F27D6627D4B4D7BD9621C0
7604UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exeC:\ProgramData\UpSlide\Tmp\MicrosoftEdgeWebview2Setup.exebinary
MD5:7D771A8DE0076F9FC5169CF1BA088586
SHA256:CB9B76A6DACE90F5D4635F2D49CBB55A62F41E5E365A22CEF4265C013AF0BCDD
4304MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EU8549.tmp\MicrosoftEdgeUpdate.exeexecutable
MD5:7A87637CC4D114EA49A30323FEB799F1
SHA256:A8FFAB0B134E177655DD255F9B05296BB5CA7C40C5C1A2157DB81FC68B350FFD
4304MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EU8549.tmp\msedgeupdate.dllexecutable
MD5:E747832AEA740BD6C91005B535988D1A
SHA256:55D5EF2974CED0FD55437597118BDED0B853C40BFECBEFA749625103045D9A08
4304MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EU8549.tmp\CopilotUpdate.exeexecutable
MD5:1406C7F9C207356AEDBD240615DF1683
SHA256:0C03D62ED2866A4E5ED96DD00DE03B2910C5468D4C1A006C05E9ECBD72DE657B
4304MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EU8549.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeexecutable
MD5:0320D105DBB1A068F800348DC15BF66F
SHA256:DDC661B958061D92DE9CCEF0988F0A724F066ADDBA8AECAA04F9FE489724505E
4304MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EU8549.tmp\MicrosoftEdgeUpdateBroker.exeexecutable
MD5:EBC76EBA204AEB0355D3A390FAB0B771
SHA256:40C22971750E0AE8FF9CB563AB6827DF799ED03308AF3067B996C1278A9A1CFB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
27
TCP/UDP connections
29
DNS requests
14
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7604
UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exe
GET
301
88.221.169.205:443
https://go.microsoft.com/fwlink/p/?LinkId=2124703
US
whitelisted
5276
MoUsoCoreWorker.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
6684
svchost.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
5276
MoUsoCoreWorker.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
6684
svchost.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
POST
500
48.192.1.65:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
US
xml
512 b
whitelisted
7604
UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exe
GET
301
23.52.181.212:443
https://go.microsoft.com/fwlink/p/?LinkId=2124703
US
7604
UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exe
GET
200
2.16.168.117:443
https://msedge.sf.dl.delivery.mp.microsoft.com/filestreamingservice/files/0bbb66e3-8f09-497b-a082-aedbdee906e2/MicrosoftEdgeWebview2Setup.exe
NL
executable
1.62 Mb
whitelisted
7604
UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exe
GET
200
23.48.23.49:443
https://msedge.sf.dl.delivery.mp.microsoft.com/filestreamingservice/files/0bbb66e3-8f09-497b-a082-aedbdee906e2/MicrosoftEdgeWebview2Setup.exe
US
1140
MicrosoftEdgeUpdate.exe
GET
200
150.171.22.17:443
https://config.edge.skype.com/config/v1/EdgeUpdate/1.3.233.3?clientId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&appChannel_edgeupdate=6&appConsentState_edgeupdate=0&appDayOfInstall_edgeupdate=0&appInactivityBadgeApplied_edgeupdate=0&appInactivityBadgeCleared_edgeupdate=0&appInactivityBadgeDuration_edgeupdate=0&appInstallTimeDiffSec_edgeupdate=0&appIsPinnedSystem_edgeupdate=false&appLastLaunchCount_edgeupdate=0&appLastLaunchTime_edgeupdate=0&appLastLaunchTimeJson_edgeupdate=0&appLastLaunchTimeDaysAgo_edgeupdate=0&appVersion_edgeupdate=1.3.233.3&appUpdateCheckIsUpdateDisabled_edgeupdate=false&appUpdatesAllowedForMeteredNetworks_edgeupdate=false&hwDiskType=2&hwHasSsse3=true&hwLogicalCpus=6&hwPhysmemory=6&isCTADevice=false&isMsftDomainJoined=false&oemProductManufacturer=DELL&oemProductName=DELL&osArch=x64&osIsDefaultNetworkConnectionMetered=false&osIsInLockdownMode=false&osIsWIP=false&osPlatform=win&osProductType=48&osVersion=10.0.19045.4046&requestCheckPeriodSec=-1&requestDomainJoined=false&requestInstallSource=otherinstallcmd&requestIsMachine=true&requestOmahaShellVersion=1.3.233.3&requestOmahaVersion=1.3.233.3
US
text
648 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
48.209.138.168:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
48.192.1.65:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
6684
svchost.exe
23.216.77.28:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5276
MoUsoCoreWorker.exe
23.216.77.28:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
6684
svchost.exe
23.52.181.212:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
5276
MoUsoCoreWorker.exe
23.52.181.212:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
57.153.246.3:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7604
UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exe
88.221.169.205:443
go.microsoft.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
activation-v2.sls.microsoft.com
  • 48.192.1.65
whitelisted
crl.microsoft.com
  • 23.216.77.28
  • 23.216.77.6
  • 184.24.77.23
  • 184.24.77.27
  • 184.24.77.40
  • 184.24.77.25
  • 184.24.77.38
  • 184.24.77.24
  • 184.24.77.36
  • 184.24.77.39
  • 184.24.77.28
whitelisted
www.microsoft.com
  • 23.52.181.212
  • 88.221.169.152
whitelisted
settings-win.data.microsoft.com
  • 57.153.246.3
whitelisted
google.com
  • 142.251.14.138
  • 142.251.14.102
  • 142.251.14.100
  • 142.251.14.101
  • 142.251.14.113
  • 142.251.14.139
whitelisted
go.microsoft.com
  • 88.221.169.205
whitelisted
msedge.sf.dl.delivery.mp.microsoft.com
  • 2.16.168.117
  • 2.16.168.116
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
msedge.api.cdp.microsoft.com
  • 74.179.71.159
whitelisted
msedge.f.tlu.dl.delivery.mp.microsoft.com
  • 92.223.97.79
whitelisted

Threats

PID
Process
Class
Message
Misc activity
ET INFO Packed Executable Download
7604
UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exe
Misc activity
ET INFO Packed Executable Download
1788
svchost.exe
Misc activity
ET INFO Packed Executable Download
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
UpSlide20for20ODDO20BHF20-20Wealth20Management20v6.9.22.1.exe