File name:

TurtleWoW.exe

Full analysis: https://app.any.run/tasks/08fbfac2-a4a1-498c-b784-7d59901ddeb5
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: April 08, 2025, 05:22:08
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

DF7580175A899AD0CF3017685830D84A

SHA1:

AFCFD76A2AAEFE056AFD1247488F1AAF955B0881

SHA256:

1D4C5A031D148A2687912778BFB4E61080985675747390DB0D76AC931AA60795

SSDEEP:

98304:9J8CwYGjpz/88WEHioI5t8xNqKOiNsFL2AXmku8A06elwDsmI+U0QQyiUzmZ/epu:9u6nKlU5GfIUwYF1B49g

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • TurtleWoW.exe (PID: 5408)

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 4040)

    • Scans artifacts that could help determine the target

      • msedgewebview2.exe (PID: 5256)

    • The DLL Hijacking

      • msedgewebview2.exe (PID: 2692)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • TurtleWoW.exe (PID: 5408)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • TurtleWoW.exe (PID: 5408)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 2236)
      • MicrosoftEdgeUpdate.exe (PID: 4040)

    • Process drops legitimate windows executable

      • TurtleWoW.exe (PID: 5408)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2236)
      • MicrosoftEdgeUpdate.exe (PID: 4040)
      • MicrosoftEdge_X64_135.0.3179.54.exe (PID: 5428)
      • setup.exe (PID: 3268)

    • Process requests binary or script from the Internet

      • TurtleWoW.exe (PID: 5408)

    • There is functionality for taking screenshot (YARA)

      • TurtleWoW.exe (PID: 5408)

    • Executable content was dropped or overwritten

      • TurtleWoW.exe (PID: 5408)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2236)
      • MicrosoftEdgeUpdate.exe (PID: 4040)
      • MicrosoftEdge_X64_135.0.3179.54.exe (PID: 5428)
      • setup.exe (PID: 3268)

    • Searches for installed software

      • TurtleWoW.exe (PID: 5408)
      • setup.exe (PID: 3268)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 4040)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4892)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6644)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7084)
      • MicrosoftEdgeUpdate.exe (PID: 5416)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 4040)
      • MicrosoftEdgeUpdate.exe (PID: 2320)
      • msedgewebview2.exe (PID: 5256)

    • Application launched itself

      • setup.exe (PID: 3268)
      • MicrosoftEdgeUpdate.exe (PID: 2320)
      • msedgewebview2.exe (PID: 5256)

    • Creates a software uninstall entry

      • setup.exe (PID: 3268)
      • TurtleWoW.exe (PID: 5408)

  • INFO

    • Checks supported languages

      • TurtleWoW.exe (PID: 5408)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2236)
      • MicrosoftEdgeUpdate.exe (PID: 4040)
      • MicrosoftEdgeUpdate.exe (PID: 5416)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6644)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7084)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4892)
      • MicrosoftEdgeUpdate.exe (PID: 6112)
      • MicrosoftEdgeUpdate.exe (PID: 6184)
      • MicrosoftEdge_X64_135.0.3179.54.exe (PID: 5428)
      • MicrosoftEdgeUpdate.exe (PID: 2320)
      • setup.exe (PID: 3268)
      • setup.exe (PID: 2596)
      • MicrosoftEdgeUpdate.exe (PID: 2984)
      • msedgewebview2.exe (PID: 2692)
      • msedgewebview2.exe (PID: 1748)
      • msedgewebview2.exe (PID: 5256)
      • msedgewebview2.exe (PID: 4108)
      • turtle-wow.exe (PID: 1052)
      • msedgewebview2.exe (PID: 6028)
      • msedgewebview2.exe (PID: 6820)

    • The sample compiled with english language support

      • TurtleWoW.exe (PID: 5408)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2236)
      • MicrosoftEdgeUpdate.exe (PID: 4040)
      • MicrosoftEdge_X64_135.0.3179.54.exe (PID: 5428)
      • setup.exe (PID: 3268)

    • Reads the computer name

      • TurtleWoW.exe (PID: 5408)
      • MicrosoftEdgeUpdate.exe (PID: 4040)
      • MicrosoftEdgeUpdate.exe (PID: 5416)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6644)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4892)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7084)
      • MicrosoftEdgeUpdate.exe (PID: 6184)
      • MicrosoftEdgeUpdate.exe (PID: 6112)
      • MicrosoftEdgeUpdate.exe (PID: 2320)
      • MicrosoftEdge_X64_135.0.3179.54.exe (PID: 5428)
      • setup.exe (PID: 3268)
      • MicrosoftEdgeUpdate.exe (PID: 2984)
      • turtle-wow.exe (PID: 1052)
      • msedgewebview2.exe (PID: 5256)
      • msedgewebview2.exe (PID: 4108)
      • msedgewebview2.exe (PID: 2692)

    • Create files in a temporary directory

      • TurtleWoW.exe (PID: 5408)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2236)
      • MicrosoftEdgeUpdate.exe (PID: 4040)
      • msedgewebview2.exe (PID: 5256)

    • Checks proxy server information

      • TurtleWoW.exe (PID: 5408)
      • MicrosoftEdgeUpdate.exe (PID: 6112)
      • MicrosoftEdgeUpdate.exe (PID: 2320)
      • MicrosoftEdgeUpdate.exe (PID: 2984)
      • slui.exe (PID: 1164)
      • turtle-wow.exe (PID: 1052)
      • msedgewebview2.exe (PID: 5256)

    • Creates files or folders in the user directory

      • MicrosoftEdgeUpdate.exe (PID: 4040)
      • MicrosoftEdgeUpdate.exe (PID: 2320)
      • MicrosoftEdge_X64_135.0.3179.54.exe (PID: 5428)
      • setup.exe (PID: 3268)
      • setup.exe (PID: 2596)
      • TurtleWoW.exe (PID: 5408)
      • msedgewebview2.exe (PID: 5256)
      • msedgewebview2.exe (PID: 1748)
      • turtle-wow.exe (PID: 1052)
      • msedgewebview2.exe (PID: 4108)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 4040)
      • setup.exe (PID: 3268)
      • msedgewebview2.exe (PID: 5256)
      • msedgewebview2.exe (PID: 6820)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 6112)
      • MicrosoftEdgeUpdate.exe (PID: 2984)
      • turtle-wow.exe (PID: 1052)
      • msedgewebview2.exe (PID: 5256)

    • Reads the software policy settings

      • MicrosoftEdgeUpdate.exe (PID: 6112)
      • MicrosoftEdgeUpdate.exe (PID: 2320)
      • MicrosoftEdgeUpdate.exe (PID: 2984)
      • slui.exe (PID: 1164)

    • Reads the machine GUID from the registry

      • MicrosoftEdgeUpdate.exe (PID: 6112)
      • MicrosoftEdgeUpdate.exe (PID: 2320)
      • MicrosoftEdgeUpdate.exe (PID: 2984)
      • msedgewebview2.exe (PID: 5256)

    • Manual execution by a user

      • turtle-wow.exe (PID: 1052)

    • Reads product name

      • turtle-wow.exe (PID: 1052)

    • Reads CPU info

      • msedgewebview2.exe (PID: 5256)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:09:25 21:56:47+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x3640
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.0.2.0
ProductVersionNumber: 2.0.2.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: TurtleWoW
FileVersion: 2.0.2
LegalCopyright: -
ProductName: TurtleWoW
ProductVersion: 2.0.2
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
152
Monitored processes
22
Malicious processes
9
Suspicious processes
1

Behavior graph

Click at the process to see the details
start turtlewow.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe slui.exe microsoftedge_x64_135.0.3179.54.exe setup.exe setup.exe no specs microsoftedgeupdate.exe turtle-wow.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1052"C:\Users\admin\AppData\Local\TurtleWoW\turtle-wow.exe"C:\Users\admin\AppData\Local\TurtleWoW\turtle-wow.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
TurtleWoW
Version:
0.0.0
Modules
Images
c:\users\admin\appdata\local\turtlewow\turtle-wow.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1164C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1748C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\135.0.3179.54\msedgewebview2.exe --type=crashpad-handler --user-data-dir=C:\Users\admin\AppData\Local\turtle-wow\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\admin\AppData\Local\turtle-wow\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=135.0.7049.42 --annotation=exe=C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\135.0.3179.54\msedgewebview2.exe --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=135.0.3179.54 --initial-client-data=0x1a0,0x1a4,0x1a8,0x17c,0x1b0,0x7ffc88958240,0x7ffc8895824c,0x7ffc88958258C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\135.0.3179.54\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
135.0.3179.54
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\135.0.3179.54\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\135.0.3179.54\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2236C:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe /silent /installC:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
TurtleWoW.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update Setup
Exit code:
0
Version:
1.3.195.49
Modules
Images
c:\users\admin\appdata\local\temp\microsoftedgewebview2setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2320"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" -EmbeddingC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.49
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
2596C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{EDC5A982-DF75-4750-90C7-B552884A4E91}\EDGEMITMP_3613A.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=135.0.7049.42 --annotation=exe=C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{EDC5A982-DF75-4750-90C7-B552884A4E91}\EDGEMITMP_3613A.tmp\setup.exe --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=135.0.3179.54 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2a4,0x2d4,0x7ff79c09c888,0x7ff79c09c894,0x7ff79c09c8a0C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{EDC5A982-DF75-4750-90C7-B552884A4E91}\EDGEMITMP_3613A.tmp\setup.exesetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
135.0.3179.54
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{edc5a982-df75-4750-90c7-b552884a4e91}\edgemitmp_3613a.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\bcryptprimitives.dll
2692"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\135.0.3179.54\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\turtle-wow\EBWebView" --webview-exe-name=turtle-wow.exe --webview-exe-version=0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-pre-read-main-dll --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1896,i,5042347286289215557,5336544209941453863,262144 --enable-features=ForceSWDCompWhenDCompFallbackRequired,msAggressiveCacheTrimming,msCustomDataPartition,msWebView2NoTabForScreenShare,msWindowsTaskManager --disable-features=BackForwardCache,BackgroundTabLoadingFromPerformanceManager,CloseOmniboxPopupOnInactiveAreaClick,CollectAVProductsInfo,CollectCodeIntegrityInfo,EnableHangWatcher,FilterAdsOnAbusiveSites,GetWifiProtocol,LoginDetection,MediaFoundationCameraUsageMonitoring,PreconnectToSearch,SafetyHub,SegmentationPlatform,SpareRendererForSitePerProcess,Ukm,WebPayments,msAITrackerClassification,msAbydosForWindowlessWV2,msAffirmVirtualCard,msAllowChromeWebstore,msAllowMSAPrtSSOForNonMSAProfile,msApplicationGuard,msAskBeforeClosingMultipleTabs,msAutoToggleAADPrtSSOForNonAADProfile,msAutofillEdgeCoupons,msAutofillEdgeCouponsAutoApply,msAutofillEdgeServiceRequest,msAutomaticTabFreeze,msBrowserSettingsSupported,msCoarseGeolocationService,msDataProtection,msDesktopMode,msDesktopRewards,msDisableVariationsSeedFetchThrottling,msEEProactiveHistory,msETFOffstoreExtensionFileDataCollection,msETFPasswordTheftDNRActionSignals,msEdgeAdPlatformUI,msEdgeAddWebCapturetoCollections,msEdgeAutofillAdvancedSuggestionsBasic,msEdgeAutofillOneClickAutocomplete,msEdgeAutofillSaveGSPR100InDb,msEdgeAutofillShowDeployedPassword,msEdgeAutofillSs,msEdgeBrowserEssentialsShowUpdateSection,msEdgeCloudConfigService,msEdgeCloudConfigServiceV2,msEdgeCohorts,msEdgeCollectionsPrismExperiment1,msEdgeCollectionsPrismOverallMigration,msEdgeComposeNext,msEdgeEnableNurturingFramework,msEdgeEnclavePrefsBasic,msEdgeEnclavePrefsNotification,msEdgeFaviconService,msEdgeHJTelemetry,msEdgeHubAppSkype,msEdgeImageEditorUI,msEdgeLinkDoctor,msEdgeMouseGestureDefaultEnabled,msEdgeMouseGestureSupported,msEdgeNewDeviceFre,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgePDFCMHighlightUX,msEdgePasswordIris,msEdgePasswordIrisSaveBubble,msEdgeProngPersonalization,msEdgeReadingView,msEdgeRose,msEdgeSendTabToSelf,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingPersistentStorage,msEdgeShoppingUI,msEdgeSmartFind,msEdgeSuperDragDefaultEnabled,msEdgeSuperDragDropSupported,msEdgeTipping,msEdgeTranslate,msEdgeUseCaptivePortalService,msEdgeWebContentFilteringFeedback,msEdgeWorkSearchBanner,msEnableCustomJobMemoryLimitsOnXbox,msEnableMIPForPDF,msEnablePdfUpsell,msEnableThirdPartyScanning,msEnableWebSignInCta,msEnableWebToBrowserSignIn,msEndpointDlp,msEntityExtraction,msExtensionTelemetryFramework,msExternalTaskManager,msFileSystemAccessDirectoryIterationBlocklistCheck,msForceBrowserSignIn,msForeignSessionsPage,msGeolocationAccessService,msGeolocationOSLocationPermissionFallback,msGeolocationSQMService,msGeolocationService,msGrowthInfraLaunchSourceLogging,msGuidedSwitchAllowed,msHubPinPersist,msImplicitSignin,msIrm,msIrmv2,msKlarnaVirtualCard,msLoadStatistics,msLogIsEdgePinnedToTaskbarOnLaunch,msMIPCrossTenantPdfViewSupport,msMdatpWebSiteDlp,msNotificationPermissionForPWA,msOnHoverSearchInSidebar,msOpenOfficeDocumentsInWebViewer,msPasswordBreachDetection,msPdfAnnotationsVisibility,msPdfDataRecovery,msPdfDigitalSignatureRead,msPdfFreeText,msPdfFreeTextForCJK,msPdfHighlightMode,msPdfInking,msPdfKeyphraseSupport,msPdfOOUI,msPdfPopupMarkerRenderer,msPdfShare,msPdfSharedLibrary,msPdfTextNote,msPdfTextNoteMoreMenu,msPdfThumbnailCache,msPdfUnderside,msPdfViewRestore,msPersonalizationUMA,msPriceComparison,msPromptDefaultHandlerForPDF,msReactiveSearch,msReadAloud,msReadAloudPdf,msRedirectToShoreline,msRevokeExtensions,msSaasDlp,msShoppingTrigger,msShorelineSearch,msShorelineSearchFindOnPageWebUI,msShowOfflineGameEntrance,msShowReadAloudIconInAddressBar,msShowUXForAADPrtSSOForNonAADProfile,msSmartScreenProtection,msSuspendMessageForNewSessionWhenHavingPendingNavigation,msSyncEdgeCollections,msTabResourceStats,msTokenizationAutofillInlineEnabled,msTouchMode,msTriggeringSignalGenerator,msUserUnderstanding,msVideoSuperResolutionUI,msWalletBuyNow,msWalletCheckout,msWalletDiagnosticDataLogger,msWalletHubEntry,msWalletHubIntlP3,msWalletPartialCard,msWalletPasswordCategorization,msWalletPasswordCategorizationPlatformExpansion,msWalletTokenizationCardMetadata,msWalletTokenizedAutofill,msWebAssist,msWebAssistHistorySearchService,msWebOOUI,msWindowsUserActivities,msZipPayVirtualCard --variations-seed-version --mojo-platform-channel-handle=1888 /prefetch:2C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\135.0.3179.54\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
135.0.3179.54
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\135.0.3179.54\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\135.0.3179.54\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2984"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDkiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7MzI4QTAyM0UtODVCQy00QjFGLUE1NDMtQzM3RTU1NkJFQUEzfSIgdXNlcmlkPSJ7OENBODZDQ0MtMDAzNS00OTJCLUEzN0QtMTkxMDgwMjE3QkUxfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InswRTk3MjJBRC05MkQwLTQwMkItQTYzMC1GNUQ4MkMyRTEyREZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzUuMC4zMTc5LjU0IiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk4NjM4MjE4OTAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5ODYzOTc4NzU5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAyODEwMDkwODkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzJkMzJmZTcwLWEzMjAtNDQ2NS1hMWFkLTVmMjAxOTdmN2Y5YT9QMT0xNzQ0Njk0NTU3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PU5tdjlIUkNzOEdMcUVoZFZTOFdMbVdKZHpCWHNrMmV0cGJLclB4alRMRmIzUmNoayUyZjJaNnhKdFpvN3lTbGlFN24xNnpVV21NSHo1b2FCUG0wTVpDJTJiUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3MjM1NjE1MiIgdG90YWw9IjE3MjM1NjE1MiIgZG93bmxvYWRfdGltZV9tcz0iMzcxMjUiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDI4MTMyMjU5NSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMzAxMTY2NDIyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDczMjQxNTUxNiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjE3OTciIGRvd25sb2FkX3RpbWVfbXM9IjQxNzM0IiBkb3dubG9hZGVkPSIxNzIzNTYxNTIiIHRvdGFsPSIxNzIzNTYxNTIiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQzMTA5Ii8-PC9hcHA-PC9yZXF1ZXN0PgC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.49
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
3268"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{EDC5A982-DF75-4750-90C7-B552884A4E91}\EDGEMITMP_3613A.tmp\setup.exe" --install-archive="C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{EDC5A982-DF75-4750-90C7-B552884A4E91}\MicrosoftEdge_X64_135.0.3179.54.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --user-levelC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{EDC5A982-DF75-4750-90C7-B552884A4E91}\EDGEMITMP_3613A.tmp\setup.exe
MicrosoftEdge_X64_135.0.3179.54.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
135.0.3179.54
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{edc5a982-df75-4750-90c7-b552884a4e91}\edgemitmp_3613a.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\bcryptprimitives.dll
4040C:\Users\admin\AppData\Local\Temp\EUF9B4.tmp\MicrosoftEdgeUpdate.exe /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"C:\Users\admin\AppData\Local\Temp\EUF9B4.tmp\MicrosoftEdgeUpdate.exe
MicrosoftEdgeWebview2Setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.49
Modules
Images
c:\users\admin\appdata\local\temp\euf9b4.tmp\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
Total events
22 287
Read events
19 605
Write events
2 614
Delete events
68

Modification events

(PID) Process:(4040) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(4040) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:path
Value:
C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(PID) Process:(4040) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:UninstallCmdLine
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /uninstall
(PID) Process:(4040) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.195.49
(PID) Process:(4040) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:name
Value:
Microsoft Edge Update
(PID) Process:(4040) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.195.49
(PID) Process:(4040) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Microsoft Edge Update
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.49\MicrosoftEdgeUpdateCore.exe"
(PID) Process:(6644) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(6644) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(6644) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{F6575EAC-C070-4329-8FB9-CB574A353CC3}\InprocHandler32
Operation:writeName:ThreadingModel
Value:
Both
Executable files
217
Suspicious files
104
Text files
28
Unknown types
2

Dropped files

PID
Process
Filename
Type
5408TurtleWoW.exeC:\Users\admin\AppData\Local\Temp\nsyCAD6.tmp\NSISdl.dllexecutable
MD5:EE68463FED225C5C98D800BDBD205598
SHA256:419485A096BC7D95F872ED1B9B7B5C537231183D710363BEEE4D235BB79DBE04
2236MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUF9B4.tmp\MicrosoftEdgeUpdateBroker.exeexecutable
MD5:3183363DEE370C1ADB75B36D381C37DB
SHA256:228BB625B37700C215E3B23C7E7DEEDE8931B32646CEBB80E3CFBFE9BE945EDB
2236MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUF9B4.tmp\psmachine_arm64.dllexecutable
MD5:B4B144416C736F399F3AB4D9B9615ECC
SHA256:5EABB44405E975BF59F32A82A47CE49C7F26AF198443115CC02BBCB1E35F27E2
2236MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUF9B4.tmp\MicrosoftEdgeUpdate.exeexecutable
MD5:BBD650A482ED31B5FD9B1C1636A08EA1
SHA256:C78F97F6E2DB213366AFB7EF57720CC0801CAFB428C436E8C8A780AB74F4C1E2
2236MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUF9B4.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeexecutable
MD5:A6D59861272EE24F43DDE137AB82B116
SHA256:146DC78518FDACB266295EE49CDB48E898D74B7F23B5C08D006D64577CDD6C6D
5408TurtleWoW.exeC:\Users\admin\AppData\Local\Temp\nsyCAD6.tmp\modern-header.bmpimage
MD5:FBF838C4D76135D01D4B10511B322D39
SHA256:61A765C64A64C637FC8F80770695A1F3A1F1C26ADABEC3062F1D81F7836973C8
5408TurtleWoW.exeC:\Users\admin\AppData\Local\Temp\nsyCAD6.tmp\nsDialogs.dllexecutable
MD5:6C3F8C94D0727894D706940A8A980543
SHA256:56B96ADD1978B1ABBA286F7F8982B0EFBE007D4A48B3DED6A4D408E01D753FE2
5408TurtleWoW.exeC:\Users\admin\AppData\Local\Temp\nsyCAD6.tmp\modern-wizard.bmpimage
MD5:1185DAD0C68CA4452F6EF8ACC06A69A0
SHA256:2FB0A86CDC0764297E027EA25DF454827F2D7E5D93CD7B80901892D9234716DB
2236MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUF9B4.tmp\MicrosoftEdgeUpdateOnDemand.exeexecutable
MD5:23E508DF04911742E9051987A1FDDB99
SHA256:49E43D73672AA99A5E2950D2421824B405834D7F94FC8CEFD7B3984ECAB258BD
5408TurtleWoW.exeC:\Users\admin\AppData\Local\Temp\nsyCAD6.tmp\LangDLL.dllexecutable
MD5:68B287F4067BA013E34A1339AFDB1EA8
SHA256:18E8B40BA22C7A1687BD16E8D585380BC2773FFF5002D7D67E9485FCC0C51026
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
40
TCP/UDP connections
61
DNS requests
25
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6456
RUXIMICS.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5548
svchost.exe
HEAD
200
199.232.214.172:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2d32fe70-a320-4465-a1ad-5f20197f7f9a?P1=1744694557&P2=404&P3=2&P4=Nmv9HRCs8GLqEhdVS8WLmWJdzBXsk2etpbKrPxjTLFb3Rchk%2f2Z6xJtZo7ySliE7n16zUWmMHz5oaBPm0MZC%2bQ%3d%3d
unknown
whitelisted
GET
304
52.149.20.212:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
unknown
5548
svchost.exe
GET
200
199.232.214.172:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2d32fe70-a320-4465-a1ad-5f20197f7f9a?P1=1744694557&P2=404&P3=2&P4=Nmv9HRCs8GLqEhdVS8WLmWJdzBXsk2etpbKrPxjTLFb3Rchk%2f2Z6xJtZo7ySliE7n16zUWmMHz5oaBPm0MZC%2bQ%3d%3d
unknown
whitelisted
GET
200
52.149.20.212:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
unknown
2040
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
2040
SIHClient.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
unknown
whitelisted
2040
SIHClient.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
2040
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
2040
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6456
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6456
RUXIMICS.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
3216
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
5408
TurtleWoW.exe
69.192.162.125:80
go.microsoft.com
AKAMAI-AS
DE
whitelisted
5408
TurtleWoW.exe
23.48.23.48:80
msedge.sf.dl.delivery.mp.microsoft.com
Akamai International B.V.
DE
whitelisted
6112
MicrosoftEdgeUpdate.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2320
MicrosoftEdgeUpdate.exe
172.169.87.222:443
msedge.api.cdp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
google.com
  • 142.250.181.238
whitelisted
client.wns.windows.com
  • 172.211.123.250
  • 172.211.123.249
whitelisted
crl.microsoft.com
  • 23.216.77.6
  • 23.216.77.28
whitelisted
go.microsoft.com
  • 69.192.162.125
whitelisted
msedge.sf.dl.delivery.mp.microsoft.com
  • 23.48.23.48
  • 23.48.23.21
  • 23.48.23.28
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
msedge.api.cdp.microsoft.com
  • 172.169.87.222
whitelisted
msedge.f.tlu.dl.delivery.mp.microsoft.com
  • 199.232.214.172
  • 199.232.210.172
whitelisted
slscr.update.microsoft.com
  • 52.149.20.212
whitelisted

Threats

PID
Process
Class
Message
5408
TurtleWoW.exe
Misc activity
ET INFO Packed Executable Download
5548
svchost.exe
Misc activity
ET INFO Packed Executable Download
4108
msedgewebview2.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
4108
msedgewebview2.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
TurtleWoW.exe