URL:

https://www.bitdefender.com/en-us/consumer/thank-you

Full analysis: https://app.any.run/tasks/31712e9a-ce04-47a9-a171-39fd300184b7
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: May 22, 2026, 20:07:40
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
loader
rust
Indicators:
MD5:

7D5293D75C02E5795E7C70D0084BF99D

SHA1:

87408DB558410030DCAB5DA341ED7001976F4478

SHA256:

8D366BDC6CDD32F127F51A18A23EEB5711231927C4C918887C42ABB09E7A0A54

SSDEEP:

3:N8DSLsmzZ8iQARWo:2OLsmzZdTRWo

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • DiscoverySrv.exe (PID: 9052)

    • Executing a file with an untrusted certificate

      • MicrosoftEdgeUpdate.exe (PID: 672)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8872)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 9112)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8428)
      • MicrosoftEdge_X64_148.0.3967.83.exe (PID: 5876)
      • setup.exe (PID: 7516)

    • Changes the autorun value in the registry

      • installer.exe (PID: 4056)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • bitdefender_avfree.exe (PID: 8792)
      • setuppackage.exe (PID: 9112)
      • installer.exe (PID: 9204)
      • ProductAgentService.exe (PID: 8884)
      • fzc7B88.tmp (PID: 9196)
      • MicrosoftEdge_X64_148.0.3967.83.exe (PID: 5876)
      • diq7711.tmp (PID: 5200)
      • setup.exe (PID: 7516)
      • installer.exe (PID: 6140)
      • installer.exe (PID: 4056)

    • Creates file in the systems drive root

      • bddeploy.exe (PID: 9080)
      • ProductAgentService.exe (PID: 6684)
      • bdredline.exe (PID: 8240)
      • ProductAgentService.exe (PID: 5888)
      • ProductAgentService.exe (PID: 8824)
      • installer.exe (PID: 9204)
      • DiscoverySrv.exe (PID: 9052)
      • DiscoverySrv.exe (PID: 5584)
      • ProductAgentService.exe (PID: 8884)
      • ProductAgentUI.exe (PID: 9136)
      • installer.exe (PID: 6140)
      • installer.exe (PID: 4056)
      • ProductAgentUI.exe (PID: 8856)
      • bdpretraining.exe (PID: 3008)
      • WatchDog.exe (PID: 3352)

    • The process verifies whether the antivirus software is installed

      • installer.exe (PID: 9204)
      • bdredline.exe (PID: 8240)
      • ProductAgentService.exe (PID: 5888)
      • ProductAgentService.exe (PID: 6684)
      • ProductAgentService.exe (PID: 8824)
      • ProductAgentService.exe (PID: 8884)
      • DiscoverySrv.exe (PID: 9052)
      • regsvr32.exe (PID: 8564)
      • DiscoverySrv.exe (PID: 5584)
      • ProductAgentUI.exe (PID: 9136)
      • fzc7B88.tmp (PID: 9196)
      • MicrosoftEdgeUpdate.exe (PID: 672)
      • diq7711.tmp (PID: 5200)
      • installer.exe (PID: 6140)
      • installer.exe (PID: 4056)
      • ProductAgentUI.exe (PID: 8856)
      • WatchDog.exe (PID: 3352)

    • Executes as Windows Service

      • bdredline.exe (PID: 8240)
      • ProductAgentService.exe (PID: 8884)
      • MicrosoftEdgeUpdate.exe (PID: 9016)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 8564)
      • MicrosoftEdgeUpdate.exe (PID: 8880)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8872)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8428)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 9112)

    • Starts application with an unusual extension

      • ProductAgentService.exe (PID: 8884)

    • Starts a Microsoft application from unusual location

      • fzc7B88.tmp (PID: 9196)
      • MicrosoftEdgeUpdate.exe (PID: 672)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 672)
      • installer.exe (PID: 6140)

    • Disables SEHOP

      • MicrosoftEdgeUpdate.exe (PID: 672)

    • Application launched itself

      • MicrosoftEdgeUpdate.exe (PID: 9016)

    • Drops a system driver (possible attempt to evade defenses)

      • diq7711.tmp (PID: 5200)
      • installer.exe (PID: 6140)
      • installer.exe (PID: 4056)
      • drvinst.exe (PID: 3168)
      • drvinst.exe (PID: 1684)

    • Searches for installed software

      • setup.exe (PID: 7516)
      • installer.exe (PID: 4056)

    • The process drops C-runtime libraries

      • installer.exe (PID: 4056)

    • Creates or modifies Windows services

      • installer.exe (PID: 4056)

    • Reads the BIOS version

      • installer.exe (PID: 4056)

    • Changes Internet Explorer settings (feature browser emulation)

      • installer.exe (PID: 4056)

    • The process creates files with name similar to system file names

      • installer.exe (PID: 4056)

  • INFO

    • Checks supported languages

      • identity_helper.exe (PID: 1500)
      • bitdefender_avfree.exe (PID: 8792)
      • bddeploy.exe (PID: 9080)
      • agent_launcher.exe (PID: 8956)
      • setuppackage.exe (PID: 9112)
      • installer.exe (PID: 9204)
      • ProductAgentService.exe (PID: 5888)
      • ProductAgentService.exe (PID: 8824)
      • bdredline.exe (PID: 8240)
      • ProductAgentService.exe (PID: 6684)
      • DiscoverySrv.exe (PID: 9052)
      • ProductAgentService.exe (PID: 8884)
      • DiscoverySrv.exe (PID: 5584)
      • ProductAgentUI.exe (PID: 9136)
      • fzc7B88.tmp (PID: 9196)
      • MicrosoftEdgeUpdate.exe (PID: 672)
      • MicrosoftEdgeUpdate.exe (PID: 7908)
      • MicrosoftEdgeUpdate.exe (PID: 8880)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8872)
      • MicrosoftEdgeUpdate.exe (PID: 8196)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 9112)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8428)
      • MicrosoftEdgeUpdate.exe (PID: 9100)
      • MicrosoftEdgeUpdate.exe (PID: 7908)
      • MicrosoftEdgeUpdate.exe (PID: 9016)
      • MicrosoftEdge_X64_148.0.3967.83.exe (PID: 5876)
      • setup.exe (PID: 7516)
      • diq7711.tmp (PID: 5200)
      • installer.exe (PID: 6140)
      • ProductAgentUI.exe (PID: 8856)
      • installer.exe (PID: 4056)
      • drvinst.exe (PID: 1684)
      • drvinst.exe (PID: 3008)
      • drvinst.exe (PID: 3168)
      • bdpretraining.exe (PID: 3008)
      • MicrosoftEdgeUpdate.exe (PID: 5724)
      • WatchDog.exe (PID: 3352)
      • drvinst.exe (PID: 8132)

    • Reads the computer name

      • bitdefender_avfree.exe (PID: 8792)
      • identity_helper.exe (PID: 1500)
      • agent_launcher.exe (PID: 8956)
      • setuppackage.exe (PID: 9112)
      • installer.exe (PID: 9204)
      • bdredline.exe (PID: 8240)
      • ProductAgentService.exe (PID: 6684)
      • ProductAgentService.exe (PID: 5888)
      • ProductAgentService.exe (PID: 8824)
      • ProductAgentService.exe (PID: 8884)
      • DiscoverySrv.exe (PID: 5584)
      • ProductAgentUI.exe (PID: 9136)
      • MicrosoftEdgeUpdate.exe (PID: 672)
      • MicrosoftEdgeUpdate.exe (PID: 7908)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8872)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 9112)
      • MicrosoftEdgeUpdate.exe (PID: 8880)
      • MicrosoftEdgeUpdate.exe (PID: 8196)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8428)
      • MicrosoftEdgeUpdate.exe (PID: 9016)
      • MicrosoftEdgeUpdate.exe (PID: 7908)
      • MicrosoftEdge_X64_148.0.3967.83.exe (PID: 5876)
      • MicrosoftEdgeUpdate.exe (PID: 9100)
      • setup.exe (PID: 7516)
      • installer.exe (PID: 6140)
      • diq7711.tmp (PID: 5200)
      • installer.exe (PID: 4056)
      • drvinst.exe (PID: 3008)
      • drvinst.exe (PID: 1684)
      • drvinst.exe (PID: 3168)
      • bdpretraining.exe (PID: 3008)
      • MicrosoftEdgeUpdate.exe (PID: 5724)
      • drvinst.exe (PID: 8132)
      • WatchDog.exe (PID: 3352)

    • Launching a file from the Downloads directory

      • msedge.exe (PID: 4316)

    • Application launched itself

      • msedge.exe (PID: 4316)

    • Create files in a temporary directory

      • bitdefender_avfree.exe (PID: 8792)
      • installer.exe (PID: 9204)
      • bddeploy.exe (PID: 9080)
      • setuppackage.exe (PID: 9112)
      • diq7711.tmp (PID: 5200)
      • installer.exe (PID: 6140)
      • installer.exe (PID: 4056)

    • Reads Environment values

      • identity_helper.exe (PID: 1500)
      • ProductAgentService.exe (PID: 8884)
      • MicrosoftEdgeUpdate.exe (PID: 7908)
      • MicrosoftEdgeUpdate.exe (PID: 8196)
      • MicrosoftEdgeUpdate.exe (PID: 5724)

    • The sample compiled with english language support

      • bitdefender_avfree.exe (PID: 8792)
      • setuppackage.exe (PID: 9112)
      • installer.exe (PID: 9204)
      • MicrosoftEdgeUpdate.exe (PID: 672)
      • ProductAgentService.exe (PID: 8884)
      • fzc7B88.tmp (PID: 9196)
      • MicrosoftEdge_X64_148.0.3967.83.exe (PID: 5876)
      • diq7711.tmp (PID: 5200)
      • setup.exe (PID: 7516)
      • installer.exe (PID: 6140)
      • installer.exe (PID: 4056)
      • drvinst.exe (PID: 3168)
      • drvinst.exe (PID: 1684)

    • Reads the machine GUID from the registry

      • agent_launcher.exe (PID: 8956)
      • bddeploy.exe (PID: 9080)
      • installer.exe (PID: 9204)
      • ProductAgentService.exe (PID: 6684)
      • ProductAgentService.exe (PID: 5888)
      • ProductAgentService.exe (PID: 8824)
      • DiscoverySrv.exe (PID: 9052)
      • ProductAgentService.exe (PID: 8884)
      • DiscoverySrv.exe (PID: 5584)
      • ProductAgentUI.exe (PID: 9136)
      • installer.exe (PID: 6140)
      • installer.exe (PID: 4056)
      • drvinst.exe (PID: 1684)
      • drvinst.exe (PID: 3168)
      • ProductAgentUI.exe (PID: 8856)
      • bdpretraining.exe (PID: 3008)
      • WatchDog.exe (PID: 3352)

    • Process checks computer location settings

      • agent_launcher.exe (PID: 8956)
      • bitdefender_avfree.exe (PID: 8792)
      • diq7711.tmp (PID: 5200)
      • setup.exe (PID: 7516)

    • Reads security settings of Internet Explorer

      • bitdefender_avfree.exe (PID: 8792)
      • agent_launcher.exe (PID: 8956)
      • bddeploy.exe (PID: 9080)
      • installer.exe (PID: 9204)
      • MicrosoftEdgeUpdate.exe (PID: 672)
      • diq7711.tmp (PID: 5200)
      • installer.exe (PID: 6140)
      • installer.exe (PID: 4056)
      • ProductAgentUI.exe (PID: 8856)
      • bdpretraining.exe (PID: 3008)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 4316)

    • Creates a software uninstall entry

      • installer.exe (PID: 9204)
      • setup.exe (PID: 7516)
      • installer.exe (PID: 4056)

    • There is functionality for taking screenshot (YARA)

      • bitdefender_avfree.exe (PID: 8792)
      • ProductAgentUI.exe (PID: 9136)

    • Reads CPU info

      • ProductAgentService.exe (PID: 8884)
      • installer.exe (PID: 4056)

    • Application based on Rust

      • bdredline.exe (PID: 8240)
      • ProductAgentService.exe (PID: 8884)

    • Launching a file from a Registry key

      • installer.exe (PID: 4056)

    • Creates files or folders in the user directory

      • bdpretraining.exe (PID: 3008)
      • installer.exe (PID: 4056)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
223
Monitored processes
78
Malicious processes
11
Suspicious processes
13

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs bitdefender_avfree.exe agent_launcher.exe no specs bddeploy.exe setuppackage.exe installer.exe bdredline.exe productagentservice.exe productagentservice.exe productagentservice.exe productagentservice.exe discoverysrv.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs regsvr32.exe no specs discoverysrv.exe no specs productagentui.exe no specs fzc7b88.tmp microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs microsoftedge_x64_148.0.3967.83.exe setup.exe diq7711.tmp installer.exe installer.exe msedge.exe no specs productagentui.exe no specs drvinst.exe no specs drvinst.exe no specs drvinst.exe no specs drvinst.exe no specs fltmc.exe no specs conhost.exe no specs msedge.exe no specs bdpretraining.exe msedge.exe no specs microsoftedgeupdate.exe msedge.exe no specs watchdog.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
572"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=5248,i,22489941574587785,17384712122664301148,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
672"C:\Program Files (x86)\Microsoft\Temp\EU7F9B.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"C:\Program Files (x86)\Microsoft\Temp\EU7F9B.tmp\MicrosoftEdgeUpdate.exefzc7B88.tmp
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.233.3
Modules
Images
c:\program files (x86)\microsoft\temp\eu7f9b.tmp\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
1284"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5304,i,22489941574587785,17384712122664301148,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=5148 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1500"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6208,i,22489941574587785,17384712122664301148,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=5676 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
1684DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{778e9b8f-77b5-3b4e-8974-cd54f17d7b96}\vlflt.inf" "9" "4f99d395f" "00000000000001E0" "WinSta0\Default" "0000000000000170" "208" "C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-27-37F25791-2FCE-4A61-8BDB-39A23B041F40"C:\Windows\System32\drvinst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
1788"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=1612,i,22489941574587785,17384712122664301148,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=5940 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1864"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6708,i,22489941574587785,17384712122664301148,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=6868 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2092"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6208,i,22489941574587785,17384712122664301148,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=5676 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\identity_helper.exe
c:\windows\system32\ntdll.dll
2312"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5260,i,22489941574587785,17384712122664301148,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=4920 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3008DrvInst.exe "8" "4" "C:\WINDOWS\System32\DriverStore\FileRepository\vlflt.inf_amd64_03b279d289cd7405\vlflt.inf" "0" "4f99d395f" "0000000000000170" "WinSta0\Default"C:\Windows\System32\drvinst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
960
Suspicious files
1 267
Text files
1 840
Unknown types
175

Dropped files

PID
Process
Filename
Type
4316msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RFdfc42.TMP
MD5:
SHA256:
4316msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
4316msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RFdfc52.TMP
MD5:
SHA256:
4316msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RFdfc52.TMP
MD5:
SHA256:
4316msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
4316msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
4316msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RFdfc52.TMP
MD5:
SHA256:
4316msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
4316msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RFdfc81.TMP
MD5:
SHA256:
4316msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RFdfc81.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
294
TCP/UDP connections
197
DNS requests
159
Threats
26

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7172
msedge.exe
GET
200
150.171.22.17:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=Edge%2CEdgeConfig%2CEdgeServices%2CEdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=67&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1766135237&lafgdate=0
US
text
8.17 Kb
whitelisted
7172
msedge.exe
GET
200
150.171.27.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:ECa0DVbYNizMFxAw9rTf8XLvqSPg8KbaEHxPMjblXtA&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
US
text
100 b
whitelisted
7172
msedge.exe
GET
200
104.18.23.222:443
https://copilot.microsoft.com/c/api/user/eligibility
US
text
25 b
whitelisted
7172
msedge.exe
GET
200
104.18.0.169:443
https://www.bitdefender.com/en-us/consumer/thank-you
US
html
23.3 Kb
unknown
GET
200
204.79.197.203:80
http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ3L3%2F%2Fa6ADK8NraY2GXzVaYrHG4AQUb6t%2B2v%2BXQ3LsO2d33oJhNYhHQoUCEzMAAAAFUWohyJgUzPcAAAAAAAU%3D
US
binary
958 b
whitelisted
7172
msedge.exe
GET
200
104.18.0.169:443
https://www.bitdefender.com/_src/scripts/lib-franklin.js
US
text
36.5 Kb
unknown
7172
msedge.exe
GET
200
150.171.28.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
US
text
132 b
whitelisted
7172
msedge.exe
GET
200
104.18.0.169:443
https://www.bitdefender.com/_src/scripts/scripts.js
US
text
25.8 Kb
unknown
7172
msedge.exe
GET
200
104.18.0.169:443
https://www.bitdefender.com/_src/scripts/target.js
US
text
5.41 Kb
unknown
7172
msedge.exe
GET
200
104.18.0.169:443
https://www.bitdefender.com/_src/scripts/libs/constants.js
US
text
3.69 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5276
MoUsoCoreWorker.exe
57.153.246.3:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
48.192.1.65:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4212
svchost.exe
57.153.246.3:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5532
SearchApp.exe
2.16.204.136:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
172.66.2.5:80
ocsp.digicert.com
CLOUDFLARENET
US
whitelisted
204.79.197.203:80
oneocsp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
7172
msedge.exe
150.171.22.17:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7172
msedge.exe
150.171.27.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
activation-v2.sls.microsoft.com
  • 48.192.1.65
whitelisted
google.com
  • 142.251.20.139
  • 142.251.20.138
  • 142.251.20.113
  • 142.251.20.102
  • 142.251.20.101
  • 142.251.20.100
whitelisted
www.bing.com
  • 2.16.204.136
  • 2.16.204.132
  • 2.16.204.156
  • 2.16.204.138
  • 2.16.204.154
  • 2.16.204.160
  • 2.16.204.158
  • 2.16.204.137
  • 2.16.204.140
  • 92.123.104.61
  • 92.123.104.49
  • 92.123.104.62
  • 92.123.104.63
  • 92.123.104.58
  • 92.123.104.52
  • 92.123.104.64
  • 92.123.104.56
  • 92.123.104.59
  • 2.16.241.218
  • 2.16.241.205
  • 2.16.241.201
whitelisted
ocsp.digicert.com
  • 172.66.2.5
  • 162.159.142.9
whitelisted
oneocsp.microsoft.com
  • 204.79.197.203
whitelisted
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted
config.edge.skype.com
  • 150.171.22.17
  • 52.123.243.207
  • 52.123.243.213
  • 52.123.243.87
  • 52.123.243.83
  • 52.123.224.64
  • 52.123.224.75
  • 52.123.224.71
  • 52.123.224.74
whitelisted
www.bitdefender.com
  • 104.18.0.169
  • 104.18.1.169
whitelisted
api.edgeoffer.microsoft.com
  • 150.171.109.194
whitelisted
copilot.microsoft.com
  • 104.18.23.222
  • 104.18.22.222
whitelisted

Threats

PID
Process
Class
Message
7172
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
7172
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
7172
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
7172
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
4212
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
7172
msedge.exe
Misc activity
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
9188
svchost.exe
Misc activity
ET INFO Packed Executable Download
9188
svchost.exe
Generic Protocol Command Decode
SURICATA HTTP Response excessive header repetition
9188
svchost.exe
Generic Protocol Command Decode
SURICATA HTTP Response excessive header repetition
8884
ProductAgentService.exe
Misc activity
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
Process
Message
installer.exe
failed to load "C:/Users/admin/AppData/Local/Temp/RarSFX0/img/pattern.png" file, error=3
ProductAgentService.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
ProductAgentService.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
ProductAgentService.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
installer.exe
Requested non-existent id 0 from selector SERVCONFIG.
installer.exe
Requested non-existent id 12 from selector common.
installer.exe
Requested non-existent id 400 from selector Desktop.
installer.exe
Requested non-existent id 0 from selector SERVCONFIG.
installer.exe
Requested non-existent id 306 from selector app.
installer.exe
Requested non-existent id 306 from selector safepay.
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.bitdefender.com/en-us/consumer/thank-you