URL:

https://cyberdrop.cr/f/YZC6rRbiCO1zn

Full analysis: https://app.any.run/tasks/eadefec3-58e3-4fcf-bc56-053b8a53ef78
Verdict: Malicious activity
Analysis date: January 11, 2026, 11:30:20
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
arch-exec
auto
generic
github
Indicators:
MD5:

50F7104CD89505AEA3888992932F94AA

SHA1:

087056C59381FF270F8D601BD448DC20F3F2E1F6

SHA256:

06B504A8906A3145C609C780C73E2323987B2771FF18CBEC73A708EDBC7F5995

SSDEEP:

3:N8BHARaJ74L:2GRaZG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • windowsdesktop-runtime-8.0.22-win-x64.exe (PID: 1844)

    • GENERIC has been found (auto)

      • msiexec.exe (PID: 8556)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 8668)
      • windowsdesktop-runtime-8.0.22-win-x64.exe (PID: 8512)
      • windowsdesktop-runtime-8.0.22-win-x64.exe (PID: 1844)
      • windowsdesktop-runtime-8.0.22-win-x64.exe (PID: 2760)
      • msiexec.exe (PID: 8556)

    • Reads security settings of Internet Explorer

      • SilverBulletPro.exe (PID: 1088)
      • windowsdesktop-runtime-8.0.22-win-x64.exe (PID: 2760)
      • SilverBulletPro.exe (PID: 3436)

    • Executable content was dropped or overwritten

      • windowsdesktop-runtime-8.0.22-win-x64.exe (PID: 8512)
      • windowsdesktop-runtime-8.0.22-win-x64.exe (PID: 2760)
      • windowsdesktop-runtime-8.0.22-win-x64.exe (PID: 1844)

    • Starts a Microsoft application from unusual location

      • windowsdesktop-runtime-8.0.22-win-x64.exe (PID: 2760)
      • windowsdesktop-runtime-8.0.22-win-x64.exe (PID: 1844)

    • Searches for installed software

      • windowsdesktop-runtime-8.0.22-win-x64.exe (PID: 2760)

    • Starts itself from another location

      • windowsdesktop-runtime-8.0.22-win-x64.exe (PID: 2760)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 8556)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 8556)

    • There is functionality for taking screenshot (YARA)

      • SilverBulletPro.exe (PID: 3436)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 8556)

  • INFO

    • Reads the computer name

      • identity_helper.exe (PID: 7268)
      • SilverBulletPro.exe (PID: 1088)
      • windowsdesktop-runtime-8.0.22-win-x64.exe (PID: 2760)
      • windowsdesktop-runtime-8.0.22-win-x64.exe (PID: 1844)
      • msiexec.exe (PID: 8556)
      • msiexec.exe (PID: 7328)
      • msiexec.exe (PID: 2308)
      • msiexec.exe (PID: 7468)
      • msiexec.exe (PID: 6440)
      • SilverBulletPro.exe (PID: 3436)

    • Reads Environment values

      • identity_helper.exe (PID: 7268)

    • Checks supported languages

      • identity_helper.exe (PID: 7268)
      • windowsdesktop-runtime-8.0.22-win-x64.exe (PID: 8512)
      • SilverBulletPro.exe (PID: 1088)
      • windowsdesktop-runtime-8.0.22-win-x64.exe (PID: 2760)
      • windowsdesktop-runtime-8.0.22-win-x64.exe (PID: 1844)
      • msiexec.exe (PID: 8556)
      • msiexec.exe (PID: 7328)
      • msiexec.exe (PID: 7468)
      • msiexec.exe (PID: 6440)
      • msiexec.exe (PID: 2308)
      • SilverBulletPro.exe (PID: 3436)

    • The sample compiled with english language support

      • WinRAR.exe (PID: 8668)
      • windowsdesktop-runtime-8.0.22-win-x64.exe (PID: 8512)
      • windowsdesktop-runtime-8.0.22-win-x64.exe (PID: 2760)
      • windowsdesktop-runtime-8.0.22-win-x64.exe (PID: 1844)
      • msiexec.exe (PID: 8556)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 8668)
      • msedge.exe (PID: 7516)
      • msiexec.exe (PID: 8556)

    • Application launched itself

      • msedge.exe (PID: 7516)
      • msedge.exe (PID: 5172)

    • Manual execution by a user

      • WinRAR.exe (PID: 8668)
      • SilverBulletPro.exe (PID: 1088)
      • SilverBulletPro.exe (PID: 3436)

    • Create files in a temporary directory

      • windowsdesktop-runtime-8.0.22-win-x64.exe (PID: 8512)
      • windowsdesktop-runtime-8.0.22-win-x64.exe (PID: 2760)
      • windowsdesktop-runtime-8.0.22-win-x64.exe (PID: 1844)
      • SilverBulletPro.exe (PID: 3436)

    • Process checks computer location settings

      • windowsdesktop-runtime-8.0.22-win-x64.exe (PID: 2760)
      • SilverBulletPro.exe (PID: 3436)

    • Creates a software uninstall entry

      • windowsdesktop-runtime-8.0.22-win-x64.exe (PID: 1844)
      • msiexec.exe (PID: 8556)

    • Creates files in the program directory

      • windowsdesktop-runtime-8.0.22-win-x64.exe (PID: 1844)
      • SilverBulletPro.exe (PID: 3436)

    • Launching a file from a Registry key

      • windowsdesktop-runtime-8.0.22-win-x64.exe (PID: 1844)

    • Reads the machine GUID from the registry

      • windowsdesktop-runtime-8.0.22-win-x64.exe (PID: 1844)
      • msiexec.exe (PID: 8556)

    • Checks proxy server information

      • slui.exe (PID: 7420)
      • SilverBulletPro.exe (PID: 3436)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
204
Monitored processes
51
Malicious processes
2
Suspicious processes
2

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs silverbulletpro.exe slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs windowsdesktop-runtime-8.0.22-win-x64.exe windowsdesktop-runtime-8.0.22-win-x64.exe msedge.exe no specs windowsdesktop-runtime-8.0.22-win-x64.exe #GENERIC msiexec.exe msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs silverbulletpro.exe

Process information

PID
CMD
Path
Indicators
Parent process
1088"C:\Users\admin\Downloads\SilverBullet 1.5.8 [Pro]-B3vgT3aO\SilverBulletPro.exe" C:\Users\admin\Downloads\SilverBullet 1.5.8 [Pro]-B3vgT3aO\SilverBulletPro.exe
explorer.exe
User:
admin
Company:
SilverBulletPro
Integrity Level:
MEDIUM
Description:
SilverBulletPro
Exit code:
2147516547
Version:
1.5.5
Modules
Images
c:\users\admin\downloads\silverbullet 1.5.8 [pro]-b3vgt3ao\silverbulletpro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1148"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --disable-quic --onnx-enabled-for-ee --string-annotations --always-read-main-dll --field-trial-handle=5324,i,1454428706351003998,5546789678997586605,262144 --variations-seed-version --mojo-platform-channel-handle=5352 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1524"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4352,i,1454428706351003998,5546789678997586605,262144 --variations-seed-version --mojo-platform-channel-handle=2080 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1844"C:\Users\admin\AppData\Local\Temp\{91740EB4-199E-4224-A18B-3CFAD9FCC8C5}\.be\windowsdesktop-runtime-8.0.22-win-x64.exe" -q -burn.elevated BurnPipe.{5A7605B2-82DF-4C09-BB27-A24048696257} {ABA2B0D9-DA13-4DF6-8188-B1765B54AA08} 2760C:\Users\admin\AppData\Local\Temp\{91740EB4-199E-4224-A18B-3CFAD9FCC8C5}\.be\windowsdesktop-runtime-8.0.22-win-x64.exe
windowsdesktop-runtime-8.0.22-win-x64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Windows Desktop Runtime - 8.0.22 (x64)
Exit code:
0
Version:
8.0.22.35428
Modules
Images
c:\users\admin\appdata\local\temp\{91740eb4-199e-4224-a18b-3cfad9fcc8c5}\.be\windowsdesktop-runtime-8.0.22-win-x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2308C:\Windows\syswow64\MsiExec.exe -Embedding 5CBA98257BF9795566D6B06302F0F6C7C:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2760"C:\Users\admin\AppData\Local\Temp\{C0F3C980-56B4-4A05-984D-B94EFE899EF9}\.cr\windowsdesktop-runtime-8.0.22-win-x64.exe" -burn.clean.room="C:\Users\admin\Downloads\windowsdesktop-runtime-8.0.22-win-x64.exe" -burn.filehandle.attached=552 -burn.filehandle.self=548 C:\Users\admin\AppData\Local\Temp\{C0F3C980-56B4-4A05-984D-B94EFE899EF9}\.cr\windowsdesktop-runtime-8.0.22-win-x64.exe
windowsdesktop-runtime-8.0.22-win-x64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Windows Desktop Runtime - 8.0.22 (x64)
Exit code:
0
Version:
8.0.22.35428
Modules
Images
c:\users\admin\appdata\local\temp\{c0f3c980-56b4-4a05-984d-b94efe899ef9}\.cr\windowsdesktop-runtime-8.0.22-win-x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
3276"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=7768,i,1454428706351003998,5546789678997586605,262144 --variations-seed-version --mojo-platform-channel-handle=3944 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3380"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5992,i,1454428706351003998,5546789678997586605,262144 --variations-seed-version --mojo-platform-channel-handle=5936 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3436"C:\Users\admin\Downloads\SilverBullet 1.5.8 [Pro]-B3vgT3aO\SilverBulletPro.exe" C:\Users\admin\Downloads\SilverBullet 1.5.8 [Pro]-B3vgT3aO\SilverBulletPro.exe
explorer.exe
User:
admin
Company:
SilverBulletPro
Integrity Level:
MEDIUM
Description:
SilverBulletPro
Version:
1.5.5
Modules
Images
c:\users\admin\downloads\silverbullet 1.5.8 [pro]-b3vgt3ao\silverbulletpro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
3976"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6472,i,1454428706351003998,5546789678997586605,262144 --variations-seed-version --mojo-platform-channel-handle=6524 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\identity_helper.exe
c:\windows\system32\ntdll.dll
Total events
15 153
Read events
14 228
Write events
881
Delete events
44

Modification events

(PID) Process:(8668) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(8668) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(8668) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(8668) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1088) SilverBulletPro.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(1088) SilverBulletPro.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1088) SilverBulletPro.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1088) SilverBulletPro.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1844) windowsdesktop-runtime-8.0.22-win-x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{a3899eef-6164-4d42-b8c3-95ae6a844821}
Operation:writeName:BundleCachePath
Value:
C:\ProgramData\Package Cache\{a3899eef-6164-4d42-b8c3-95ae6a844821}\windowsdesktop-runtime-8.0.22-win-x64.exe
(PID) Process:(1844) windowsdesktop-runtime-8.0.22-win-x64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{a3899eef-6164-4d42-b8c3-95ae6a844821}
Operation:writeName:BundleUpgradeCode
Value:
{7F5F299F-5EB1-6FC0-6D86-FB7931E33C68}
Executable files
812
Suspicious files
277
Text files
348
Unknown types
4

Dropped files

PID
Process
Filename
Type
7516msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RFfddf3.TMP
MD5:
SHA256:
7516msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
7516msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RFfde12.TMP
MD5:
SHA256:
7516msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RFfde12.TMP
MD5:
SHA256:
7516msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
7516msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RFfde12.TMP
MD5:
SHA256:
7516msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
7516msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
7516msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RFfde22.TMP
MD5:
SHA256:
7516msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
239
TCP/UDP connections
177
DNS requests
205
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7848
msedge.exe
GET
200
150.171.22.17:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=EdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=65&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1741678270&lafgdate=0
unknown
text
768 b
whitelisted
7848
msedge.exe
GET
200
150.171.28.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
unknown
text
446 b
whitelisted
7848
msedge.exe
GET
190.115.31.35:443
https://cyberdrop.cr/libs/lazyload/lazyload.min.js
unknown
unknown
7848
msedge.exe
GET
190.115.31.35:443
https://cyberdrop.cr/favicon-32x32.png
unknown
unknown
7848
msedge.exe
GET
200
150.171.28.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:RlygkwlbNGlNXpwJGoEHF0Z6XEyhplqcWuH3WvI1Q1s&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
7848
msedge.exe
GET
200
104.18.23.222:443
https://copilot.microsoft.com/c/api/user/eligibility
unknown
text
25 b
whitelisted
7848
msedge.exe
GET
200
190.115.31.35:443
https://cyberdrop.cr/f/YZC6rRbiCO1zn
unknown
html
19.7 Kb
unknown
7848
msedge.exe
GET
200
172.67.69.227:443
https://cdn.plyr.io/3.7.8/plyr.css
unknown
text
31.8 Kb
unknown
7848
msedge.exe
GET
200
172.67.69.227:443
https://cdn.plyr.io/3.7.8/plyr.js
unknown
text
110 Kb
unknown
7848
msedge.exe
GET
200
2.16.204.139:443
https://www.bing.com/bloomfilterfiles/ExpandedDomainsFilterGlobal.json
unknown
text
128 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
2228
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5492
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
7848
msedge.exe
150.171.28.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7848
msedge.exe
150.171.22.17:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7848
msedge.exe
190.115.31.35:443
cyberdrop.cr
IQWEB
AE
unknown
7848
msedge.exe
150.171.28.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7848
msedge.exe
104.18.23.222:443
copilot.microsoft.com
CLOUDFLARENET
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
  • 51.104.136.2
whitelisted
google.com
  • 142.251.208.14
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
cyberdrop.cr
  • 190.115.31.35
whitelisted
copilot.microsoft.com
  • 104.18.23.222
  • 104.18.22.222
whitelisted
www.bing.com
  • 2.16.204.139
  • 2.16.204.149
  • 2.16.204.160
  • 2.16.204.135
  • 2.16.204.147
  • 2.16.204.148
  • 2.16.204.141
  • 2.16.204.134
  • 2.16.204.138
  • 2.16.204.155
  • 2.16.204.150
  • 2.16.204.157
  • 2.16.204.151
  • 2.16.204.161
  • 2.16.204.158
  • 2.16.204.159
whitelisted
cdn.plyr.io
  • 172.67.69.227
  • 104.26.12.19
  • 104.26.13.19
whitelisted
fonts.bunny.net
  • 78.46.69.199
whitelisted
js.wpadmngr.com
  • 45.133.44.52
  • 45.133.44.53
whitelisted

Threats

PID
Process
Class
Message
Misc activity
INFO [ANY.RUN] DDoS-Guard Hosted Web Content observed
7848
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7848
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
2292
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
Process
Message
SilverBulletPro.exe
You must install .NET to run this application. App: C:\Users\admin\Downloads\SilverBullet 1.5.8 [Pro]-B3vgT3aO\SilverBulletPro.exe Architecture: x64 App host version: 8.0.0 .NET location: Not found Learn more: https://aka.ms/dotnet/app-launch-failed Download the .NET runtime: https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win-x64&os=win10&apphost_version=8.0.0
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://cyberdrop.cr/f/YZC6rRbiCO1zn