File name:

TurtleWoW.exe

Full analysis: https://app.any.run/tasks/08fbfac2-a4a1-498c-b784-7d59901ddeb5
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: April 08, 2025, 05:22:08
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

DF7580175A899AD0CF3017685830D84A

SHA1:

AFCFD76A2AAEFE056AFD1247488F1AAF955B0881

SHA256:

1D4C5A031D148A2687912778BFB4E61080985675747390DB0D76AC931AA60795

SSDEEP:

98304:9J8CwYGjpz/88WEHioI5t8xNqKOiNsFL2AXmku8A06elwDsmI+U0QQyiUzmZ/epu:9u6nKlU5GfIUwYF1B49g

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • TurtleWoW.exe (PID: 5408)

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 4040)

    • The DLL Hijacking

      • msedgewebview2.exe (PID: 2692)

    • Scans artifacts that could help determine the target

      • msedgewebview2.exe (PID: 5256)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • TurtleWoW.exe (PID: 5408)

    • The process creates files with name similar to system file names

      • TurtleWoW.exe (PID: 5408)

    • There is functionality for taking screenshot (YARA)

      • TurtleWoW.exe (PID: 5408)

    • Process requests binary or script from the Internet

      • TurtleWoW.exe (PID: 5408)

    • Process drops legitimate windows executable

      • TurtleWoW.exe (PID: 5408)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2236)
      • MicrosoftEdgeUpdate.exe (PID: 4040)
      • MicrosoftEdge_X64_135.0.3179.54.exe (PID: 5428)
      • setup.exe (PID: 3268)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 2236)
      • MicrosoftEdgeUpdate.exe (PID: 4040)

    • Executable content was dropped or overwritten

      • TurtleWoW.exe (PID: 5408)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2236)
      • MicrosoftEdgeUpdate.exe (PID: 4040)
      • MicrosoftEdge_X64_135.0.3179.54.exe (PID: 5428)
      • setup.exe (PID: 3268)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 4040)

    • Searches for installed software

      • TurtleWoW.exe (PID: 5408)
      • setup.exe (PID: 3268)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6644)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4892)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7084)
      • MicrosoftEdgeUpdate.exe (PID: 5416)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 4040)
      • MicrosoftEdgeUpdate.exe (PID: 2320)
      • msedgewebview2.exe (PID: 5256)

    • Application launched itself

      • setup.exe (PID: 3268)
      • MicrosoftEdgeUpdate.exe (PID: 2320)
      • msedgewebview2.exe (PID: 5256)

    • Creates a software uninstall entry

      • setup.exe (PID: 3268)
      • TurtleWoW.exe (PID: 5408)

  • INFO

    • Checks supported languages

      • TurtleWoW.exe (PID: 5408)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2236)
      • MicrosoftEdgeUpdate.exe (PID: 4040)
      • MicrosoftEdgeUpdate.exe (PID: 5416)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6644)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4892)
      • MicrosoftEdgeUpdate.exe (PID: 6112)
      • MicrosoftEdgeUpdate.exe (PID: 6184)
      • MicrosoftEdgeUpdate.exe (PID: 2320)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7084)
      • MicrosoftEdge_X64_135.0.3179.54.exe (PID: 5428)
      • MicrosoftEdgeUpdate.exe (PID: 2984)
      • setup.exe (PID: 3268)
      • setup.exe (PID: 2596)
      • turtle-wow.exe (PID: 1052)
      • msedgewebview2.exe (PID: 5256)
      • msedgewebview2.exe (PID: 2692)
      • msedgewebview2.exe (PID: 4108)
      • msedgewebview2.exe (PID: 1748)
      • msedgewebview2.exe (PID: 6820)
      • msedgewebview2.exe (PID: 6028)

    • The sample compiled with english language support

      • TurtleWoW.exe (PID: 5408)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2236)
      • MicrosoftEdgeUpdate.exe (PID: 4040)
      • MicrosoftEdge_X64_135.0.3179.54.exe (PID: 5428)
      • setup.exe (PID: 3268)

    • Reads the computer name

      • TurtleWoW.exe (PID: 5408)
      • MicrosoftEdgeUpdate.exe (PID: 4040)
      • MicrosoftEdgeUpdate.exe (PID: 5416)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6644)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4892)
      • MicrosoftEdgeUpdate.exe (PID: 6112)
      • MicrosoftEdgeUpdate.exe (PID: 6184)
      • MicrosoftEdgeUpdate.exe (PID: 2320)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7084)
      • MicrosoftEdge_X64_135.0.3179.54.exe (PID: 5428)
      • setup.exe (PID: 3268)
      • MicrosoftEdgeUpdate.exe (PID: 2984)
      • turtle-wow.exe (PID: 1052)
      • msedgewebview2.exe (PID: 5256)
      • msedgewebview2.exe (PID: 4108)
      • msedgewebview2.exe (PID: 2692)

    • Checks proxy server information

      • TurtleWoW.exe (PID: 5408)
      • MicrosoftEdgeUpdate.exe (PID: 6112)
      • MicrosoftEdgeUpdate.exe (PID: 2320)
      • MicrosoftEdgeUpdate.exe (PID: 2984)
      • turtle-wow.exe (PID: 1052)
      • msedgewebview2.exe (PID: 5256)
      • slui.exe (PID: 1164)

    • Create files in a temporary directory

      • TurtleWoW.exe (PID: 5408)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2236)
      • MicrosoftEdgeUpdate.exe (PID: 4040)
      • msedgewebview2.exe (PID: 5256)

    • Creates files or folders in the user directory

      • MicrosoftEdgeUpdate.exe (PID: 4040)
      • MicrosoftEdge_X64_135.0.3179.54.exe (PID: 5428)
      • setup.exe (PID: 2596)
      • MicrosoftEdgeUpdate.exe (PID: 2320)
      • TurtleWoW.exe (PID: 5408)
      • setup.exe (PID: 3268)
      • msedgewebview2.exe (PID: 5256)
      • msedgewebview2.exe (PID: 1748)
      • turtle-wow.exe (PID: 1052)
      • msedgewebview2.exe (PID: 4108)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 6112)
      • MicrosoftEdgeUpdate.exe (PID: 2984)
      • turtle-wow.exe (PID: 1052)
      • msedgewebview2.exe (PID: 5256)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 4040)
      • setup.exe (PID: 3268)
      • msedgewebview2.exe (PID: 5256)
      • msedgewebview2.exe (PID: 6820)

    • Reads the software policy settings

      • MicrosoftEdgeUpdate.exe (PID: 6112)
      • MicrosoftEdgeUpdate.exe (PID: 2320)
      • MicrosoftEdgeUpdate.exe (PID: 2984)
      • slui.exe (PID: 1164)

    • Reads the machine GUID from the registry

      • MicrosoftEdgeUpdate.exe (PID: 6112)
      • MicrosoftEdgeUpdate.exe (PID: 2320)
      • MicrosoftEdgeUpdate.exe (PID: 2984)
      • msedgewebview2.exe (PID: 5256)

    • Manual execution by a user

      • turtle-wow.exe (PID: 1052)

    • Reads product name

      • turtle-wow.exe (PID: 1052)

    • Reads CPU info

      • msedgewebview2.exe (PID: 5256)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:09:25 21:56:47+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x3640
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.0.2.0
ProductVersionNumber: 2.0.2.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: TurtleWoW
FileVersion: 2.0.2
LegalCopyright: -
ProductName: TurtleWoW
ProductVersion: 2.0.2
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
152
Monitored processes
22
Malicious processes
9
Suspicious processes
1

Behavior graph

Click at the process to see the details
start turtlewow.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe slui.exe microsoftedge_x64_135.0.3179.54.exe setup.exe setup.exe no specs microsoftedgeupdate.exe turtle-wow.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1052"C:\Users\admin\AppData\Local\TurtleWoW\turtle-wow.exe"C:\Users\admin\AppData\Local\TurtleWoW\turtle-wow.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
TurtleWoW
Version:
0.0.0
Modules
Images
c:\users\admin\appdata\local\turtlewow\turtle-wow.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1164C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1748C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\135.0.3179.54\msedgewebview2.exe --type=crashpad-handler --user-data-dir=C:\Users\admin\AppData\Local\turtle-wow\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\admin\AppData\Local\turtle-wow\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=135.0.7049.42 --annotation=exe=C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\135.0.3179.54\msedgewebview2.exe --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=135.0.3179.54 --initial-client-data=0x1a0,0x1a4,0x1a8,0x17c,0x1b0,0x7ffc88958240,0x7ffc8895824c,0x7ffc88958258C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\135.0.3179.54\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
135.0.3179.54
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\135.0.3179.54\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\135.0.3179.54\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2236C:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe /silent /installC:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
TurtleWoW.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update Setup
Exit code:
0
Version:
1.3.195.49
Modules
Images
c:\users\admin\appdata\local\temp\microsoftedgewebview2setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2320"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" -EmbeddingC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.49
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
2596C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{EDC5A982-DF75-4750-90C7-B552884A4E91}\EDGEMITMP_3613A.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=135.0.7049.42 --annotation=exe=C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{EDC5A982-DF75-4750-90C7-B552884A4E91}\EDGEMITMP_3613A.tmp\setup.exe --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=135.0.3179.54 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2a4,0x2d4,0x7ff79c09c888,0x7ff79c09c894,0x7ff79c09c8a0C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{EDC5A982-DF75-4750-90C7-B552884A4E91}\EDGEMITMP_3613A.tmp\setup.exesetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
135.0.3179.54
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{edc5a982-df75-4750-90c7-b552884a4e91}\edgemitmp_3613a.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\bcryptprimitives.dll
2692"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\135.0.3179.54\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\turtle-wow\EBWebView" --webview-exe-name=turtle-wow.exe --webview-exe-version=0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-pre-read-main-dll --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1896,i,5042347286289215557,5336544209941453863,262144 --enable-features=ForceSWDCompWhenDCompFallbackRequired,msAggressiveCacheTrimming,msCustomDataPartition,msWebView2NoTabForScreenShare,msWindowsTaskManager --disable-features=BackForwardCache,BackgroundTabLoadingFromPerformanceManager,CloseOmniboxPopupOnInactiveAreaClick,CollectAVProductsInfo,CollectCodeIntegrityInfo,EnableHangWatcher,FilterAdsOnAbusiveSites,GetWifiProtocol,LoginDetection,MediaFoundationCameraUsageMonitoring,PreconnectToSearch,SafetyHub,SegmentationPlatform,SpareRendererForSitePerProcess,Ukm,WebPayments,msAITrackerClassification,msAbydosForWindowlessWV2,msAffirmVirtualCard,msAllowChromeWebstore,msAllowMSAPrtSSOForNonMSAProfile,msApplicationGuard,msAskBeforeClosingMultipleTabs,msAutoToggleAADPrtSSOForNonAADProfile,msAutofillEdgeCoupons,msAutofillEdgeCouponsAutoApply,msAutofillEdgeServiceRequest,msAutomaticTabFreeze,msBrowserSettingsSupported,msCoarseGeolocationService,msDataProtection,msDesktopMode,msDesktopRewards,msDisableVariationsSeedFetchThrottling,msEEProactiveHistory,msETFOffstoreExtensionFileDataCollection,msETFPasswordTheftDNRActionSignals,msEdgeAdPlatformUI,msEdgeAddWebCapturetoCollections,msEdgeAutofillAdvancedSuggestionsBasic,msEdgeAutofillOneClickAutocomplete,msEdgeAutofillSaveGSPR100InDb,msEdgeAutofillShowDeployedPassword,msEdgeAutofillSs,msEdgeBrowserEssentialsShowUpdateSection,msEdgeCloudConfigService,msEdgeCloudConfigServiceV2,msEdgeCohorts,msEdgeCollectionsPrismExperiment1,msEdgeCollectionsPrismOverallMigration,msEdgeComposeNext,msEdgeEnableNurturingFramework,msEdgeEnclavePrefsBasic,msEdgeEnclavePrefsNotification,msEdgeFaviconService,msEdgeHJTelemetry,msEdgeHubAppSkype,msEdgeImageEditorUI,msEdgeLinkDoctor,msEdgeMouseGestureDefaultEnabled,msEdgeMouseGestureSupported,msEdgeNewDeviceFre,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgePDFCMHighlightUX,msEdgePasswordIris,msEdgePasswordIrisSaveBubble,msEdgeProngPersonalization,msEdgeReadingView,msEdgeRose,msEdgeSendTabToSelf,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingPersistentStorage,msEdgeShoppingUI,msEdgeSmartFind,msEdgeSuperDragDefaultEnabled,msEdgeSuperDragDropSupported,msEdgeTipping,msEdgeTranslate,msEdgeUseCaptivePortalService,msEdgeWebContentFilteringFeedback,msEdgeWorkSearchBanner,msEnableCustomJobMemoryLimitsOnXbox,msEnableMIPForPDF,msEnablePdfUpsell,msEnableThirdPartyScanning,msEnableWebSignInCta,msEnableWebToBrowserSignIn,msEndpointDlp,msEntityExtraction,msExtensionTelemetryFramework,msExternalTaskManager,msFileSystemAccessDirectoryIterationBlocklistCheck,msForceBrowserSignIn,msForeignSessionsPage,msGeolocationAccessService,msGeolocationOSLocationPermissionFallback,msGeolocationSQMService,msGeolocationService,msGrowthInfraLaunchSourceLogging,msGuidedSwitchAllowed,msHubPinPersist,msImplicitSignin,msIrm,msIrmv2,msKlarnaVirtualCard,msLoadStatistics,msLogIsEdgePinnedToTaskbarOnLaunch,msMIPCrossTenantPdfViewSupport,msMdatpWebSiteDlp,msNotificationPermissionForPWA,msOnHoverSearchInSidebar,msOpenOfficeDocumentsInWebViewer,msPasswordBreachDetection,msPdfAnnotationsVisibility,msPdfDataRecovery,msPdfDigitalSignatureRead,msPdfFreeText,msPdfFreeTextForCJK,msPdfHighlightMode,msPdfInking,msPdfKeyphraseSupport,msPdfOOUI,msPdfPopupMarkerRenderer,msPdfShare,msPdfSharedLibrary,msPdfTextNote,msPdfTextNoteMoreMenu,msPdfThumbnailCache,msPdfUnderside,msPdfViewRestore,msPersonalizationUMA,msPriceComparison,msPromptDefaultHandlerForPDF,msReactiveSearch,msReadAloud,msReadAloudPdf,msRedirectToShoreline,msRevokeExtensions,msSaasDlp,msShoppingTrigger,msShorelineSearch,msShorelineSearchFindOnPageWebUI,msShowOfflineGameEntrance,msShowReadAloudIconInAddressBar,msShowUXForAADPrtSSOForNonAADProfile,msSmartScreenProtection,msSuspendMessageForNewSessionWhenHavingPendingNavigation,msSyncEdgeCollections,msTabResourceStats,msTokenizationAutofillInlineEnabled,msTouchMode,msTriggeringSignalGenerator,msUserUnderstanding,msVideoSuperResolutionUI,msWalletBuyNow,msWalletCheckout,msWalletDiagnosticDataLogger,msWalletHubEntry,msWalletHubIntlP3,msWalletPartialCard,msWalletPasswordCategorization,msWalletPasswordCategorizationPlatformExpansion,msWalletTokenizationCardMetadata,msWalletTokenizedAutofill,msWebAssist,msWebAssistHistorySearchService,msWebOOUI,msWindowsUserActivities,msZipPayVirtualCard --variations-seed-version --mojo-platform-channel-handle=1888 /prefetch:2C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\135.0.3179.54\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
135.0.3179.54
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\135.0.3179.54\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\135.0.3179.54\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2984"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDkiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7MzI4QTAyM0UtODVCQy00QjFGLUE1NDMtQzM3RTU1NkJFQUEzfSIgdXNlcmlkPSJ7OENBODZDQ0MtMDAzNS00OTJCLUEzN0QtMTkxMDgwMjE3QkUxfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InswRTk3MjJBRC05MkQwLTQwMkItQTYzMC1GNUQ4MkMyRTEyREZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzUuMC4zMTc5LjU0IiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk4NjM4MjE4OTAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5ODYzOTc4NzU5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAyODEwMDkwODkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzJkMzJmZTcwLWEzMjAtNDQ2NS1hMWFkLTVmMjAxOTdmN2Y5YT9QMT0xNzQ0Njk0NTU3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PU5tdjlIUkNzOEdMcUVoZFZTOFdMbVdKZHpCWHNrMmV0cGJLclB4alRMRmIzUmNoayUyZjJaNnhKdFpvN3lTbGlFN24xNnpVV21NSHo1b2FCUG0wTVpDJTJiUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3MjM1NjE1MiIgdG90YWw9IjE3MjM1NjE1MiIgZG93bmxvYWRfdGltZV9tcz0iMzcxMjUiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDI4MTMyMjU5NSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMzAxMTY2NDIyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDczMjQxNTUxNiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjE3OTciIGRvd25sb2FkX3RpbWVfbXM9IjQxNzM0IiBkb3dubG9hZGVkPSIxNzIzNTYxNTIiIHRvdGFsPSIxNzIzNTYxNTIiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQzMTA5Ii8-PC9hcHA-PC9yZXF1ZXN0PgC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.49
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
3268"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{EDC5A982-DF75-4750-90C7-B552884A4E91}\EDGEMITMP_3613A.tmp\setup.exe" --install-archive="C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{EDC5A982-DF75-4750-90C7-B552884A4E91}\MicrosoftEdge_X64_135.0.3179.54.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --user-levelC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{EDC5A982-DF75-4750-90C7-B552884A4E91}\EDGEMITMP_3613A.tmp\setup.exe
MicrosoftEdge_X64_135.0.3179.54.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
135.0.3179.54
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{edc5a982-df75-4750-90c7-b552884a4e91}\edgemitmp_3613a.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\bcryptprimitives.dll
4040C:\Users\admin\AppData\Local\Temp\EUF9B4.tmp\MicrosoftEdgeUpdate.exe /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"C:\Users\admin\AppData\Local\Temp\EUF9B4.tmp\MicrosoftEdgeUpdate.exe
MicrosoftEdgeWebview2Setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.49
Modules
Images
c:\users\admin\appdata\local\temp\euf9b4.tmp\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
Total events
22 287
Read events
19 605
Write events
2 614
Delete events
68

Modification events

(PID) Process:(4040) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(4040) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:path
Value:
C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(PID) Process:(4040) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:UninstallCmdLine
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /uninstall
(PID) Process:(4040) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.195.49
(PID) Process:(4040) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:name
Value:
Microsoft Edge Update
(PID) Process:(4040) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.195.49
(PID) Process:(4040) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Microsoft Edge Update
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.49\MicrosoftEdgeUpdateCore.exe"
(PID) Process:(6644) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(6644) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(6644) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{F6575EAC-C070-4329-8FB9-CB574A353CC3}\InprocHandler32
Operation:writeName:ThreadingModel
Value:
Both
Executable files
217
Suspicious files
104
Text files
28
Unknown types
2

Dropped files

PID
Process
Filename
Type
5408TurtleWoW.exeC:\Users\admin\AppData\Local\Temp\nsyCAD6.tmp\modern-wizard.bmpimage
MD5:1185DAD0C68CA4452F6EF8ACC06A69A0
SHA256:2FB0A86CDC0764297E027EA25DF454827F2D7E5D93CD7B80901892D9234716DB
5408TurtleWoW.exeC:\Users\admin\AppData\Local\Temp\nsyCAD6.tmp\nsDialogs.dllexecutable
MD5:6C3F8C94D0727894D706940A8A980543
SHA256:56B96ADD1978B1ABBA286F7F8982B0EFBE007D4A48B3DED6A4D408E01D753FE2
5408TurtleWoW.exeC:\Users\admin\AppData\Local\Temp\nsyCAD6.tmp\System.dllexecutable
MD5:CFF85C549D536F651D4FB8387F1976F2
SHA256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
5408TurtleWoW.exeC:\Users\admin\AppData\Local\Temp\nsyCAD6.tmp\LangDLL.dllexecutable
MD5:68B287F4067BA013E34A1339AFDB1EA8
SHA256:18E8B40BA22C7A1687BD16E8D585380BC2773FFF5002D7D67E9485FCC0C51026
2236MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUF9B4.tmp\NOTICE.TXTtext
MD5:6DD5BF0743F2366A0BDD37E302783BCD
SHA256:91D3FC490565DED7621FF5198960E501B6DB857D5DD45AF2FE7C3ECD141145F5
2236MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUF9B4.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeexecutable
MD5:A6D59861272EE24F43DDE137AB82B116
SHA256:146DC78518FDACB266295EE49CDB48E898D74B7F23B5C08D006D64577CDD6C6D
2236MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUF9B4.tmp\psuser_64.dllexecutable
MD5:2D354F794E3F058A9D5D54DCBC3955EE
SHA256:DF536104768917AFB0494CD0C544EEC1283EB336F188853A8DF09E2043E9431A
2236MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUF9B4.tmp\psmachine.dllexecutable
MD5:F10322ED75B0567C0A69DBF1163F9503
SHA256:9DB888B286DC32656B936D5E1438D39D46DA82212826F36C29DD99FCB0419803
2236MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUF9B4.tmp\psuser_arm64.dllexecutable
MD5:6EDE259800392668309579B7C3EF1AD6
SHA256:A1A607209D0B0C5AF015EBEBDEFA00B3A81EFB04D7A9E889D46BAA266CC36D99
2236MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUF9B4.tmp\psuser.dllexecutable
MD5:F6E8BE1734F076C3F6FF9AF3B9E9E74E
SHA256:DC79EBD95CC78B50A3FB5A16DBBBF08FCC25DFC44843D45149EF6F602EF16A45
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
40
TCP/UDP connections
61
DNS requests
25
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
52.149.20.212:443
https://slscr.update.microsoft.com/sls/ping
unknown
GET
304
52.149.20.212:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
5408
TurtleWoW.exe
GET
301
69.192.162.125:80
http://go.microsoft.com/fwlink/p/?LinkId=2124703
unknown
whitelisted
6456
RUXIMICS.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5408
TurtleWoW.exe
GET
200
23.48.23.48:80
http://msedge.sf.dl.delivery.mp.microsoft.com/filestreamingservice/files/52b8103e-36c0-4201-990f-35a73867132f/MicrosoftEdgeWebview2Setup.exe
unknown
whitelisted
5548
svchost.exe
HEAD
200
199.232.214.172:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2d32fe70-a320-4465-a1ad-5f20197f7f9a?P1=1744694557&P2=404&P3=2&P4=Nmv9HRCs8GLqEhdVS8WLmWJdzBXsk2etpbKrPxjTLFb3Rchk%2f2Z6xJtZo7ySliE7n16zUWmMHz5oaBPm0MZC%2bQ%3d%3d
unknown
whitelisted
5548
svchost.exe
GET
200
199.232.214.172:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2d32fe70-a320-4465-a1ad-5f20197f7f9a?P1=1744694557&P2=404&P3=2&P4=Nmv9HRCs8GLqEhdVS8WLmWJdzBXsk2etpbKrPxjTLFb3Rchk%2f2Z6xJtZo7ySliE7n16zUWmMHz5oaBPm0MZC%2bQ%3d%3d
unknown
whitelisted
GET
304
52.149.20.212:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
GET
200
52.149.20.212:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
2040
SIHClient.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6456
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6456
RUXIMICS.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
3216
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
5408
TurtleWoW.exe
69.192.162.125:80
go.microsoft.com
AKAMAI-AS
DE
whitelisted
5408
TurtleWoW.exe
23.48.23.48:80
msedge.sf.dl.delivery.mp.microsoft.com
Akamai International B.V.
DE
whitelisted
6112
MicrosoftEdgeUpdate.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2320
MicrosoftEdgeUpdate.exe
172.169.87.222:443
msedge.api.cdp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
google.com
  • 142.250.181.238
whitelisted
client.wns.windows.com
  • 172.211.123.250
  • 172.211.123.249
whitelisted
crl.microsoft.com
  • 23.216.77.6
  • 23.216.77.28
whitelisted
go.microsoft.com
  • 69.192.162.125
whitelisted
msedge.sf.dl.delivery.mp.microsoft.com
  • 23.48.23.48
  • 23.48.23.21
  • 23.48.23.28
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
msedge.api.cdp.microsoft.com
  • 172.169.87.222
whitelisted
msedge.f.tlu.dl.delivery.mp.microsoft.com
  • 199.232.214.172
  • 199.232.210.172
whitelisted
slscr.update.microsoft.com
  • 52.149.20.212
whitelisted

Threats

PID
Process
Class
Message
5408
TurtleWoW.exe
Misc activity
ET INFO Packed Executable Download
5548
svchost.exe
Misc activity
ET INFO Packed Executable Download
4108
msedgewebview2.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
4108
msedgewebview2.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
TurtleWoW.exe