Malware analysis MicrosoftEdgeSetup.exe Malicious activity

Add for printing

File name:	MicrosoftEdgeSetup.exe
Full analysis:	https://app.any.run/tasks/0c9ed50a-c1a6-406b-b5fa-c3dfa12f8058
Verdict:	Malicious activity
Analysis date:	July 18, 2024, 12:56:13
OS:	Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows
MD5:	1C4A0ABD5C6D501A6964E65A0AD3C924
SHA1:	4D43C443FC747927F10CC9F5A97C7B815C87B910
SHA256:	9EE508D6E739C6DEF5E6296E2BCA699230152EA288FBC905E0CC41A7B9D82156
SSDEEP:	49152:STKFeRrDnX1sf/R3bG7XIlh/ABX3omDzwgNdFytxmtjBb3Cu8nKkFohZqGW0QPWn:SRRrDnX1sfZ3bG7XILYBnvg2jl3b8KkK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (122.0.6261.70)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (122.0.2365.59)
Microsoft Edge Update (1.3.185.17)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (123.0)
Mozilla Maintenance Service (123.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Skype version 8.104 (8.104)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - MicrosoftEdgeUpdateSetup.exe (PID: 7580)
  - MicrosoftEdgeSetup.exe (PID: 5272)
SUSPICIOUS
- Process drops legitimate windows executable
  - MicrosoftEdgeSetup.exe (PID: 5272)
  - MicrosoftEdgeUpdateSetup.exe (PID: 7580)
  - MicrosoftEdgeUpdate.exe (PID: 8052)
- Executable content was dropped or overwritten
  - MicrosoftEdgeSetup.exe (PID: 5272)
  - MicrosoftEdgeUpdateSetup.exe (PID: 7580)
- Starts a Microsoft application from unusual location
  - MicrosoftEdgeUpdate.exe (PID: 7900)
  - MicrosoftEdgeSetup.exe (PID: 5272)
  - MicrosoftEdgeUpdate.exe (PID: 8052)
  - MicrosoftEdgeUpdateSetup.exe (PID: 7580)
- Reads the date of Windows installation
  - MicrosoftEdgeUpdate.exe (PID: 7900)
  - MicrosoftEdgeUpdate.exe (PID: 8052)
- Reads security settings of Internet Explorer
  - MicrosoftEdgeUpdate.exe (PID: 7900)
  - MicrosoftEdgeUpdate.exe (PID: 8052)
- Disables SEHOP
  - MicrosoftEdgeUpdate.exe (PID: 8052)
- Creates a software uninstall entry
  - MicrosoftEdgeUpdate.exe (PID: 8052)
INFO
- Checks supported languages
  - MicrosoftEdgeSetup.exe (PID: 5272)
  - MicrosoftEdgeUpdate.exe (PID: 7900)
  - MicrosoftEdgeUpdateSetup.exe (PID: 7580)
  - MicrosoftEdgeUpdate.exe (PID: 8052)
- Create files in a temporary directory
  - MicrosoftEdgeUpdate.exe (PID: 7900)
  - MicrosoftEdgeSetup.exe (PID: 5272)
- Reads the computer name
  - MicrosoftEdgeUpdate.exe (PID: 7900)
  - MicrosoftEdgeUpdate.exe (PID: 8052)
- Creates files in the program directory
  - MicrosoftEdgeUpdateSetup.exe (PID: 7580)
- Checks proxy server information
  - MicrosoftEdgeUpdate.exe (PID: 8052)
- Reads Environment values
  - MicrosoftEdgeUpdate.exe (PID: 8052)
- Reads the software policy settings
  - MicrosoftEdgeUpdate.exe (PID: 8052)
- Process checks computer location settings
  - MicrosoftEdgeUpdate.exe (PID: 8052)
  - MicrosoftEdgeUpdate.exe (PID: 7900)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win64 Executable (generic) (76.4)
.exe	\|	Win32 Executable (generic) (12.4)
.exe	\|	Generic Win/DOS Executable (5.5)
.exe	\|	DOS Executable Generic (5.5)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2024:07:03 17:47:25+00:00
ImageFileCharacteristics:	Executable, 32-bit
PEType:	PE32
LinkerVersion:	14.31
CodeSize:	110592
InitializedDataSize:	1523200
UninitializedDataSize:	-
EntryPoint:	0x83f0
OSVersion:	5.1
ImageVersion:	-
SubsystemVersion:	5.1
Subsystem:	Windows GUI
FileVersionNumber:	1.3.193.5
ProductVersionNumber:	1.3.193.5
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Windows NT 32-bit
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	English (U.S.)
CharacterSet:	Unicode
CompanyName:	Microsoft Corporation
FileDescription:	Microsoft Edge Update Setup
FileVersion:	1.3.193.5
InternalName:	Microsoft Edge Update Setup
LegalCopyright:	Copyright Microsoft Corporation
OriginalFileName:	MicrosoftEdgeUpdateSetup.exe
ProductName:	Microsoft Edge Update
ProductVersion:	1.3.193.5
UpstreamVersion:	1.3.99.0
LanguageId:	en

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

122

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

5272

"C:\Users\admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe"

C:\Users\admin\AppData\Local\Temp\MicrosoftEdgeSetup.exe

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge Update Setup

Version:

1.3.193.5

Modules

Images
c:\users\admin\appdata\local\temp\microsoftedgesetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll

7580

"C:\Users\admin\AppData\Local\Temp\EUA1FB.tmp\MicrosoftEdgeUpdateSetup.exe" /installsource taggedmi /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&usagestats=0" /installelevated /nomitag

C:\Users\admin\AppData\Local\Temp\EUA1FB.tmp\MicrosoftEdgeUpdateSetup.exe

MicrosoftEdgeUpdate.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Microsoft Edge Update Setup

Version:

1.3.193.5

Modules

Images
c:\users\admin\appdata\local\temp\eua1fb.tmp\microsoftedgeupdatesetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll

7900

C:\Users\admin\AppData\Local\Temp\EUA1FB.tmp\MicrosoftEdgeUpdate.exe /installsource taggedmi /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&usagestats=0"

C:\Users\admin\AppData\Local\Temp\EUA1FB.tmp\MicrosoftEdgeUpdate.exe

—

MicrosoftEdgeSetup.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge Update

Version:

1.3.193.5

Modules

Images
c:\users\admin\appdata\local\temp\eua1fb.tmp\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll

7976

C:\WINDOWS\System32\slui.exe -Embedding

C:\Windows\System32\slui.exe

—

svchost.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Activation Client

Exit code:

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll

8052

"C:\Program Files (x86)\Microsoft\Temp\EUADB3.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}&appname=Microsoft%20Edge&needsadmin=prefers&usagestats=0" /installelevated

C:\Program Files (x86)\Microsoft\Temp\EUADB3.tmp\MicrosoftEdgeUpdate.exe

MicrosoftEdgeUpdateSetup.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Microsoft Edge Update

Version:

1.3.193.5

Modules

Images
c:\program files (x86)\microsoft\temp\euadb3.tmp\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll

Add for printing

Total events

5 762

Read events

5 731

Write events

Delete events

Modification events


(PID) Process:	(8052) MicrosoftEdgeUpdate.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:	write	Name:	consentcommunicated
Value: 0
(PID) Process:	(8052) MicrosoftEdgeUpdate.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:	write	Name:	usagestats
Value: 0
(PID) Process:	(8052) MicrosoftEdgeUpdate.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:	write	Name:	urlstats
Value: 0
(PID) Process:	(8052) MicrosoftEdgeUpdate.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:	delete value	Name:	usagestats
Value:
(PID) Process:	(8052) MicrosoftEdgeUpdate.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:	delete value	Name:	urlstats
Value:
(PID) Process:	(8052) MicrosoftEdgeUpdate.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate
Operation:	delete value	Name:	eulaaccepted
Value:
(PID) Process:	(8052) MicrosoftEdgeUpdate.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate
Operation:	write	Name:	path
Value: C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(PID) Process:	(8052) MicrosoftEdgeUpdate.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate
Operation:	write	Name:	UninstallCmdLine
Value: "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /uninstall
(PID) Process:	(8052) MicrosoftEdgeUpdate.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:	write	Name:	pv
Value: 1.3.193.5
(PID) Process:	(8052) MicrosoftEdgeUpdate.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:	write	Name:	name
Value: Microsoft Edge Update

Add for printing

Executable files

300

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
5272	MicrosoftEdgeSetup.exe	C:\Users\admin\AppData\Local\Temp\EUA1FB.tmp\MicrosoftEdgeComRegisterShellARM64.exe		executable
		MD5:5679308B2E276BD371798AC8D579B1F9	SHA256:C9AEF2D24F1C77A366B327B869E4103ED8276EA83B2B40942718CC134A1E122F
5272	MicrosoftEdgeSetup.exe	C:\Users\admin\AppData\Local\Temp\EUA1FB.tmp\psuser_64.dll		executable
		MD5:A89808BFD9091ED531EA5F5C5C2FC232	SHA256:D801F2ABD497EF3B03A32B1FA06B397C81CBA71BE7A5C6FBDB183D922E237924
5272	MicrosoftEdgeSetup.exe	C:\Users\admin\AppData\Local\Temp\EUA1FB.tmp\NOTICE.TXT		text
		MD5:6DD5BF0743F2366A0BDD37E302783BCD	SHA256:91D3FC490565DED7621FF5198960E501B6DB857D5DD45AF2FE7C3ECD141145F5
5272	MicrosoftEdgeSetup.exe	C:\Users\admin\AppData\Local\Temp\EUA1FB.tmp\psuser_arm64.dll		executable
		MD5:3B226A2484899AFA6DE93A82D9FBCC4F	SHA256:6D64BDADFF5F3216753E737D4E19A09A00B19D80403172675041E903EA5C2DF4
5272	MicrosoftEdgeSetup.exe	C:\Users\admin\AppData\Local\Temp\EUA1FB.tmp\psmachine_64.dll		executable
		MD5:447D4FD7B37ABB43501AA13F7FD25750	SHA256:3A84348804AEFBE6172F53EAFBE0D87D29DC6F42EA050E68F1D31385384BD72C
5272	MicrosoftEdgeSetup.exe	C:\Users\admin\AppData\Local\Temp\EUA1FB.tmp\MicrosoftEdgeUpdateBroker.exe		executable
		MD5:4E1BED27BAFAA6F0A9B6B6B1481A76AE	SHA256:868D178EF15F87DF290A4D06DBD7B72F3A1B6E0F2C680D67045AD6051C7DC1E6
5272	MicrosoftEdgeSetup.exe	C:\Users\admin\AppData\Local\Temp\EUA1FB.tmp\MicrosoftEdgeUpdate.exe		executable
		MD5:090901EBEFC233CC46D016AF98BE6D53	SHA256:7864BB95EB14E0AE1C249759CB44AD746E448007563B7430911755CF17EA5A77
5272	MicrosoftEdgeSetup.exe	C:\Users\admin\AppData\Local\Temp\EUA1FB.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe		executable
		MD5:8428E306E866FE7972F05B6BE814C1CF	SHA256:855E2F2FAB4968261704CAB9BAE294FB7EC8B9C26E4D1708E29E26C454C7B0AF
5272	MicrosoftEdgeSetup.exe	C:\Users\admin\AppData\Local\Temp\EUA1FB.tmp\MicrosoftEdgeUpdateOnDemand.exe		executable
		MD5:1ECF8A13497BBC34FC1CF2C7C2DAC9B0	SHA256:8BC7B53FFF82E9BE925BD28FE4F093039CAE5990F203B2EDB4F3C072408412F6
5272	MicrosoftEdgeSetup.exe	C:\Users\admin\AppData\Local\Temp\EUA1FB.tmp\msedgeupdateres_ar.dll		executable
		MD5:61C48F913B2502E56168CDF475D4766A	SHA256:8FD703A50D9CB19E9249CF4A4409DA71104C6A16475B9725306CD13C260CEFD1

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

No HTTP requests

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4716	svchost.exe	20.190.159.68:443	login.live.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	unknown
5460	backgroundTaskHost.exe	20.223.36.55:443	fd.api.iris.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	unknown
4032	svchost.exe	239.255.255.250:1900	—	—	—	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
7856	svchost.exe	4.209.32.67:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	US	unknown
2760	svchost.exe	40.113.110.67:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
8052	MicrosoftEdgeUpdate.exe	13.107.42.16:443	config.edge.skype.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
3352	slui.exe	20.83.72.98:443	activation-v2.sls.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
4716	svchost.exe	20.190.159.0:443	login.live.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	unknown
4	System	192.168.100.255:137	—	—	—	whitelisted

DNS requests

Domain	IP	Reputation
login.live.com	20.190.159.68 20.190.159.0 40.126.31.67 40.126.31.71 20.190.159.64 20.190.159.4 20.190.159.23 20.190.159.2	whitelisted
google.com	172.217.18.14	whitelisted
fd.api.iris.microsoft.com	20.223.36.55	whitelisted
config.edge.skype.com	13.107.42.16	whitelisted
activation-v2.sls.microsoft.com	20.83.72.98	whitelisted
licensing.mp.microsoft.com	4.209.32.198	whitelisted

Threats

No threats detected

Add for printing

No debug info

General Info

MicrosoftEdgeSetup.exe

1C4A0ABD5C6D501A6964E65A0AD3C924

4D43C443FC747927F10CC9F5A97C7B815C87B910

9EE508D6E739C6DEF5E6296E2BCA699230152EA288FBC905E0CC41A7B9D82156

49152:STKFeRrDnX1sf/R3bG7XIlh/ABX3omDzwgNdFytxmtjBb3Cu8nKkFohZqGW0QPWn:SRRrDnX1sfZ3bG7XILYBnvg2jl3b8KkK

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

SUSPICIOUS

Process drops legitimate windows executable

Executable content was dropped or overwritten

Starts a Microsoft application from unusual location

Reads the date of Windows installation

Reads security settings of Internet Explorer

Disables SEHOP

Creates a software uninstall entry

INFO

Checks supported languages

Create files in a temporary directory

Reads the computer name

Creates files in the program directory

Checks proxy server information

Reads Environment values

Reads the software policy settings

Process checks computer location settings

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings