File name:

Antigravity.Login_1.0.9_x64-setup.exe

Full analysis: https://app.any.run/tasks/64ea0423-cdc5-43fb-84ab-dc3d0fe30978
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: January 27, 2026, 15:53:56
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
loader
rust
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

E6A67843D63DD8825D64C71E4B1D90D4

SHA1:

757D6389B9F2554F5FE7DCF9AD22A9A2536BE2A4

SHA256:

D27057003E6951AB929228F5C24E96B10C45E4A1CAD10A68B81ED0E2CDC94F9B

SSDEEP:

98304:iaOQexUuhZKtD0bcszqzkDNTlcUn25eBHyKE313EbDBPcIvyxsv6Q3FBlnKzacIo:tL2nEALpY/RVGCzkQfl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 8648)

    • Potential DLL hijacking behavior detected

      • msedgewebview2.exe (PID: 7512)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • Antigravity.Login_1.0.9_x64-setup.exe (PID: 2036)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Antigravity.Login_1.0.9_x64-setup.exe (PID: 2036)

    • Searches for installed software

      • Antigravity.Login_1.0.9_x64-setup.exe (PID: 2036)
      • setup.exe (PID: 4272)
      • msedgewebview2.exe (PID: 4288)

    • Process drops legitimate windows executable

      • MicrosoftEdgeUpdate.exe (PID: 8648)
      • Antigravity.Login_1.0.9_x64-setup.exe (PID: 2036)
      • MicrosoftEdgeWebview2Setup.exe (PID: 4352)
      • MicrosoftEdge_X64_144.0.3719.93.exe (PID: 3096)
      • setup.exe (PID: 4272)
      • msedgewebview2.exe (PID: 8836)
      • msedgewebview2.exe (PID: 7164)

    • Executable content was dropped or overwritten

      • MicrosoftEdgeUpdate.exe (PID: 8648)
      • Antigravity.Login_1.0.9_x64-setup.exe (PID: 2036)
      • MicrosoftEdgeWebview2Setup.exe (PID: 4352)
      • MicrosoftEdge_X64_144.0.3719.93.exe (PID: 3096)
      • setup.exe (PID: 4272)
      • msedgewebview2.exe (PID: 8836)
      • msedgewebview2.exe (PID: 7164)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 4352)
      • MicrosoftEdgeUpdate.exe (PID: 8648)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdate.exe (PID: 5600)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8796)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6000)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5636)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 8648)

    • Application launched itself

      • setup.exe (PID: 4272)
      • MicrosoftEdgeUpdate.exe (PID: 2016)
      • msedgewebview2.exe (PID: 4288)

  • INFO

    • The sample compiled with english language support

      • Antigravity.Login_1.0.9_x64-setup.exe (PID: 2036)
      • MicrosoftEdgeWebview2Setup.exe (PID: 4352)
      • MicrosoftEdgeUpdate.exe (PID: 8648)
      • MicrosoftEdge_X64_144.0.3719.93.exe (PID: 3096)
      • setup.exe (PID: 4272)
      • msedgewebview2.exe (PID: 8836)

    • Checks supported languages

      • Antigravity.Login_1.0.9_x64-setup.exe (PID: 2036)
      • MicrosoftEdgeWebview2Setup.exe (PID: 4352)
      • MicrosoftEdgeUpdate.exe (PID: 8648)
      • MicrosoftEdgeUpdate.exe (PID: 5600)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8796)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6000)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5636)
      • MicrosoftEdgeUpdate.exe (PID: 3204)
      • MicrosoftEdgeUpdate.exe (PID: 7932)
      • MicrosoftEdge_X64_144.0.3719.93.exe (PID: 3096)
      • setup.exe (PID: 4272)
      • MicrosoftEdgeUpdate.exe (PID: 2016)
      • setup.exe (PID: 1924)
      • MicrosoftEdgeUpdate.exe (PID: 2264)
      • antigravity_tools.exe (PID: 7760)
      • msedgewebview2.exe (PID: 4288)
      • msedgewebview2.exe (PID: 5636)
      • msedgewebview2.exe (PID: 7512)
      • msedgewebview2.exe (PID: 3996)
      • msedgewebview2.exe (PID: 6348)
      • msedgewebview2.exe (PID: 7872)
      • msedgewebview2.exe (PID: 1508)
      • msedgewebview2.exe (PID: 3976)
      • identity_helper.exe (PID: 8312)
      • msedgewebview2.exe (PID: 6296)
      • msedgewebview2.exe (PID: 4952)
      • msedgewebview2.exe (PID: 5888)
      • msedgewebview2.exe (PID: 8836)
      • msedgewebview2.exe (PID: 7164)

    • Drops script file

      • msedge.exe (PID: 6848)
      • setup.exe (PID: 4272)
      • msedge.exe (PID: 4756)

    • Reads the computer name

      • Antigravity.Login_1.0.9_x64-setup.exe (PID: 2036)
      • MicrosoftEdgeUpdate.exe (PID: 8648)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8796)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6000)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5636)
      • MicrosoftEdgeUpdate.exe (PID: 3204)
      • MicrosoftEdgeUpdate.exe (PID: 5600)
      • MicrosoftEdgeUpdate.exe (PID: 7932)
      • MicrosoftEdgeUpdate.exe (PID: 2016)
      • MicrosoftEdge_X64_144.0.3719.93.exe (PID: 3096)
      • setup.exe (PID: 4272)
      • MicrosoftEdgeUpdate.exe (PID: 2264)
      • antigravity_tools.exe (PID: 7760)
      • msedgewebview2.exe (PID: 7512)
      • msedgewebview2.exe (PID: 6348)
      • msedgewebview2.exe (PID: 4288)
      • identity_helper.exe (PID: 8312)
      • msedgewebview2.exe (PID: 7872)

    • Creates files or folders in the user directory

      • MicrosoftEdgeUpdate.exe (PID: 8648)
      • MicrosoftEdgeUpdate.exe (PID: 2016)
      • MicrosoftEdge_X64_144.0.3719.93.exe (PID: 3096)
      • setup.exe (PID: 1924)
      • Antigravity.Login_1.0.9_x64-setup.exe (PID: 2036)
      • setup.exe (PID: 4272)
      • msedgewebview2.exe (PID: 4288)
      • msedgewebview2.exe (PID: 5636)
      • msedgewebview2.exe (PID: 6348)
      • msedgewebview2.exe (PID: 7872)

    • Checks proxy server information

      • Antigravity.Login_1.0.9_x64-setup.exe (PID: 2036)
      • MicrosoftEdgeUpdate.exe (PID: 3204)
      • MicrosoftEdgeUpdate.exe (PID: 2016)
      • MicrosoftEdgeUpdate.exe (PID: 2264)
      • msedgewebview2.exe (PID: 4288)
      • slui.exe (PID: 1588)
      • antigravity_tools.exe (PID: 7760)

    • Create files in a temporary directory

      • Antigravity.Login_1.0.9_x64-setup.exe (PID: 2036)
      • MicrosoftEdgeWebview2Setup.exe (PID: 4352)
      • msedgewebview2.exe (PID: 4288)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 8648)
      • MicrosoftEdgeUpdate.exe (PID: 2016)
      • msedgewebview2.exe (PID: 4288)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 3204)
      • MicrosoftEdgeUpdate.exe (PID: 2264)
      • msedgewebview2.exe (PID: 4288)
      • identity_helper.exe (PID: 8312)

    • Launching a file from a Registry key

      • MicrosoftEdgeUpdate.exe (PID: 8648)

    • There is functionality for taking screenshot (YARA)

      • Antigravity.Login_1.0.9_x64-setup.exe (PID: 2036)

    • Reads the machine GUID from the registry

      • MicrosoftEdgeUpdate.exe (PID: 2016)
      • msedgewebview2.exe (PID: 4288)
      • msedgewebview2.exe (PID: 7872)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 8648)
      • setup.exe (PID: 4272)
      • msedgewebview2.exe (PID: 4288)
      • msedgewebview2.exe (PID: 5888)

    • Creates a software uninstall entry

      • setup.exe (PID: 4272)
      • Antigravity.Login_1.0.9_x64-setup.exe (PID: 2036)

    • Manual execution by a user

      • antigravity_tools.exe (PID: 7760)
      • msedge.exe (PID: 6848)

    • Application launched itself

      • msedge.exe (PID: 6848)

    • Application based on Rust

      • antigravity_tools.exe (PID: 7760)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:03:08 23:05:20+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 139776
UninitializedDataSize: 2048
EntryPoint: 0x369f
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.9.0
ProductVersionNumber: 1.0.9.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: Antigravity Login
FileVersion: 1.0.9
LegalCopyright: -
ProductName: Antigravity Login
ProductVersion: 1.0.9
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
224
Monitored processes
64
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start antigravity.login_1.0.9_x64-setup.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe slui.exe microsoftedge_x64_144.0.3719.93.exe setup.exe setup.exe no specs microsoftedgeupdate.exe antigravity_tools.exe msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedgewebview2.exe no specs msedge.exe no specs msedgewebview2.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedgewebview2.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedgewebview2.exe msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
768"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5400,i,15049889915560658618,8741726579586391469,262144 --variations-seed-version --mojo-platform-channel-handle=5168 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1092"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --disable-quic --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=8056,i,15049889915560658618,8741726579586391469,262144 --variations-seed-version --mojo-platform-channel-handle=8384 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1184"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=7632,i,15049889915560658618,8741726579586391469,262144 --variations-seed-version --mojo-platform-channel-handle=8320 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1508"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\144.0.3719.93\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\com.X1XFOX1X.antigravity-login\EBWebView" --webview-exe-name=antigravity_tools.exe --webview-exe-version=1.0.9 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --ram-no-pressure-read-main-dll --metrics-shmem-handle=1304,i,2634092872502883087,12542020274054929961,524288 --field-trial-handle=1868,i,13383764182391370790,6745082363050601200,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --trace-process-track-uuid=3190708994745248135 --mojo-platform-channel-handle=4960 /prefetch:8C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\144.0.3719.93\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
144.0.3719.93
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\144.0.3719.93\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\144.0.3719.93\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
1588C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1924C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{E802D799-E754-4892-B1AA-68AB039BE372}\EDGEMITMP_14D49.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=144.0.7559.97 --annotation=exe=C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{E802D799-E754-4892-B1AA-68AB039BE372}\EDGEMITMP_14D49.tmp\setup.exe --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=144.0.3719.93 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff60d072118,0x7ff60d072124,0x7ff60d072130C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{E802D799-E754-4892-B1AA-68AB039BE372}\EDGEMITMP_14D49.tmp\setup.exesetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
144.0.3719.93
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{e802d799-e754-4892-b1aa-68ab039be372}\edgemitmp_14d49.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1960"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=6048,i,15049889915560658618,8741726579586391469,262144 --variations-seed-version --mojo-platform-channel-handle=6352 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2016"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" -EmbeddingC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.217.3
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
2036"C:\Users\admin\Desktop\Antigravity.Login_1.0.9_x64-setup.exe" C:\Users\admin\Desktop\Antigravity.Login_1.0.9_x64-setup.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Antigravity Login
Exit code:
0
Version:
1.0.9
Modules
Images
c:\users\admin\desktop\antigravity.login_1.0.9_x64-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2264"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4yMTcuMyIgc2hlbGxfdmVyc2lvbj0iMS4zLjIxNy4zIiBpc21hY2hpbmU9IjAiIHNlc3Npb25pZD0iezEzODlCMjMyLTU5NEMtNEI1Qi1BOUU5LTQ4ODZDRkVFN0Y2OH0iIHVzZXJpZD0ie0RBN0ZEOUE1LUFENzUtNDM3My1BNEI5LUY5QUQzMDEwNjA2Rn0iIGluc3RhbGxzb3VyY2U9Im90aGVyaW5zdGFsbGNtZCIgcmVxdWVzdGlkPSJ7MDk1OTBEMTgtQjU1My00ODMzLTg5RDAtMjgxRUMxRjlFMkY1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjYiIHBoeXNtZW1vcnk9IjYiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS40MDQ2IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRFTEwiIHByb2R1Y3RfbmFtZT0iREVMTCIvPjxleHAgZXRhZz0iJnF1b3Q7K1pGQWozU09JSTVCSnpvR3V6OE9wcjBoWjhIL3JEenFiL1FWcjNQWWg0ST0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTQ0LjAuMzcxOS45MyIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNzk2MjA5MzUyMyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE3OTYyMDkzNTIzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTg0NTA1ODc3NDUiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2ZkMGM3ZmU5LTZmZDctNDFjNC1iZWRiLTQ1NTU4NGY3Y2E5NT9QMT0xNzcwMTM0MDU0JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVpLS3BRcDZYRTI5ekpURU4xJTJiWUU2YlJGSlBjWnZUUHNzZzY0a3drQ3VKNVdqb3VFNjZ6UHBoU2hvTjZiUkQyWDNaZmlHVEpXdFRGRSUyYmFDJTJiMVhqVVNRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTg1MTc0MDcyIiB0b3RhbD0iMTg1MTc0MDcyIiBkb3dubG9hZF90aW1lX21zPSI0NTY5MyIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE4NDUwNzQ0MDEwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTg0Njg0MDAyNjUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjE4Nzg1Mjg1Njc0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMTEyNSIgZG93bmxvYWRfdGltZV9tcz0iNDg4MzQiIGRvd25sb2FkZWQ9IjE4NTE3NDA3MiIgdG90YWw9IjE4NTE3NDA3MiIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMzE2ODkiLz48L2FwcD48L3JlcXVlc3Q-C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.217.3
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
Total events
3 601
Read events
2 671
Write events
896
Delete events
34

Modification events

(PID) Process:(8648) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(8648) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:path
Value:
C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(PID) Process:(8648) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:CopilotUpdatePath
Value:
C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\CopilotUpdate.exe
(PID) Process:(8648) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:UninstallCmdLine
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /uninstall
(PID) Process:(8648) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.217.3
(PID) Process:(8648) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:name
Value:
Microsoft Edge Update
(PID) Process:(8648) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.217.3
(PID) Process:(8648) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Microsoft Edge Update
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.217.3\MicrosoftEdgeUpdateCore.exe"
(PID) Process:(8648) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:edgeupdate_task_name_c
Value:
MicrosoftEdgeUpdateTaskUserS-1-5-21-1693682860-607145093-2874071422-1001Core{3130215A-927C-4A51-9997-8A37E7704247}
(PID) Process:(8648) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:edgeupdate_task_name_ua
Value:
MicrosoftEdgeUpdateTaskUserS-1-5-21-1693682860-607145093-2874071422-1001UA{CC2EEC1C-8043-4F7B-9B98-73E9DF41F928}
Executable files
267
Suspicious files
635
Text files
456
Unknown types
0

Dropped files

PID
Process
Filename
Type
4352MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU5D5F.tmp\CopilotUpdate.exeexecutable
MD5:3C709C9F20D2817BA2595B7B22A743B0
SHA256:EEEA69973B36D977F80E5BBBEF3B0B3B914C5E9E52236E4057FBC5EB001FC913
2036Antigravity.Login_1.0.9_x64-setup.exeC:\Users\admin\AppData\Local\Temp\nsz43FD.tmp\System.dllexecutable
MD5:9B38A1B07A0EBC5C7E59E63346ECC2DB
SHA256:C881253DAFCF1322A771139B1A429EC1E78C507CA81A218A20DC1A4B25ABBFE7
2036Antigravity.Login_1.0.9_x64-setup.exeC:\Users\admin\AppData\Local\Temp\nsz43FD.tmp\NSISdl.dllexecutable
MD5:8EABBE36E8B52E69322780D0F541FD19
SHA256:DDF40229DD9D6B268902D8DEA88C8A04AACF1AF218DD29F6DCD35BABC54AC08D
2036Antigravity.Login_1.0.9_x64-setup.exeC:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exeexecutable
MD5:2A03C75247273698224AEECC32D71735
SHA256:D75E4FB20D4E8AB50AB77D43C139AA0F654ECCA9C504552761EFB435917A01E5
2036Antigravity.Login_1.0.9_x64-setup.exeC:\Users\admin\AppData\Local\Temp\nsz43FD.tmp\nsDialogs.dllexecutable
MD5:8F0E7415F33843431DF308BB8E06AF81
SHA256:BB49F15FA83452370047A7801E39FC7F64E70C7545B8999BB85AA4749EAA048B
2036Antigravity.Login_1.0.9_x64-setup.exeC:\Users\admin\AppData\Local\Temp\nsz43FD.tmp\modern-wizard.bmpimage
MD5:CBE40FD2B1EC96DAEDC65DA172D90022
SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
4352MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU5D5F.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeexecutable
MD5:36C60AC823BFF242FA1D4242D3FF6142
SHA256:3CD8B4669F1E9EB22CBA842E79CE8A35F19E278D38E2D042D66752AD8EA75317
4352MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU5D5F.tmp\MicrosoftEdgeUpdate.exeexecutable
MD5:EC013A26B4CEEA8505B5E06645A4CBF4
SHA256:DCA43FDE8ABDB0C0782F2777E03605C7030A8F415702C48ADDE64A44E07A0711
4352MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU5D5F.tmp\MicrosoftEdgeUpdateOnDemand.exeexecutable
MD5:AFF93DDDA4796969CCC666B27FFEBC2E
SHA256:C0FA7B89F6A590D27AF4EE253920663CE9B10B0384DCE16AF666B0186B165F9C
4352MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU5D5F.tmp\psuser_arm64.dllexecutable
MD5:A34FFFA59D100B65A7C34F18C233830C
SHA256:CF27103CD210E9282CFD03C7AE2FABB0E3860DAC47223A91E95CAA429568E9E5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
936
TCP/UDP connections
184
DNS requests
184
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6768
MoUsoCoreWorker.exe
GET
304
4.231.128.59:443
https://settings-win.data.microsoft.com/settings/v3.0/OneSettings/Client?OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&LocalDeviceID=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&AttrDataVer=186&OSUILocale=en-US&OSSkuId=48&App=WOSC&AppVer=&IsFlightingEnabled=0&TelemetryLevel=1&DeviceFamily=Windows.Desktop
unknown
whitelisted
8380
svchost.exe
GET
304
4.231.128.59:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/UpdateHealthTools?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3626&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=SedimentPack&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
unknown
whitelisted
6768
MoUsoCoreWorker.exe
GET
304
4.231.128.59:443
https://settings-win.data.microsoft.com/settings/v3.0/WaaS/FeatureManagement?IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&CurrentBranch=vb_release&AccountFirstChar=&ActivationChannel=Retail&OEMModel=DELL&FlightRing=Retail&AttrDataVer=186&InstallLanguage=en-US&OSUILocale=en-US&WebExperience=1&FlightingBranchName=&ChassisTypeId=1&OSSkuId=48&App=CDM&InstallDate=1661339444&AppVer=&OSArchitecture=AMD64&DefaultUserRegion=244&TelemetryLevel=1&OSVersion=10.0.19045.4046&DeviceFamily=Windows.Desktop
unknown
whitelisted
8772
SIHClient.exe
GET
304
135.233.95.144:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
whitelisted
8772
SIHClient.exe
GET
200
20.3.187.198:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
unknown
whitelisted
8772
SIHClient.exe
GET
200
135.233.95.144:443
https://slscr.update.microsoft.com/sls/ping
unknown
whitelisted
8772
SIHClient.exe
GET
304
135.233.95.144:443
https://slscr.update.microsoft.com/SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
whitelisted
4280
svchost.exe
POST
200
40.126.32.136:443
https://login.live.com/RST2.srf
unknown
xml
10.3 Kb
whitelisted
4280
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2036
Antigravity.Login_1.0.9_x64-setup.exe
GET
301
88.221.169.205:80
http://go.microsoft.com/fwlink/p/?LinkId=2124703
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
8380
svchost.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7292
RUXIMICS.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5568
SearchApp.exe
2.16.241.209:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
3412
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4280
svchost.exe
40.126.32.136:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4280
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
2036
Antigravity.Login_1.0.9_x64-setup.exe
88.221.169.205:80
go.microsoft.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.16.206
whitelisted
www.bing.com
  • 2.16.241.209
  • 2.16.241.206
  • 2.16.241.221
  • 2.16.241.208
  • 2.16.241.203
  • 2.16.241.219
  • 2.16.241.200
  • 2.16.241.212
  • 2.16.241.222
  • 2.16.204.158
  • 2.16.204.161
  • 2.16.204.135
  • 2.16.204.148
  • 2.16.204.134
  • 2.16.204.155
  • 2.16.204.138
  • 2.16.204.141
  • 2.16.204.136
  • 2.16.204.156
  • 2.16.204.159
  • 2.16.204.133
  • 2.16.204.154
  • 2.16.204.160
  • 2.16.204.151
  • 2.16.204.132
  • 2.16.204.142
  • 2.16.204.137
  • 2.16.204.139
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
login.live.com
  • 40.126.32.136
  • 20.190.160.2
  • 40.126.32.140
  • 20.190.160.64
  • 20.190.160.132
  • 20.190.160.20
  • 20.190.160.4
  • 20.190.160.65
  • 20.190.159.23
  • 40.126.31.129
  • 20.190.159.68
  • 20.190.159.130
  • 20.190.159.64
  • 20.190.159.131
  • 40.126.31.0
  • 20.190.159.75
  • 40.126.32.68
  • 20.190.160.3
  • 20.190.160.67
  • 20.190.160.22
whitelisted
ocsp.digicert.com
  • 2.17.190.73
  • 184.30.131.245
whitelisted
go.microsoft.com
  • 88.221.169.205
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 2.16.164.49
  • 2.16.164.9
  • 2.16.164.72
whitelisted
msedge.sf.dl.delivery.mp.microsoft.com
  • 199.232.210.172
  • 199.232.214.172
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted

Threats

PID
Process
Class
Message
2036
Antigravity.Login_1.0.9_x64-setup.exe
Misc activity
ET INFO Packed Executable Download
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
4624
svchost.exe
Misc activity
ET INFO Packed Executable Download
Process
Message
msedgewebview2.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Local\com.X1XFOX1X.antigravity-login directory exists )
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Antigravity.Login_1.0.9_x64-setup.exe