File name:

TurtleWoW.exe

Full analysis: https://app.any.run/tasks/08fbfac2-a4a1-498c-b784-7d59901ddeb5
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: April 08, 2025, 05:22:08
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

DF7580175A899AD0CF3017685830D84A

SHA1:

AFCFD76A2AAEFE056AFD1247488F1AAF955B0881

SHA256:

1D4C5A031D148A2687912778BFB4E61080985675747390DB0D76AC931AA60795

SSDEEP:

98304:9J8CwYGjpz/88WEHioI5t8xNqKOiNsFL2AXmku8A06elwDsmI+U0QQyiUzmZ/epu:9u6nKlU5GfIUwYF1B49g

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • TurtleWoW.exe (PID: 5408)

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 4040)

    • The DLL Hijacking

      • msedgewebview2.exe (PID: 2692)

    • Scans artifacts that could help determine the target

      • msedgewebview2.exe (PID: 5256)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • TurtleWoW.exe (PID: 5408)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • TurtleWoW.exe (PID: 5408)

    • Process drops legitimate windows executable

      • TurtleWoW.exe (PID: 5408)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2236)
      • MicrosoftEdgeUpdate.exe (PID: 4040)
      • MicrosoftEdge_X64_135.0.3179.54.exe (PID: 5428)
      • setup.exe (PID: 3268)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 2236)
      • MicrosoftEdgeUpdate.exe (PID: 4040)

    • Process requests binary or script from the Internet

      • TurtleWoW.exe (PID: 5408)

    • There is functionality for taking screenshot (YARA)

      • TurtleWoW.exe (PID: 5408)

    • Executable content was dropped or overwritten

      • MicrosoftEdgeWebview2Setup.exe (PID: 2236)
      • TurtleWoW.exe (PID: 5408)
      • MicrosoftEdgeUpdate.exe (PID: 4040)
      • MicrosoftEdge_X64_135.0.3179.54.exe (PID: 5428)
      • setup.exe (PID: 3268)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6644)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4892)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7084)
      • MicrosoftEdgeUpdate.exe (PID: 5416)

    • Searches for installed software

      • TurtleWoW.exe (PID: 5408)
      • setup.exe (PID: 3268)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 4040)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 4040)
      • MicrosoftEdgeUpdate.exe (PID: 2320)
      • msedgewebview2.exe (PID: 5256)

    • Application launched itself

      • setup.exe (PID: 3268)
      • MicrosoftEdgeUpdate.exe (PID: 2320)
      • msedgewebview2.exe (PID: 5256)

    • Creates a software uninstall entry

      • setup.exe (PID: 3268)
      • TurtleWoW.exe (PID: 5408)

  • INFO

    • The sample compiled with english language support

      • TurtleWoW.exe (PID: 5408)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2236)
      • MicrosoftEdgeUpdate.exe (PID: 4040)
      • MicrosoftEdge_X64_135.0.3179.54.exe (PID: 5428)
      • setup.exe (PID: 3268)

    • Reads the computer name

      • TurtleWoW.exe (PID: 5408)
      • MicrosoftEdgeUpdate.exe (PID: 4040)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6644)
      • MicrosoftEdgeUpdate.exe (PID: 5416)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4892)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7084)
      • MicrosoftEdgeUpdate.exe (PID: 6112)
      • MicrosoftEdgeUpdate.exe (PID: 6184)
      • MicrosoftEdgeUpdate.exe (PID: 2320)
      • MicrosoftEdge_X64_135.0.3179.54.exe (PID: 5428)
      • setup.exe (PID: 3268)
      • MicrosoftEdgeUpdate.exe (PID: 2984)
      • msedgewebview2.exe (PID: 5256)
      • turtle-wow.exe (PID: 1052)
      • msedgewebview2.exe (PID: 2692)
      • msedgewebview2.exe (PID: 4108)

    • Checks supported languages

      • TurtleWoW.exe (PID: 5408)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2236)
      • MicrosoftEdgeUpdate.exe (PID: 5416)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6644)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4892)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7084)
      • MicrosoftEdgeUpdate.exe (PID: 4040)
      • MicrosoftEdgeUpdate.exe (PID: 6112)
      • MicrosoftEdgeUpdate.exe (PID: 6184)
      • MicrosoftEdgeUpdate.exe (PID: 2320)
      • MicrosoftEdge_X64_135.0.3179.54.exe (PID: 5428)
      • setup.exe (PID: 3268)
      • setup.exe (PID: 2596)
      • MicrosoftEdgeUpdate.exe (PID: 2984)
      • turtle-wow.exe (PID: 1052)
      • msedgewebview2.exe (PID: 1748)
      • msedgewebview2.exe (PID: 5256)
      • msedgewebview2.exe (PID: 2692)
      • msedgewebview2.exe (PID: 4108)
      • msedgewebview2.exe (PID: 6028)
      • msedgewebview2.exe (PID: 6820)

    • Checks proxy server information

      • TurtleWoW.exe (PID: 5408)
      • MicrosoftEdgeUpdate.exe (PID: 6112)
      • MicrosoftEdgeUpdate.exe (PID: 2320)
      • MicrosoftEdgeUpdate.exe (PID: 2984)
      • msedgewebview2.exe (PID: 5256)
      • turtle-wow.exe (PID: 1052)
      • slui.exe (PID: 1164)

    • Create files in a temporary directory

      • MicrosoftEdgeWebview2Setup.exe (PID: 2236)
      • TurtleWoW.exe (PID: 5408)
      • MicrosoftEdgeUpdate.exe (PID: 4040)
      • msedgewebview2.exe (PID: 5256)

    • Creates files or folders in the user directory

      • MicrosoftEdgeUpdate.exe (PID: 4040)
      • MicrosoftEdgeUpdate.exe (PID: 2320)
      • MicrosoftEdge_X64_135.0.3179.54.exe (PID: 5428)
      • setup.exe (PID: 2596)
      • setup.exe (PID: 3268)
      • TurtleWoW.exe (PID: 5408)
      • msedgewebview2.exe (PID: 1748)
      • msedgewebview2.exe (PID: 5256)
      • msedgewebview2.exe (PID: 4108)
      • turtle-wow.exe (PID: 1052)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 6112)
      • MicrosoftEdgeUpdate.exe (PID: 2984)
      • turtle-wow.exe (PID: 1052)
      • msedgewebview2.exe (PID: 5256)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 4040)
      • setup.exe (PID: 3268)
      • msedgewebview2.exe (PID: 5256)
      • msedgewebview2.exe (PID: 6820)

    • Reads the machine GUID from the registry

      • MicrosoftEdgeUpdate.exe (PID: 2320)
      • MicrosoftEdgeUpdate.exe (PID: 6112)
      • MicrosoftEdgeUpdate.exe (PID: 2984)
      • msedgewebview2.exe (PID: 5256)

    • Reads the software policy settings

      • MicrosoftEdgeUpdate.exe (PID: 6112)
      • MicrosoftEdgeUpdate.exe (PID: 2320)
      • MicrosoftEdgeUpdate.exe (PID: 2984)
      • slui.exe (PID: 1164)

    • Manual execution by a user

      • turtle-wow.exe (PID: 1052)

    • Reads product name

      • turtle-wow.exe (PID: 1052)

    • Reads CPU info

      • msedgewebview2.exe (PID: 5256)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:09:25 21:56:47+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x3640
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.0.2.0
ProductVersionNumber: 2.0.2.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: TurtleWoW
FileVersion: 2.0.2
LegalCopyright: -
ProductName: TurtleWoW
ProductVersion: 2.0.2
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
152
Monitored processes
22
Malicious processes
9
Suspicious processes
1

Behavior graph

Click at the process to see the details
start turtlewow.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe slui.exe microsoftedge_x64_135.0.3179.54.exe setup.exe setup.exe no specs microsoftedgeupdate.exe turtle-wow.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1052"C:\Users\admin\AppData\Local\TurtleWoW\turtle-wow.exe"C:\Users\admin\AppData\Local\TurtleWoW\turtle-wow.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
TurtleWoW
Version:
0.0.0
Modules
Images
c:\users\admin\appdata\local\turtlewow\turtle-wow.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1164C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1748C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\135.0.3179.54\msedgewebview2.exe --type=crashpad-handler --user-data-dir=C:\Users\admin\AppData\Local\turtle-wow\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\admin\AppData\Local\turtle-wow\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=135.0.7049.42 --annotation=exe=C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\135.0.3179.54\msedgewebview2.exe --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=135.0.3179.54 --initial-client-data=0x1a0,0x1a4,0x1a8,0x17c,0x1b0,0x7ffc88958240,0x7ffc8895824c,0x7ffc88958258C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\135.0.3179.54\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
135.0.3179.54
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\135.0.3179.54\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\135.0.3179.54\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2236C:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe /silent /installC:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
TurtleWoW.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update Setup
Exit code:
0
Version:
1.3.195.49
Modules
Images
c:\users\admin\appdata\local\temp\microsoftedgewebview2setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2320"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" -EmbeddingC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.49
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
2596C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{EDC5A982-DF75-4750-90C7-B552884A4E91}\EDGEMITMP_3613A.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=135.0.7049.42 --annotation=exe=C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{EDC5A982-DF75-4750-90C7-B552884A4E91}\EDGEMITMP_3613A.tmp\setup.exe --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=135.0.3179.54 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2a4,0x2d4,0x7ff79c09c888,0x7ff79c09c894,0x7ff79c09c8a0C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{EDC5A982-DF75-4750-90C7-B552884A4E91}\EDGEMITMP_3613A.tmp\setup.exesetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
135.0.3179.54
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{edc5a982-df75-4750-90c7-b552884a4e91}\edgemitmp_3613a.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\bcryptprimitives.dll
2692"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\135.0.3179.54\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\turtle-wow\EBWebView" --webview-exe-name=turtle-wow.exe --webview-exe-version=0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-pre-read-main-dll --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1896,i,5042347286289215557,5336544209941453863,262144 --enable-features=ForceSWDCompWhenDCompFallbackRequired,msAggressiveCacheTrimming,msCustomDataPartition,msWebView2NoTabForScreenShare,msWindowsTaskManager --disable-features=BackForwardCache,BackgroundTabLoadingFromPerformanceManager,CloseOmniboxPopupOnInactiveAreaClick,CollectAVProductsInfo,CollectCodeIntegrityInfo,EnableHangWatcher,FilterAdsOnAbusiveSites,GetWifiProtocol,LoginDetection,MediaFoundationCameraUsageMonitoring,PreconnectToSearch,SafetyHub,SegmentationPlatform,SpareRendererForSitePerProcess,Ukm,WebPayments,msAITrackerClassification,msAbydosForWindowlessWV2,msAffirmVirtualCard,msAllowChromeWebstore,msAllowMSAPrtSSOForNonMSAProfile,msApplicationGuard,msAskBeforeClosingMultipleTabs,msAutoToggleAADPrtSSOForNonAADProfile,msAutofillEdgeCoupons,msAutofillEdgeCouponsAutoApply,msAutofillEdgeServiceRequest,msAutomaticTabFreeze,msBrowserSettingsSupported,msCoarseGeolocationService,msDataProtection,msDesktopMode,msDesktopRewards,msDisableVariationsSeedFetchThrottling,msEEProactiveHistory,msETFOffstoreExtensionFileDataCollection,msETFPasswordTheftDNRActionSignals,msEdgeAdPlatformUI,msEdgeAddWebCapturetoCollections,msEdgeAutofillAdvancedSuggestionsBasic,msEdgeAutofillOneClickAutocomplete,msEdgeAutofillSaveGSPR100InDb,msEdgeAutofillShowDeployedPassword,msEdgeAutofillSs,msEdgeBrowserEssentialsShowUpdateSection,msEdgeCloudConfigService,msEdgeCloudConfigServiceV2,msEdgeCohorts,msEdgeCollectionsPrismExperiment1,msEdgeCollectionsPrismOverallMigration,msEdgeComposeNext,msEdgeEnableNurturingFramework,msEdgeEnclavePrefsBasic,msEdgeEnclavePrefsNotification,msEdgeFaviconService,msEdgeHJTelemetry,msEdgeHubAppSkype,msEdgeImageEditorUI,msEdgeLinkDoctor,msEdgeMouseGestureDefaultEnabled,msEdgeMouseGestureSupported,msEdgeNewDeviceFre,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgePDFCMHighlightUX,msEdgePasswordIris,msEdgePasswordIrisSaveBubble,msEdgeProngPersonalization,msEdgeReadingView,msEdgeRose,msEdgeSendTabToSelf,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingPersistentStorage,msEdgeShoppingUI,msEdgeSmartFind,msEdgeSuperDragDefaultEnabled,msEdgeSuperDragDropSupported,msEdgeTipping,msEdgeTranslate,msEdgeUseCaptivePortalService,msEdgeWebContentFilteringFeedback,msEdgeWorkSearchBanner,msEnableCustomJobMemoryLimitsOnXbox,msEnableMIPForPDF,msEnablePdfUpsell,msEnableThirdPartyScanning,msEnableWebSignInCta,msEnableWebToBrowserSignIn,msEndpointDlp,msEntityExtraction,msExtensionTelemetryFramework,msExternalTaskManager,msFileSystemAccessDirectoryIterationBlocklistCheck,msForceBrowserSignIn,msForeignSessionsPage,msGeolocationAccessService,msGeolocationOSLocationPermissionFallback,msGeolocationSQMService,msGeolocationService,msGrowthInfraLaunchSourceLogging,msGuidedSwitchAllowed,msHubPinPersist,msImplicitSignin,msIrm,msIrmv2,msKlarnaVirtualCard,msLoadStatistics,msLogIsEdgePinnedToTaskbarOnLaunch,msMIPCrossTenantPdfViewSupport,msMdatpWebSiteDlp,msNotificationPermissionForPWA,msOnHoverSearchInSidebar,msOpenOfficeDocumentsInWebViewer,msPasswordBreachDetection,msPdfAnnotationsVisibility,msPdfDataRecovery,msPdfDigitalSignatureRead,msPdfFreeText,msPdfFreeTextForCJK,msPdfHighlightMode,msPdfInking,msPdfKeyphraseSupport,msPdfOOUI,msPdfPopupMarkerRenderer,msPdfShare,msPdfSharedLibrary,msPdfTextNote,msPdfTextNoteMoreMenu,msPdfThumbnailCache,msPdfUnderside,msPdfViewRestore,msPersonalizationUMA,msPriceComparison,msPromptDefaultHandlerForPDF,msReactiveSearch,msReadAloud,msReadAloudPdf,msRedirectToShoreline,msRevokeExtensions,msSaasDlp,msShoppingTrigger,msShorelineSearch,msShorelineSearchFindOnPageWebUI,msShowOfflineGameEntrance,msShowReadAloudIconInAddressBar,msShowUXForAADPrtSSOForNonAADProfile,msSmartScreenProtection,msSuspendMessageForNewSessionWhenHavingPendingNavigation,msSyncEdgeCollections,msTabResourceStats,msTokenizationAutofillInlineEnabled,msTouchMode,msTriggeringSignalGenerator,msUserUnderstanding,msVideoSuperResolutionUI,msWalletBuyNow,msWalletCheckout,msWalletDiagnosticDataLogger,msWalletHubEntry,msWalletHubIntlP3,msWalletPartialCard,msWalletPasswordCategorization,msWalletPasswordCategorizationPlatformExpansion,msWalletTokenizationCardMetadata,msWalletTokenizedAutofill,msWebAssist,msWebAssistHistorySearchService,msWebOOUI,msWindowsUserActivities,msZipPayVirtualCard --variations-seed-version --mojo-platform-channel-handle=1888 /prefetch:2C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\135.0.3179.54\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
135.0.3179.54
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\135.0.3179.54\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\135.0.3179.54\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2984"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDkiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7MzI4QTAyM0UtODVCQy00QjFGLUE1NDMtQzM3RTU1NkJFQUEzfSIgdXNlcmlkPSJ7OENBODZDQ0MtMDAzNS00OTJCLUEzN0QtMTkxMDgwMjE3QkUxfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InswRTk3MjJBRC05MkQwLTQwMkItQTYzMC1GNUQ4MkMyRTEyREZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzUuMC4zMTc5LjU0IiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk4NjM4MjE4OTAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5ODYzOTc4NzU5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAyODEwMDkwODkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzJkMzJmZTcwLWEzMjAtNDQ2NS1hMWFkLTVmMjAxOTdmN2Y5YT9QMT0xNzQ0Njk0NTU3JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PU5tdjlIUkNzOEdMcUVoZFZTOFdMbVdKZHpCWHNrMmV0cGJLclB4alRMRmIzUmNoayUyZjJaNnhKdFpvN3lTbGlFN24xNnpVV21NSHo1b2FCUG0wTVpDJTJiUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE3MjM1NjE1MiIgdG90YWw9IjE3MjM1NjE1MiIgZG93bmxvYWRfdGltZV9tcz0iMzcxMjUiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDI4MTMyMjU5NSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMzAxMTY2NDIyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDczMjQxNTUxNiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjE3OTciIGRvd25sb2FkX3RpbWVfbXM9IjQxNzM0IiBkb3dubG9hZGVkPSIxNzIzNTYxNTIiIHRvdGFsPSIxNzIzNTYxNTIiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQzMTA5Ii8-PC9hcHA-PC9yZXF1ZXN0PgC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.49
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
3268"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{EDC5A982-DF75-4750-90C7-B552884A4E91}\EDGEMITMP_3613A.tmp\setup.exe" --install-archive="C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{EDC5A982-DF75-4750-90C7-B552884A4E91}\MicrosoftEdge_X64_135.0.3179.54.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --user-levelC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{EDC5A982-DF75-4750-90C7-B552884A4E91}\EDGEMITMP_3613A.tmp\setup.exe
MicrosoftEdge_X64_135.0.3179.54.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
135.0.3179.54
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{edc5a982-df75-4750-90c7-b552884a4e91}\edgemitmp_3613a.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\bcryptprimitives.dll
4040C:\Users\admin\AppData\Local\Temp\EUF9B4.tmp\MicrosoftEdgeUpdate.exe /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"C:\Users\admin\AppData\Local\Temp\EUF9B4.tmp\MicrosoftEdgeUpdate.exe
MicrosoftEdgeWebview2Setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.49
Modules
Images
c:\users\admin\appdata\local\temp\euf9b4.tmp\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
Total events
22 287
Read events
19 605
Write events
2 614
Delete events
68

Modification events

(PID) Process:(4040) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(4040) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:path
Value:
C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(PID) Process:(4040) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:UninstallCmdLine
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /uninstall
(PID) Process:(4040) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.195.49
(PID) Process:(4040) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:name
Value:
Microsoft Edge Update
(PID) Process:(4040) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.195.49
(PID) Process:(4040) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Microsoft Edge Update
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.49\MicrosoftEdgeUpdateCore.exe"
(PID) Process:(6644) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(6644) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(6644) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{F6575EAC-C070-4329-8FB9-CB574A353CC3}\InprocHandler32
Operation:writeName:ThreadingModel
Value:
Both
Executable files
217
Suspicious files
104
Text files
28
Unknown types
2

Dropped files

PID
Process
Filename
Type
5408TurtleWoW.exeC:\Users\admin\AppData\Local\Temp\nsyCAD6.tmp\LangDLL.dllexecutable
MD5:68B287F4067BA013E34A1339AFDB1EA8
SHA256:18E8B40BA22C7A1687BD16E8D585380BC2773FFF5002D7D67E9485FCC0C51026
5408TurtleWoW.exeC:\Users\admin\AppData\Local\Temp\nsyCAD6.tmp\System.dllexecutable
MD5:CFF85C549D536F651D4FB8387F1976F2
SHA256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
5408TurtleWoW.exeC:\Users\admin\AppData\Local\Temp\nsyCAD6.tmp\NSISdl.dllexecutable
MD5:EE68463FED225C5C98D800BDBD205598
SHA256:419485A096BC7D95F872ED1B9B7B5C537231183D710363BEEE4D235BB79DBE04
5408TurtleWoW.exeC:\Users\admin\AppData\Local\Temp\nsyCAD6.tmp\modern-wizard.bmpimage
MD5:1185DAD0C68CA4452F6EF8ACC06A69A0
SHA256:2FB0A86CDC0764297E027EA25DF454827F2D7E5D93CD7B80901892D9234716DB
5408TurtleWoW.exeC:\Users\admin\AppData\Local\Temp\nsyCAD6.tmp\modern-header.bmpimage
MD5:FBF838C4D76135D01D4B10511B322D39
SHA256:61A765C64A64C637FC8F80770695A1F3A1F1C26ADABEC3062F1D81F7836973C8
2236MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUF9B4.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeexecutable
MD5:A6D59861272EE24F43DDE137AB82B116
SHA256:146DC78518FDACB266295EE49CDB48E898D74B7F23B5C08D006D64577CDD6C6D
5408TurtleWoW.exeC:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exeexecutable
MD5:FA04ED70DC9743693C0B62776547BBF4
SHA256:0A7FF586F6F5A830729949F301A444E4C565898463EBA1C7E907B3FE6EFC5267
2236MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUF9B4.tmp\MicrosoftEdgeUpdate.exeexecutable
MD5:BBD650A482ED31B5FD9B1C1636A08EA1
SHA256:C78F97F6E2DB213366AFB7EF57720CC0801CAFB428C436E8C8A780AB74F4C1E2
2236MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUF9B4.tmp\MicrosoftEdgeComRegisterShellARM64.exeexecutable
MD5:B2CA6C419F03D1AF9B283E8E696504DC
SHA256:1AD04F1EF3A5C1DC31EFE1F08FAF6ABD35C0721E10D11DE31823DDBF5882E0D4
5408TurtleWoW.exeC:\Users\admin\AppData\Local\Temp\nsyCAD6.tmp\nsDialogs.dllexecutable
MD5:6C3F8C94D0727894D706940A8A980543
SHA256:56B96ADD1978B1ABBA286F7F8982B0EFBE007D4A48B3DED6A4D408E01D753FE2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
40
TCP/UDP connections
61
DNS requests
25
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6456
RUXIMICS.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5408
TurtleWoW.exe
GET
301
69.192.162.125:80
http://go.microsoft.com/fwlink/p/?LinkId=2124703
unknown
whitelisted
GET
200
52.149.20.212:443
https://slscr.update.microsoft.com/sls/ping
unknown
GET
304
52.149.20.212:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
5408
TurtleWoW.exe
GET
200
23.48.23.48:80
http://msedge.sf.dl.delivery.mp.microsoft.com/filestreamingservice/files/52b8103e-36c0-4201-990f-35a73867132f/MicrosoftEdgeWebview2Setup.exe
unknown
whitelisted
5548
svchost.exe
HEAD
200
199.232.214.172:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2d32fe70-a320-4465-a1ad-5f20197f7f9a?P1=1744694557&P2=404&P3=2&P4=Nmv9HRCs8GLqEhdVS8WLmWJdzBXsk2etpbKrPxjTLFb3Rchk%2f2Z6xJtZo7ySliE7n16zUWmMHz5oaBPm0MZC%2bQ%3d%3d
unknown
whitelisted
GET
304
52.149.20.212:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
5548
svchost.exe
GET
200
199.232.214.172:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2d32fe70-a320-4465-a1ad-5f20197f7f9a?P1=1744694557&P2=404&P3=2&P4=Nmv9HRCs8GLqEhdVS8WLmWJdzBXsk2etpbKrPxjTLFb3Rchk%2f2Z6xJtZo7ySliE7n16zUWmMHz5oaBPm0MZC%2bQ%3d%3d
unknown
whitelisted
GET
200
52.149.20.212:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
2040
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6456
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6456
RUXIMICS.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
3216
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
5408
TurtleWoW.exe
69.192.162.125:80
go.microsoft.com
AKAMAI-AS
DE
whitelisted
5408
TurtleWoW.exe
23.48.23.48:80
msedge.sf.dl.delivery.mp.microsoft.com
Akamai International B.V.
DE
whitelisted
6112
MicrosoftEdgeUpdate.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2320
MicrosoftEdgeUpdate.exe
172.169.87.222:443
msedge.api.cdp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
google.com
  • 142.250.181.238
whitelisted
client.wns.windows.com
  • 172.211.123.250
  • 172.211.123.249
whitelisted
crl.microsoft.com
  • 23.216.77.6
  • 23.216.77.28
whitelisted
go.microsoft.com
  • 69.192.162.125
whitelisted
msedge.sf.dl.delivery.mp.microsoft.com
  • 23.48.23.48
  • 23.48.23.21
  • 23.48.23.28
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
msedge.api.cdp.microsoft.com
  • 172.169.87.222
whitelisted
msedge.f.tlu.dl.delivery.mp.microsoft.com
  • 199.232.214.172
  • 199.232.210.172
whitelisted
slscr.update.microsoft.com
  • 52.149.20.212
whitelisted

Threats

PID
Process
Class
Message
Misc activity
ET INFO Packed Executable Download
Misc activity
ET INFO Packed Executable Download
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
TurtleWoW.exe