File name:

windsurf-tools-wails.exe

Full analysis: https://app.any.run/tasks/2e1db358-4626-48c5-9491-5ac4284b4253
Verdict: Malicious activity
Analysis date: May 20, 2026, 14:30:34
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
golang
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 9 sections
MD5:

B2F5251614878B3FBC1B4B326DF08052

SHA1:

E81DEEECF5A268F6788EEB5357D70A46B8BCB063

SHA256:

012F5263048DA6BEAA60F00783C4A552329051D59AC08E8C932E603FEEC8CFC0

SSDEEP:

98304:O/Dpr86BqLLZywgLFjDYaOhThY4g/p0cdOQ4llbIVLLghBQlsnOMSno41PIN6rZh:itVi2Etun9Onsv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • MicrosoftEdgeWebview2Setup.exe (PID: 6844)
      • MicrosoftEdgeUpdate.exe (PID: 2032)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7920)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7928)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6140)
      • setup.exe (PID: 3276)
      • MicrosoftEdge_X64_148.0.3967.70.exe (PID: 2828)
      • msedgewebview2.exe (PID: 736)
      • msedgewebview2.exe (PID: 6212)
      • msedgewebview2.exe (PID: 1656)
      • msedgewebview2.exe (PID: 6404)
      • msedgewebview2.exe (PID: 5548)
      • msedgewebview2.exe (PID: 7892)

    • Scans artifacts that could help determine the target

      • msedgewebview2.exe (PID: 736)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • windsurf-tools-wails.exe (PID: 7804)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6844)
      • MicrosoftEdge_X64_148.0.3967.70.exe (PID: 2828)
      • setup.exe (PID: 3276)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 6844)
      • MicrosoftEdgeUpdate.exe (PID: 2032)

    • Disables SEHOP

      • MicrosoftEdgeUpdate.exe (PID: 2032)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 2032)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7928)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6140)
      • MicrosoftEdgeUpdate.exe (PID: 1140)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7920)

    • Executes as Windows Service

      • MicrosoftEdgeUpdate.exe (PID: 4916)

    • Application launched itself

      • MicrosoftEdgeUpdate.exe (PID: 4916)
      • msedgewebview2.exe (PID: 736)

    • Searches for installed software

      • setup.exe (PID: 3276)

  • INFO

    • Checks supported languages

      • windsurf-tools-wails.exe (PID: 7804)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6844)
      • MicrosoftEdgeUpdate.exe (PID: 2032)
      • MicrosoftEdgeUpdate.exe (PID: 1152)
      • MicrosoftEdgeUpdate.exe (PID: 1140)
      • MicrosoftEdgeUpdate.exe (PID: 4236)
      • MicrosoftEdgeUpdate.exe (PID: 7888)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7920)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7928)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6140)
      • MicrosoftEdgeUpdate.exe (PID: 3420)
      • MicrosoftEdgeUpdate.exe (PID: 4916)
      • MicrosoftEdge_X64_148.0.3967.70.exe (PID: 2828)
      • setup.exe (PID: 3276)
      • MicrosoftEdgeUpdate.exe (PID: 7300)
      • msedgewebview2.exe (PID: 736)
      • msedgewebview2.exe (PID: 6212)
      • msedgewebview2.exe (PID: 6404)
      • msedgewebview2.exe (PID: 1656)
      • msedgewebview2.exe (PID: 5548)
      • msedgewebview2.exe (PID: 7892)

    • Reads Environment values

      • windsurf-tools-wails.exe (PID: 7804)
      • MicrosoftEdgeUpdate.exe (PID: 4236)
      • MicrosoftEdgeUpdate.exe (PID: 3420)
      • MicrosoftEdgeUpdate.exe (PID: 7300)

    • Detects GO elliptic curve encryption (YARA)

      • windsurf-tools-wails.exe (PID: 7804)

    • There is functionality for taking screenshot (YARA)

      • windsurf-tools-wails.exe (PID: 7804)

    • Application based on Golang

      • windsurf-tools-wails.exe (PID: 7804)

    • Reads the computer name

      • windsurf-tools-wails.exe (PID: 7804)
      • MicrosoftEdgeUpdate.exe (PID: 2032)
      • MicrosoftEdgeUpdate.exe (PID: 1152)
      • MicrosoftEdgeUpdate.exe (PID: 4236)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7920)
      • MicrosoftEdgeUpdate.exe (PID: 1140)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7928)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6140)
      • MicrosoftEdgeUpdate.exe (PID: 7888)
      • MicrosoftEdgeUpdate.exe (PID: 4916)
      • MicrosoftEdgeUpdate.exe (PID: 3420)
      • setup.exe (PID: 3276)
      • MicrosoftEdge_X64_148.0.3967.70.exe (PID: 2828)
      • MicrosoftEdgeUpdate.exe (PID: 7300)
      • msedgewebview2.exe (PID: 736)
      • msedgewebview2.exe (PID: 6404)
      • msedgewebview2.exe (PID: 1656)

    • The sample compiled with english language support

      • windsurf-tools-wails.exe (PID: 7804)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6844)
      • MicrosoftEdgeUpdate.exe (PID: 2032)
      • MicrosoftEdge_X64_148.0.3967.70.exe (PID: 2828)
      • setup.exe (PID: 3276)

    • Reads the machine GUID from the registry

      • windsurf-tools-wails.exe (PID: 7804)
      • msedgewebview2.exe (PID: 736)

    • Create files in a temporary directory

      • windsurf-tools-wails.exe (PID: 7804)
      • MicrosoftEdgeUpdate.exe (PID: 2032)
      • msedgewebview2.exe (PID: 736)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 2032)
      • msedgewebview2.exe (PID: 736)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 2032)
      • setup.exe (PID: 3276)
      • msedgewebview2.exe (PID: 736)
      • msedgewebview2.exe (PID: 7892)

    • Creates files or folders in the user directory

      • msedgewebview2.exe (PID: 736)
      • msedgewebview2.exe (PID: 6212)
      • msedgewebview2.exe (PID: 6404)

    • Reads CPU info

      • msedgewebview2.exe (PID: 736)

    • Creates a software uninstall entry

      • setup.exe (PID: 3276)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 0000:00:00 00:00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 3
CodeSize: 7840256
InitializedDataSize: 1127936
UninitializedDataSize: -
EntryPoint: 0x8cd00
OSVersion: 6.1
ImageVersion: 1
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 1.9.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: Windsurf 号池 · MITM 代理 · 切号工具
CompanyName: windsurf-tools-wails
FileDescription: Windsurf Tools
LegalCopyright: Copyright © 2025 shaoyu521
ProductName: Windsurf Tools
ProductVersion: 1.9.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
159
Monitored processes
23
Malicious processes
6
Suspicious processes
10

Behavior graph

Click at the process to see the details
start windsurf-tools-wails.exe slui.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe microsoftedge_x64_148.0.3967.70.exe setup.exe microsoftedgeupdate.exe msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs windsurf-tools-wails.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
736"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\148.0.3967.70\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=windsurf-tools-wails.exe --webview-exe-version=1.9.0 --user-data-dir="C:\Users\admin\AppData\Roaming\windsurf-tools-wails.exe\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msSmartScreenProtection --mojo-named-platform-channel-pipe=7804.7712.2092592118137810951C:\Program Files (x86)\Microsoft\EdgeWebView\Application\148.0.3967.70\msedgewebview2.exe
windsurf-tools-wails.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
148.0.3967.70
Modules
Images
c:\program files (x86)\microsoft\edgewebview\application\148.0.3967.70\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edgewebview\application\148.0.3967.70\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\version.dll
1140"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserverC:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.233.3
Modules
Images
c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
1152"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvcC:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.233.3
Modules
Images
c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
1656"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\148.0.3967.70\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Roaming\windsurf-tools-wails.exe\EBWebView" --webview-exe-name=windsurf-tools-wails.exe --webview-exe-version=1.9.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --startup-read-main-dll --metrics-shmem-handle=1744,i,2282879363040837097,6766700593757038126,262144 --field-trial-handle=1912,i,16768984634082626659,11128900208115135169,262144 --disable-features=msSmartScreenProtection --variations-seed-version --pseudonymization-salt-handle=1916,i,4560619891773265761,2466146212011790552,4 --trace-process-track-uuid=3190708988185955192 --mojo-platform-channel-handle=1908 /prefetch:2C:\Program Files (x86)\Microsoft\EdgeWebView\Application\148.0.3967.70\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
148.0.3967.70
Modules
Images
c:\program files (x86)\microsoft\edgewebview\application\148.0.3967.70\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edgewebview\application\148.0.3967.70\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
2032"C:\Program Files (x86)\Microsoft\Temp\EUE0F5.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"C:\Program Files (x86)\Microsoft\Temp\EUE0F5.tmp\MicrosoftEdgeUpdate.exeMicrosoftEdgeWebview2Setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.233.3
Modules
Images
c:\program files (x86)\microsoft\temp\eue0f5.tmp\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
2828"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9679B7D-9CE9-48BC-BEDD-06447E38E2AB}\MicrosoftEdge_X64_148.0.3967.70.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-levelC:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9679B7D-9CE9-48BC-BEDD-06447E38E2AB}\MicrosoftEdge_X64_148.0.3967.70.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Installer
Exit code:
0
Version:
148.0.3967.70
Modules
Images
c:\program files (x86)\microsoft\edgeupdate\install\{e9679b7d-9ce9-48bc-bedd-06447e38e2ab}\microsoftedge_x64_148.0.3967.70.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\shell32.dll
3276"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9679B7D-9CE9-48BC-BEDD-06447E38E2AB}\EDGEMITMP_531B2.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9679B7D-9CE9-48BC-BEDD-06447E38E2AB}\MicrosoftEdge_X64_148.0.3967.70.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-levelC:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{E9679B7D-9CE9-48BC-BEDD-06447E38E2AB}\EDGEMITMP_531B2.tmp\setup.exe
MicrosoftEdge_X64_148.0.3967.70.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Installer
Exit code:
0
Version:
148.0.3967.70
Modules
Images
c:\program files (x86)\microsoft\edgeupdate\install\{e9679b7d-9ce9-48bc-bedd-06447e38e2ab}\edgemitmp_531b2.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
3420"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4yMzMuMyIgc2hlbGxfdmVyc2lvbj0iMS4zLjIzMy4zIiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezUzQjMzQkQ0LUM3ODMtNDE0NS1CNUVGLTE3REVERkQzQjlGNH0iIHVzZXJpZD0ie0ZEOTg0NzM5LUExMjItNERCMC1CRTVCLTQ2RTNFMDlEODRFNH0iIGluc3RhbGxzb3VyY2U9ImxpbWl0ZWQiIHJlcXVlc3RpZD0iezE4NURGMERDLUZDOEQtNERCMC1CMjc3LTAyMkZENUNBN0RDMn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI2IiBwaHlzbWVtb3J5PSI2IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDUuNDA0NiIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJERUxMIiBwcm9kdWN0X25hbWU9IkRFTEwiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEzMy4wLjY5NDMuMTI3IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHQ0VCIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMTc2OSIgaW5zdGFsbGRhdGU9IjYyNjUiIGluc3RhbGxkYXRldGltZT0iMTYyNjQ0MTUxNiIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMTQ5MjQ0ODQ1Mjc0MDAwMCIgZmlyc3RfZnJlX3NlZW5fdGltZT0iMTMzMDU4MjU0OTI5OTcyMDEwIiBmaXJzdF9mcmVfc2Vlbl92ZXJzaW9uPSIxMDQuMC4xMjkzLjYzIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iODcxMTQ3NzUiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk3NzEyMDg4MzUiLz48L2FwcD48L3JlcXVlc3Q-C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.233.3
Modules
Images
c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
4236"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4yMzMuMyIgc2hlbGxfdmVyc2lvbj0iMS4zLjIzMy4zIiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezUzQjMzQkQ0LUM3ODMtNDE0NS1CNUVGLTE3REVERkQzQjlGNH0iIHVzZXJpZD0ie0ZEOTg0NzM5LUExMjItNERCMC1CRTVCLTQ2RTNFMDlEODRFNH0iIGluc3RhbGxzb3VyY2U9InRhZ2dlZG1pIiByZXF1ZXN0aWQ9Ins0NjgzRDIxQy1DM0I3LTRENkUtOUQ4MC04RkE1Q0U2OTRBQzF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNiIgcGh5c21lbW9yeT0iNiIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjQzIiBuZXh0dmVyc2lvbj0iMS4zLjIzMy4zIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NzY1ODk2MzY2IiBpbnN0YWxsX3RpbWVfbXM9Ijc1MCIvPjwvYXBwPjwvcmVxdWVzdD4C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.233.3
Modules
Images
c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
4916"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svcC:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.233.3
Modules
Images
c:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
Total events
26 824
Read events
24 708
Write events
1 991
Delete events
125

Modification events

(PID) Process:(6988) slui.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\3d\52C64B7E
Operation:writeName:@%SystemRoot%\System32\sppcomapi.dll,-3200
Value:
Software Licensing
(PID) Process:(6140) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32
Operation:delete keyName:(default)
Value:
(PID) Process:(6140) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}
Operation:delete keyName:(default)
Value:
(PID) Process:(6140) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(6140) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32
Operation:delete keyName:(default)
Value:
(PID) Process:(6140) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}
Operation:delete keyName:(default)
Value:
(PID) Process:(6140) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(6140) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DF7EDA8-24D7-4C93-AD01-5170BFAE5859}\InprocHandler32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(6140) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34EAF827-6C36-4CEF-8A9C-7C9842355641}\InProcServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(1140) MicrosoftEdgeUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32
Operation:delete keyName:(default)
Value:
Executable files
210
Suspicious files
69
Text files
64
Unknown types
0

Dropped files

PID
Process
Filename
Type
6844MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EUE0F5.tmp\MicrosoftEdgeUpdate.exeexecutable
MD5:7A87637CC4D114EA49A30323FEB799F1
SHA256:A8FFAB0B134E177655DD255F9B05296BB5CA7C40C5C1A2157DB81FC68B350FFD
7804windsurf-tools-wails.exeC:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exeexecutable
MD5:7D771A8DE0076F9FC5169CF1BA088586
SHA256:CB9B76A6DACE90F5D4635F2D49CBB55A62F41E5E365A22CEF4265C013AF0BCDD
6844MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EUE0F5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeexecutable
MD5:0320D105DBB1A068F800348DC15BF66F
SHA256:DDC661B958061D92DE9CCEF0988F0A724F066ADDBA8AECAA04F9FE489724505E
6844MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EUE0F5.tmp\MicrosoftEdgeUpdateOnDemand.exeexecutable
MD5:55645D2E0C61C84F70108A048563FE78
SHA256:B67D07287E8ACEEC195CB0C78F4C5338AF3DB1355E9CA19A3D2472627B34FC44
6844MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EUE0F5.tmp\psmachine.dllexecutable
MD5:AFEB8ECB2BDF37786FC589D2C89AD503
SHA256:4FFE3088F42A611DB61035A92B4E71B7CEF2CF9D3DFD8896B50AC72E4AE61820
6844MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EUE0F5.tmp\msedgeupdateres_bg.dllexecutable
MD5:54B13DDFBCD82946200167DD6CF0EE76
SHA256:BF5789D23EE7321A7ED716974EAA365EB0F8658D7A7F5D45EEA663A094CD8624
6844MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EUE0F5.tmp\MicrosoftEdgeComRegisterShellARM64.exeexecutable
MD5:60E089B5EBFFD082982749A9FE6C6179
SHA256:018AFD497A4E99EAE2BF24622D3033625049F9BF22520FF2218BD7B1F14C2DD5
6844MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EUE0F5.tmp\psmachine_arm64.dllexecutable
MD5:418B520333D5B7E6D57D526C089E5663
SHA256:6BD6EF48D6ADDD8CEA48914E2B1207F65EFA06A68CD9C90B71A4C7FDEE57693A
6844MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EUE0F5.tmp\NOTICE.TXTtext
MD5:6DD5BF0743F2366A0BDD37E302783BCD
SHA256:91D3FC490565DED7621FF5198960E501B6DB857D5DD45AF2FE7C3ECD141145F5
6844MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EUE0F5.tmp\psmachine_64.dllexecutable
MD5:B8368E0BE81449CB20041866B915D1BB
SHA256:A2FD018A3F3B39535BFEC5A252D30948086D8ED403334BB40B718091A4921771
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
29
TCP/UDP connections
30
DNS requests
17
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5276
MoUsoCoreWorker.exe
GET
304
48.209.133.15:443
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3094&FlightIds=&UpdateOfferedDays=4294967295&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&sku=48&ActivationChannel=Retail&AttrDataVer=186&IsMDMEnrolled=0&ProcessorCores=6&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&TotalPhysicalRAM=6144&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260281&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&UpdateServiceUrl=http%3A%2F%2Fneverupdatewindows10.com&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30
US
whitelisted
3448
svchost.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
3448
svchost.exe
GET
200
23.216.77.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
5276
MoUsoCoreWorker.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
3448
svchost.exe
GET
200
48.209.133.15:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/WaasMedic?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&appVer=10.0.19041.3758&ring=Retail&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4
US
text
3.41 Kb
whitelisted
POST
500
48.192.1.65:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
US
xml
512 b
whitelisted
7804
windsurf-tools-wails.exe
GET
200
2.16.168.116:443
https://msedge.sf.dl.delivery.mp.microsoft.com/filestreamingservice/files/0bbb66e3-8f09-497b-a082-aedbdee906e2/MicrosoftEdgeWebview2Setup.exe
unknown
executable
1.62 Mb
whitelisted
4916
MicrosoftEdgeUpdate.exe
POST
200
74.178.76.44:443
https://msedge.api.cdp.microsoft.com/api/v2/contents/Browser/namespaces/Default/names?action=batchupdates
US
text
103 b
whitelisted
7804
windsurf-tools-wails.exe
GET
301
23.52.181.212:443
https://go.microsoft.com/fwlink/p/?LinkId=2124703
US
4236
MicrosoftEdgeUpdate.exe
GET
200
52.123.243.66:443
https://config.edge.skype.com/config/v1/EdgeUpdate/1.3.233.3?clientId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&appChannel_edgeupdate=6&appConsentState_edgeupdate=0&appDayOfInstall_edgeupdate=0&appInactivityBadgeApplied_edgeupdate=0&appInactivityBadgeCleared_edgeupdate=0&appInactivityBadgeDuration_edgeupdate=0&appInstallTimeDiffSec_edgeupdate=0&appIsPinnedSystem_edgeupdate=false&appLastLaunchCount_edgeupdate=0&appLastLaunchTime_edgeupdate=0&appLastLaunchTimeJson_edgeupdate=0&appLastLaunchTimeDaysAgo_edgeupdate=0&appVersion_edgeupdate=1.3.233.3&appUpdateCheckIsUpdateDisabled_edgeupdate=false&appUpdatesAllowedForMeteredNetworks_edgeupdate=false&hwDiskType=2&hwHasSsse3=true&hwLogicalCpus=6&hwPhysmemory=6&isCTADevice=false&isMsftDomainJoined=false&oemProductManufacturer=DELL&oemProductName=DELL&osArch=x64&osIsDefaultNetworkConnectionMetered=false&osIsInLockdownMode=false&osIsWIP=false&osPlatform=win&osProductType=48&osVersion=10.0.19045.4046&requestCheckPeriodSec=-1&requestDomainJoined=false&requestInstallSource=taggedmi&requestIsMachine=true&requestOmahaShellVersion=1.3.233.3&requestOmahaVersion=1.3.233.3
US
text
648 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
5276
MoUsoCoreWorker.exe
48.209.133.15:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
8040
slui.exe
128.24.231.65:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3448
svchost.exe
48.209.133.15:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
3448
svchost.exe
23.216.77.19:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
3448
svchost.exe
23.52.181.212:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
5276
MoUsoCoreWorker.exe
23.52.181.212:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
5276
MoUsoCoreWorker.exe
57.153.246.3:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3448
svchost.exe
57.153.246.3:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 48.209.133.15
  • 57.153.246.3
whitelisted
activation-v2.sls.microsoft.com
  • 128.24.231.65
whitelisted
google.com
  • 192.178.183.113
  • 192.178.183.139
  • 192.178.183.100
  • 192.178.183.102
  • 192.178.183.101
  • 192.178.183.138
whitelisted
crl.microsoft.com
  • 23.216.77.19
  • 23.216.77.42
  • 23.216.77.36
  • 23.216.77.20
  • 23.216.77.6
  • 23.216.77.8
  • 23.216.77.28
  • 23.216.77.25
  • 184.24.77.15
  • 184.24.77.21
  • 184.24.77.24
  • 184.24.77.23
  • 184.24.77.18
  • 184.24.77.28
  • 184.24.77.14
  • 184.24.77.25
  • 184.24.77.33
whitelisted
www.microsoft.com
  • 23.52.181.212
  • 72.246.29.11
whitelisted
go.microsoft.com
  • 23.52.181.141
whitelisted
msedge.sf.dl.delivery.mp.microsoft.com
  • 199.232.210.172
  • 199.232.214.172
whitelisted
self.events.data.microsoft.com
  • 13.89.179.13
whitelisted
config.edge.skype.com
  • 52.123.243.66
  • 52.123.224.65
  • 52.123.243.195
  • 52.123.243.217
  • 150.171.22.17
whitelisted
msedge.api.cdp.microsoft.com
  • 74.178.232.29
whitelisted

Threats

PID
Process
Class
Message
3448
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
Misc activity
ET USER_AGENTS Go HTTP Client User-Agent
Misc activity
ET INFO Go-http-client User-Agent Observed Outbound
Misc activity
ET INFO Go-http-client User-Agent Observed Outbound
Misc activity
ET USER_AGENTS Go HTTP Client User-Agent
Misc activity
ET INFO Request for EXE via GO HTTP Client
Misc activity
ET INFO Packed Executable Download
2656
svchost.exe
Misc activity
ET INFO Packed Executable Download
Process
Message
msedgewebview2.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming directory exists )
windsurf-tools-wails.exe
Warning: AddWebResourceRequestedFilter without SourceKind parameter is deprecated! It does not behave as expected for iframes.Please use AddWebResourceRequestedFilterWithRequestSourceKinds instead. For more information, please see https://go.microsoft.com/fwlink/?linkid=2286319
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
windsurf-tools-wails.exe