File name:

maintenancetool.exe

Full analysis: https://app.any.run/tasks/9880d082-c423-4301-ac22-540952608ea1
Verdict: Malicious activity
Analysis date: August 22, 2024, 02:12:26
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32+ executable (GUI) x86-64, for MS Windows
MD5:

D51D1D2718E3B9EB5651398E61D74327

SHA1:

296F84B6C276FE9E91651336DE83D3377FFA147B

SHA256:

9E894C2620D565949E0D71E181E780DDACCC5B0D2FD70EC674E913AC7549FDCF

SSDEEP:

98304:9Ap0k+ZEtzkBIDW3TFCdsnCDyXOJWvO1pD5i4By2moI3YxkTN1JItXiy+HDc:9w3dtDW30jygH7i4fI3YxkZqLy4

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 6836)

  • SUSPICIOUS

    • Drops the executable file immediately after the start

      • maintenancetool.exe (PID: 6664)
      • MicrosoftEdgeUpdate.exe (PID: 6836)
      • .tmpJd0g4N.exe (PID: 6780)

    • Process drops legitimate windows executable

      • maintenancetool.exe (PID: 6664)
      • .tmpJd0g4N.exe (PID: 6780)
      • MicrosoftEdgeUpdate.exe (PID: 6836)

    • Executable content was dropped or overwritten

      • MicrosoftEdgeUpdate.exe (PID: 6836)
      • maintenancetool.exe (PID: 6664)
      • .tmpJd0g4N.exe (PID: 6780)

    • Starts a Microsoft application from unusual location

      • .tmpJd0g4N.exe (PID: 6780)
      • MicrosoftEdgeUpdate.exe (PID: 6836)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 6836)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6960)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6932)
      • MicrosoftEdgeUpdate.exe (PID: 6908)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6988)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 6836)

    • Reads the date of Windows installation

      • MicrosoftEdgeUpdate.exe (PID: 6836)

    • Potential Corporate Privacy Violation

      • MicrosoftEdgeUpdate.exe (PID: 7120)

  • INFO

    • Checks supported languages

      • .tmpJd0g4N.exe (PID: 6780)
      • maintenancetool.exe (PID: 6664)
      • MicrosoftEdgeUpdate.exe (PID: 6836)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6960)
      • MicrosoftEdgeUpdate.exe (PID: 6908)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6932)
      • MicrosoftEdgeUpdate.exe (PID: 7076)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6988)
      • MicrosoftEdgeUpdate.exe (PID: 7020)
      • MicrosoftEdgeUpdate.exe (PID: 7120)

    • Reads the computer name

      • MicrosoftEdgeUpdate.exe (PID: 6836)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6960)
      • MicrosoftEdgeUpdate.exe (PID: 6908)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6932)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6988)
      • MicrosoftEdgeUpdate.exe (PID: 7020)
      • MicrosoftEdgeUpdate.exe (PID: 7076)
      • MicrosoftEdgeUpdate.exe (PID: 7120)
      • maintenancetool.exe (PID: 6664)

    • Create files in a temporary directory

      • maintenancetool.exe (PID: 6664)
      • .tmpJd0g4N.exe (PID: 6780)
      • MicrosoftEdgeUpdate.exe (PID: 7120)
      • MicrosoftEdgeUpdate.exe (PID: 6836)

    • Checks proxy server information

      • MicrosoftEdgeUpdate.exe (PID: 7020)
      • MicrosoftEdgeUpdate.exe (PID: 7120)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 7020)

    • Reads the software policy settings

      • MicrosoftEdgeUpdate.exe (PID: 7020)
      • MicrosoftEdgeUpdate.exe (PID: 7120)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 6836)

    • Creates files or folders in the user directory

      • MicrosoftEdgeUpdate.exe (PID: 6836)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2023:01:03 22:31:55+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.34
CodeSize: 3153408
InitializedDataSize: 7658496
UninitializedDataSize: -
EntryPoint: 0x2f9000
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 0.2.0.0
ProductVersionNumber: 0.2.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
ProductName: yuzu installer
ProductVersion: 0.2.0
OriginalFileName: yuzu_installer.exe
FileDescription: Interactive installer for yuzu
FileVersion: 0.2.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
139
Monitored processes
10
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start maintenancetool.exe .tmpjd0g4n.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe

Process information

PID
CMD
Path
Indicators
Parent process
6664"C:\Users\admin\AppData\Local\Temp\maintenancetool.exe" C:\Users\admin\AppData\Local\Temp\maintenancetool.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Interactive installer for yuzu
Version:
0.2.0
Modules
Images
c:\users\admin\appdata\local\temp\maintenancetool.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
6780"C:\Users\admin\AppData\Local\Temp\.tmpJd0g4N.exe" /installC:\Users\admin\AppData\Local\Temp\.tmpJd0g4N.exe
maintenancetool.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update Setup
Version:
1.3.171.37
Modules
Images
c:\users\admin\appdata\local\temp\.tmpjd0g4n.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6836C:\Users\admin\AppData\Local\Temp\EUFD58.tmp\MicrosoftEdgeUpdate.exe /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"C:\Users\admin\AppData\Local\Temp\EUFD58.tmp\MicrosoftEdgeUpdate.exe
.tmpJd0g4N.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Version:
1.3.171.37
Modules
Images
c:\users\admin\appdata\local\temp\eufd58.tmp\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
6908"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserverC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.171.37
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
6932"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.171.37
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.171.37\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
6960"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.171.37
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.171.37\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
6988"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.171.37
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.171.37\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
7020"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzciIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7QTZFRjNBRDQtRTM0OC00RjMxLTk3RUMtNDE1MzRCRTdCNjU2fSIgdXNlcmlkPSJ7MTZBN0Y5QTgtMjQ0Mi00RUJFLTg2MTEtMEI4QUQxM0Q2NjRFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDMkFEREI2Qy0xMjdELTRBRUYtQjg2OS1DMjBBMzA3ODYyMEJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjE3MS4zNyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTE4MDg4MTgwMzEiIGluc3RhbGxfdGltZV9tcz0iNzM0Ii8-PC9hcHA-PC9yZXF1ZXN0PgC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.171.37
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
7076"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=false" /installsource otherinstallcmd /sessionid "{A6EF3AD4-E348-4F31-97EC-41534BE7B656}"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Version:
1.3.171.37
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
7120"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" -EmbeddingC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Version:
1.3.171.37
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
Total events
8 011
Read events
6 511
Write events
1 466
Delete events
34

Modification events

(PID) Process:(6836) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(6836) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:path
Value:
C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(PID) Process:(6836) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:UninstallCmdLine
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /uninstall
(PID) Process:(6836) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.171.37
(PID) Process:(6836) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:name
Value:
Microsoft Edge Update
(PID) Process:(6836) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.171.37
(PID) Process:(6836) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Microsoft Edge Update
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\MicrosoftEdgeUpdateCore.exe"
(PID) Process:(6836) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:edgeupdate_task_name_c
Value:
MicrosoftEdgeUpdateTaskUserS-1-5-21-1693682860-607145093-2874071422-1001Core{3B5CBD06-1A19-4068-B2C5-5D74F03FC46C}
(PID) Process:(6836) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:edgeupdate_task_name_ua
Value:
MicrosoftEdgeUpdateTaskUserS-1-5-21-1693682860-607145093-2874071422-1001UA{5DD5EE00-5FB1-4E74-9337-5E0F3D349416}
(PID) Process:(6932) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
Executable files
202
Suspicious files
1
Text files
3
Unknown types
1

Dropped files

PID
Process
Filename
Type
6664maintenancetool.exeC:\Users\admin\AppData\Local\Temp\.tmpJd0g4N.exeexecutable
MD5:BEF60694A28373CD20F5DEBF8C938AA1
SHA256:0CDD5825454130A82FDD7F4EA9F406524B886A6A550BE49E39B4D9BB2890D83D
6780.tmpJd0g4N.exeC:\Users\admin\AppData\Local\Temp\EUFD58.tmp\psmachine_64.dllexecutable
MD5:7A1F8F4164FC77237CA3C9E2CF76E304
SHA256:703205743078DD8CAB2E3C6CB7F613459ED4E3B74FB7141F07C7DC9DFE817EFD
6780.tmpJd0g4N.exeC:\Users\admin\AppData\Local\Temp\EUFD58.tmp\psmachine.dllexecutable
MD5:C08639CC6D20452019376FF85BBB4CBE
SHA256:6969DB199E8BC68BFD39123D9A24A77CC511FD0BE436A3ADB22E6535B8763EC0
6780.tmpJd0g4N.exeC:\Users\admin\AppData\Local\Temp\EUFD58.tmp\psmachine_arm64.dllexecutable
MD5:219CF6E720643CD3A5F59A9D87FAF8D7
SHA256:0736A1E966BC5D104747D4636215B8954229BED9742DC1F0FC60D76621102AE8
6780.tmpJd0g4N.exeC:\Users\admin\AppData\Local\Temp\EUFD58.tmp\MicrosoftEdgeUpdateCore.exeexecutable
MD5:A3EDE53F7EF455E5F6692F46D1B6C694
SHA256:598A8A594937CDFFB664C84FFBC83592687A1E92C884E88C71DA591BD7429609
6780.tmpJd0g4N.exeC:\Users\admin\AppData\Local\Temp\EUFD58.tmp\psuser.dllexecutable
MD5:F879368FDE4965C1FEA00A0DF1F481A7
SHA256:61758B419713608CBDDD218DECD317CD655CCB90B04622C9D09B699EFBB2A417
6780.tmpJd0g4N.exeC:\Users\admin\AppData\Local\Temp\EUFD58.tmp\MicrosoftEdgeUpdate.exeexecutable
MD5:05A73EF9CDAE8D3783E99FEA3D3E9841
SHA256:981AC233A928A5E68EC9B269EE059996E09396DDA7205D41D0F283BDA24A7941
6780.tmpJd0g4N.exeC:\Users\admin\AppData\Local\Temp\EUFD58.tmp\MicrosoftEdgeComRegisterShellARM64.exeexecutable
MD5:F5123F139892BE31DEAB7D210A15EF4F
SHA256:691436E3FAC197330B10D3EF9866BA9D1BD86E7F5EE731F138ADD7695120EFD3
6780.tmpJd0g4N.exeC:\Users\admin\AppData\Local\Temp\EUFD58.tmp\msedgeupdateres_bn.dllexecutable
MD5:50FEAE66730D0A430E90D36FC9662ADF
SHA256:3772F79632710288DE0D6FCD95529C67B4727639CC93EABDC5649BACED807E9D
6780.tmpJd0g4N.exeC:\Users\admin\AppData\Local\Temp\EUFD58.tmp\NOTICE.TXTtext
MD5:6DD5BF0743F2366A0BDD37E302783BCD
SHA256:91D3FC490565DED7621FF5198960E501B6DB857D5DD45AF2FE7C3ECD141145F5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
29
DNS requests
19
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7120
MicrosoftEdgeUpdate.exe
GET
199.232.210.172:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/8b0b3233-daaf-48b9-aa04-b34ba9e42980?P1=1724897564&P2=404&P3=2&P4=LZVe%2fpd2LEMjT0l9JNS%2bMfzcp3Gtc6j8UZzIb5e%2fVdJnOIgK0GTbBgBDHw4ndl%2fwt4DMiEqd188Q0r8cEsobyw%3d%3d
unknown
whitelisted
5244
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
1132
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
2360
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
192.168.100.255:138
whitelisted
240
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2120
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4296
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
7020
MicrosoftEdgeUpdate.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7120
MicrosoftEdgeUpdate.exe
13.67.191.143:443
msedge.api.cdp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
7120
MicrosoftEdgeUpdate.exe
199.232.210.172:80
msedge.f.tlu.dl.delivery.mp.microsoft.com
FASTLY
US
unknown
2120
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
3260
svchost.exe
40.115.3.253:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2360
svchost.exe
40.126.31.69:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 40.127.240.158
  • 4.231.128.59
whitelisted
google.com
  • 142.250.184.206
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
msedge.api.cdp.microsoft.com
  • 13.67.191.143
whitelisted
msedge.f.tlu.dl.delivery.mp.microsoft.com
  • 199.232.210.172
  • 199.232.214.172
whitelisted
client.wns.windows.com
  • 40.115.3.253
whitelisted
login.live.com
  • 40.126.31.69
  • 20.190.159.73
  • 20.190.159.75
  • 20.190.159.4
  • 20.190.159.2
  • 40.126.31.71
  • 20.190.159.68
  • 40.126.31.73
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
arc.msn.com
  • 20.74.47.205
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted

Threats

PID
Process
Class
Message
7120
MicrosoftEdgeUpdate.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
maintenancetool.exe