File name:

launch.exe

Full analysis: https://app.any.run/tasks/80a93de2-539d-4c42-b374-1e9738408de2
Verdict: Malicious activity
Analysis date: March 12, 2024, 13:57:32
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

8E5A2722FC7F01CF32C9E09946728E30

SHA1:

00DD42279D2619D1A7BD33A36A6161D9A5BB604C

SHA256:

E1CBB267D559A8C307EB3180DD980CB8E74ABD5B0918D41CB573D40E4B530005

SSDEEP:

98304:X6nLe1RAaQ4z+ygBjmI7Cb0JYtTy+Sw2QPxkutq+iTnuf/P7n2ZVvrVeuWB/m/Nu:NxXkMMvIZymkpXxhQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • launch.exe (PID: 3932)
      • setup.exe (PID: 2764)
      • launch.exe (PID: 1408)

    • Deletes the SafeBoot registry key

      • setup.exe (PID: 2764)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • launch.exe (PID: 3932)
      • launch.exe (PID: 1408)

    • Executable content was dropped or overwritten

      • launch.exe (PID: 3932)
      • setup.exe (PID: 2764)
      • launch.exe (PID: 1408)

    • Reads the Internet Settings

      • launch.exe (PID: 3932)
      • _start.exe (PID: 1040)
      • setup.exe (PID: 2764)
      • launch.exe (PID: 1408)
      • _start.exe (PID: 1288)

    • Drops a system driver (possible attempt to evade defenses)

      • setup.exe (PID: 2764)

  • INFO

    • Checks supported languages

      • launch.exe (PID: 3932)
      • _start.exe (PID: 1040)
      • launch.exe (PID: 1408)
      • _start.exe (PID: 1288)
      • setup.exe (PID: 2764)

    • Reads the computer name

      • launch.exe (PID: 3932)
      • _start.exe (PID: 1040)
      • launch.exe (PID: 1408)
      • setup.exe (PID: 2764)
      • _start.exe (PID: 1288)

    • Create files in a temporary directory

      • launch.exe (PID: 3932)
      • setup.exe (PID: 2764)
      • launch.exe (PID: 1408)

    • Manual execution by a user

      • msedge.exe (PID: 848)
      • launch.exe (PID: 3484)
      • launch.exe (PID: 1408)
      • msedge.exe (PID: 552)
      • msedge.exe (PID: 2136)

    • Application launched itself

      • msedge.exe (PID: 3992)
      • msedge.exe (PID: 848)
      • msedge.exe (PID: 1784)
      • msedge.exe (PID: 552)
      • msedge.exe (PID: 3748)
      • msedge.exe (PID: 2136)

    • Reads Environment values

      • setup.exe (PID: 2764)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | WinRAR Self Extracting archive (94.8)
.scr | Windows screen saver (2.3)
.dll | Win32 Dynamic Link Library (generic) (1.2)
.exe | Win32 Executable (generic) (0.8)
.exe | Generic Win/DOS Executable (0.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2006:12:03 09:53:02+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 5
CodeSize: 45056
InitializedDataSize: 24064
UninitializedDataSize: -
EntryPoint: 0x1000
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 4.44.0.0
ProductVersionNumber: 4.44.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Windows, Latin1
Comments: Free Anti-Virus Scanner
CompanyName: Doctor Web, Ltd.
FileDescription: Dr.Web ® CureIt! ®
FileVersion: 4, 44, 0, 0
InternalName: CureIt
LegalCopyright: Copyright © Doctor Web, Ltd., 2004-2008
OriginalFileName: cureit.exe
ProductName: Dr.Web CureIt!
ProductVersion: 4, 44, 0, 0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
98
Monitored processes
57
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start launch.exe _start.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs launch.exe no specs launch.exe _start.exe no specs setup.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs launch.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
552"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate http://www.drweb.com/cgi-bin/urled.pl?url=cureit_demo&cureit=en_200901091930C:\Program Files\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
848"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate ftp://ftp.drweb.com/pub/drweb/cureit/launch.exeC:\Program Files\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
992"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1480 --field-trial-handle=1268,i,11621380482506878250,15743159148338846689,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
992"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1268,i,15267224347603822499,11552744702371438198,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1036"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1548 --field-trial-handle=1304,i,16173405944100567723,11181679657434641155,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1040"C:\Users\admin\AppData\Local\Temp\RarSFX0\_start.exe" C:\Users\admin\AppData\Local\Temp\RarSFX0\_start.exelaunch.exe
User:
admin
Company:
Doctor Web, Ltd.
Integrity Level:
HIGH
Description:
AutoRun
Exit code:
0
Version:
2.55
Modules
Images
c:\users\admin\appdata\local\temp\rarsfx0\_start.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
1288"C:\Users\admin\AppData\Local\Temp\RarSFX0\_start.exe" C:\Users\admin\AppData\Local\Temp\RarSFX0\_start.exelaunch.exe
User:
admin
Company:
Doctor Web, Ltd.
Integrity Level:
HIGH
Description:
AutoRun
Exit code:
0
Version:
2.55
Modules
Images
c:\users\admin\appdata\local\temp\rarsfx0\_start.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
1308"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1236 --field-trial-handle=1268,i,11621380482506878250,15743159148338846689,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1336"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1452 --field-trial-handle=1268,i,11621380482506878250,15743159148338846689,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1352"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1324 --field-trial-handle=1268,i,15267224347603822499,11552744702371438198,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
22 864
Read events
22 659
Write events
182
Delete events
23

Modification events

(PID) Process:(3932) launch.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3932) launch.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3932) launch.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3932) launch.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3992) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3992) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(3992) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(3992) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(3992) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(3992) msedge.exeKey:HKEY_CURRENT_USER\Software\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
Operation:writeName:dr
Value:
1
Executable files
37
Suspicious files
339
Text files
226
Unknown types
180

Dropped files

PID
Process
Filename
Type
3932launch.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\en-drwebgui.chmchm
MD5:266FEA40761233A9CAE23D68348FD999
SHA256:5D66CC3486AD82C9693D697E2AC88E388B8A431CDFB86ABB1C126E9612DD1E45
3932launch.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\bg-cureit.dwldwl
MD5:F06180637451CFDE45BCDF412C4BFD50
SHA256:8A6DD81FE79ADFEC0ECE6B2F3B0790F4CD7576896C2AE19E6215C6E12F20F26A
3932launch.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\et-cureit.dwldwl
MD5:E0FAC471126D611D818A85EE08F4526F
SHA256:8728D7F1944F0A4450DA7E03D02FA833AFCF240BD6FF76AA50F8A2C4388FBB5C
3932launch.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\el-cureit.dwlbinary
MD5:D9A977999072C8FEA0D714646C4A31CD
SHA256:51A353A5F5FCC99504EFBC260382C0D6B4FB06A36D54EB04625AE0094057F8F2
3932launch.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\cs-cureit.dwldwl
MD5:8E3BECDC275687FF52221B525BDC72A2
SHA256:F066D38A22412C3C743751EFF4D698AA08495E3C710A901EE2FE4DF58496EFCD
3932launch.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\ko-cureit.dwldwl
MD5:1CB00874FD01E9814D4883AD59427091
SHA256:E2BD3ACF9E5F87628245F748D9520D547483EBB795B318BC1784183EF3B513FF
3932launch.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\dwebio16.dllexecutable
MD5:F35239A6CD5C9C2539A1B4A1CA23CDF7
SHA256:A239B0E6F132BD4917A2191D249DDD6E00CCAE777ECC08A2AD9DDF9007157F54
3932launch.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\dwebio32.dllexecutable
MD5:9E1ABB836557FA513F1F9B18DB19610D
SHA256:570D0985969778FACE22C76A20514748569AAFF1B035FE0B70A9F53CFD949CBA
3932launch.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\de-cureit.dwldwl
MD5:88EDCADBC820B1B3DF68A93B4F37B61E
SHA256:501CFBEE5D1C68BC466B46DD4851C1B85B11791DA7A1CD53B63EF550AC6CCC73
3932launch.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\eo-cureit.dwlbinary
MD5:020049E54FF1C525C5635BD5302DE685
SHA256:63E867F74E1F0B706B5C3206C8E5C847E1B065FD1C4A766D51F835895711DE59
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
72
DNS requests
97
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3428
msedge.exe
GET
301
178.248.233.94:80
http://buy.drweb.com/register
unknown
html
208 b
unknown
992
msedge.exe
GET
404
178.248.233.94:80
http://www.drweb.com/cgi-bin/urled.pl?url=cureit_demo&cureit=en_200901091930
unknown
html
16.0 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
848
msedge.exe
239.255.255.250:1900
unknown
1336
msedge.exe
52.123.243.66:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
DE
unknown
1336
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1336
msedge.exe
204.79.197.203:443
ntp.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1336
msedge.exe
23.15.178.218:443
assets.msn.com
Akamai International B.V.
DE
unknown
1336
msedge.exe
2.23.209.149:443
th.bing.com
Akamai International B.V.
GB
unknown

DNS requests

Domain
IP
Reputation
config.edge.skype.com
  • 52.123.243.66
  • 52.123.243.194
  • 52.123.243.85
  • 52.123.243.216
whitelisted
ntp.msn.com
  • 204.79.197.203
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
assets.msn.com
  • 23.15.178.218
  • 23.15.178.194
  • 23.15.178.145
  • 23.15.178.186
  • 23.15.178.211
  • 23.15.178.242
whitelisted
img-s-msn-com.akamaized.net
  • 2.16.164.74
  • 2.16.164.64
  • 2.16.164.32
whitelisted
sb.scorecardresearch.com
  • 108.138.7.125
  • 108.138.7.41
  • 108.138.7.10
  • 108.138.7.113
shared
th.bing.com
  • 2.23.209.149
  • 2.23.209.187
  • 2.23.209.185
  • 2.23.209.182
  • 2.23.209.176
  • 2.23.209.148
  • 2.23.209.189
  • 2.23.209.179
  • 2.23.209.133
whitelisted
api.msn.com
  • 204.79.197.203
whitelisted
c.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
c.msn.com
  • 68.219.88.97
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
launch.exe