File name:

xmodhubInstaller__20251209_143503_channel100163.exe

Full analysis: https://app.any.run/tasks/2ddd9ec1-bf2e-49c6-85ed-99746142e7e0
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: March 28, 2026, 07:27:01
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
loader
nodejs
lua
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

6E122B89C72FD7149BB85CA60633582D

SHA1:

E08391F529E6A94E9A313ACCE0159B7ED065B5B3

SHA256:

1F3BFB5889C3A349F214DFC9DBC6BECD1BD8EE239D49E3BACC1BA48803481508

SSDEEP:

98304:e0Pd1PE872ZgomURgsh8X6igyyVHWzOd8HAq/sWlghieYPXEqvMsExy58M3U:3sbxl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • CertMgr.exe (PID: 5748)
      • CertMgr.exe (PID: 680)

    • Changes settings of System certificates

      • CertMgr.exe (PID: 5748)
      • xmodhub.exe (PID: 664)
      • CertMgr.exe (PID: 680)
      • xmodhub.exe (PID: 7796)

    • Changes powershell execution policy (Unrestricted)

      • xmodhub.exe (PID: 664)

  • SUSPICIOUS

    • Searches for installed software

      • xmodhubInstaller__20251209_143503_channel100163.exe (PID: 2952)
      • ChannelInstaller.exe (PID: 6864)
      • xmodhub.exe (PID: 664)
      • xmodhub.exe (PID: 7796)

    • Named pipe usage

      • ChannelInstaller.exe (PID: 6864)

    • Executable content was dropped or overwritten

      • ChannelInstaller.exe (PID: 6864)
      • xmodhub.exe (PID: 664)

    • Drops 7-zip archiver for unpacking

      • ChannelInstaller.exe (PID: 6864)

    • The process drops C-runtime libraries

      • ChannelInstaller.exe (PID: 6864)

    • Starts application with an unusual extension

      • cmd.exe (PID: 5788)
      • cmd.exe (PID: 7892)

    • Starts CMD.EXE with special quote handling

      • cmd.exe (PID: 5788)
      • cmd.exe (PID: 7984)
      • cmd.exe (PID: 1132)
      • cmd.exe (PID: 4776)
      • cmd.exe (PID: 7892)

    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 5788)
      • cmd.exe (PID: 7984)
      • cmd.exe (PID: 1132)
      • cmd.exe (PID: 4776)
      • cmd.exe (PID: 7892)

    • Starts CMD.EXE with AutoRun commands disabled

      • cmd.exe (PID: 5788)
      • cmd.exe (PID: 7984)
      • cmd.exe (PID: 1132)
      • cmd.exe (PID: 4776)
      • cmd.exe (PID: 7892)

    • Application launched itself

      • xmodhub.exe (PID: 664)
      • xmodhub.exe (PID: 7796)

    • Drops a system driver (possible attempt to evade defenses)

      • ChannelInstaller.exe (PID: 6864)

    • Adds/modifies Windows certificates

      • CertMgr.exe (PID: 5748)
      • xmodhub.exe (PID: 664)
      • CertMgr.exe (PID: 680)
      • xmodhub.exe (PID: 7796)

    • The process bypasses the loading of PowerShell profile settings

      • xmodhub.exe (PID: 664)

    • The process hides Powershell's copyright startup banner

      • xmodhub.exe (PID: 664)

    • Starts POWERSHELL.EXE for commands execution

      • xmodhub.exe (PID: 664)

  • INFO

    • Checks supported languages

      • xmodhubInstaller__20251209_143503_channel100163.exe (PID: 2952)
      • ChannelInstaller.exe (PID: 6864)
      • xmodhub.exe (PID: 664)
      • chcp.com (PID: 7428)
      • xmodhub.exe (PID: 7152)
      • xmodhub.exe (PID: 2220)
      • xmodhub.exe (PID: 3324)
      • CertMgr.exe (PID: 5748)
      • xmodhub.exe (PID: 7412)
      • xmodhub.exe (PID: 7796)
      • xmodhub.exe (PID: 4348)
      • chcp.com (PID: 2312)
      • xmodhub.exe (PID: 6064)
      • xmodhub.exe (PID: 7780)
      • xmodhub.exe (PID: 4480)
      • CertMgr.exe (PID: 680)

    • The sample compiled with chinese language support

      • xmodhubInstaller__20251209_143503_channel100163.exe (PID: 2952)
      • ChannelInstaller.exe (PID: 6864)

    • Create files in a temporary directory

      • xmodhubInstaller__20251209_143503_channel100163.exe (PID: 2952)
      • ChannelInstaller.exe (PID: 6864)
      • xmodhub.exe (PID: 664)
      • xmodhub.exe (PID: 7796)

    • Reads the computer name

      • xmodhubInstaller__20251209_143503_channel100163.exe (PID: 2952)
      • ChannelInstaller.exe (PID: 6864)
      • xmodhub.exe (PID: 664)
      • xmodhub.exe (PID: 7412)
      • xmodhub.exe (PID: 2220)
      • xmodhub.exe (PID: 7796)
      • xmodhub.exe (PID: 6064)
      • xmodhub.exe (PID: 7780)

    • Creates a software uninstall entry

      • xmodhubInstaller__20251209_143503_channel100163.exe (PID: 2952)
      • ChannelInstaller.exe (PID: 6864)
      • xmodhub.exe (PID: 664)

    • The sample compiled with english language support

      • ChannelInstaller.exe (PID: 6864)

    • The sample compiled with bulgarian language support

      • ChannelInstaller.exe (PID: 6864)

    • The sample compiled with french language support

      • ChannelInstaller.exe (PID: 6864)

    • The sample compiled with german language support

      • ChannelInstaller.exe (PID: 6864)

    • Creates files or folders in the user directory

      • ChannelInstaller.exe (PID: 6864)
      • xmodhub.exe (PID: 7152)
      • xmodhub.exe (PID: 664)
      • xmodhub.exe (PID: 2220)
      • xmodhub.exe (PID: 4348)
      • xmodhub.exe (PID: 7796)
      • xmodhub.exe (PID: 6064)

    • Reads Environment values

      • xmodhub.exe (PID: 664)
      • xmodhub.exe (PID: 7796)

    • Reads security settings of Internet Explorer

      • ChannelInstaller.exe (PID: 6864)

    • Reads product name

      • xmodhub.exe (PID: 664)
      • xmodhub.exe (PID: 7796)

    • Changes the display of characters in the console

      • cmd.exe (PID: 5788)
      • cmd.exe (PID: 7892)

    • Reads the machine GUID from the registry

      • xmodhub.exe (PID: 664)
      • CertMgr.exe (PID: 5748)
      • CertMgr.exe (PID: 680)
      • xmodhub.exe (PID: 7796)

    • Reads CPU info

      • xmodhub.exe (PID: 664)
      • xmodhub.exe (PID: 7796)

    • Node.js compiler has been detected

      • xmodhub.exe (PID: 664)
      • xmodhub.exe (PID: 7152)

    • Manual execution by a user

      • xmodhub.exe (PID: 6840)
      • xmodhub.exe (PID: 7796)

    • The process uses Lua

      • xmodhub.exe (PID: 664)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.dll | Win32 Dynamic Link Library (generic) (4.9)
.exe | Win32 Executable (generic) (3.4)
.exe | Generic Win/DOS Executable (1.5)
.exe | DOS Executable Generic (1.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:12:09 06:44:02+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.16
CodeSize: 1369600
InitializedDataSize: 1131520
UninitializedDataSize: -
EntryPoint: 0xe0e4e
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.22.0.700
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Chinese (Simplified)
CharacterSet: Unicode
CompanyName: 成都威算科技有限公司
FileDescription: xmodhub
FileVersion: 1.22.0.700
InternalName: install.exe
LegalCopyright: (C) 成都威算科技有限公司
OriginalFileName: install.exe
ProductName: xmodhub
ProductVersion: 1.22.0.700
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
210
Monitored processes
69
Malicious processes
5
Suspicious processes
3

Behavior graph

Click at the process to see the details
start xmodhubinstaller__20251209_143503_channel100163.exe channelinstaller.exe xmodhub.exe cmd.exe no specs conhost.exe no specs chcp.com no specs xmodhub.exe no specs xmodhub.exe no specs xmodhub.exe xmodhub.exe no specs certmgr.exe no specs conhost.exe no specs ping.exe no specs conhost.exe no specs ping.exe no specs conhost.exe no specs ping.exe no specs ping.exe no specs conhost.exe no specs ping.exe no specs ping.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs ping.exe no specs conhost.exe no specs ping.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs findstr.exe no specs cmd.exe no specs conhost.exe no specs xmodhub.exe no specs xmodhub.exe cmd.exe no specs conhost.exe no specs chcp.com no specs xmodhub.exe no specs xmodhub.exe no specs xmodhub.exe xmodhub.exe no specs certmgr.exe no specs conhost.exe no specs ping.exe no specs conhost.exe no specs ping.exe no specs conhost.exe no specs ping.exe no specs ping.exe no specs conhost.exe no specs ping.exe no specs ping.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs ping.exe no specs conhost.exe no specs ping.exe no specs conhost.exe no specs xmodhubinstaller__20251209_143503_channel100163.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
144\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exePING.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
508\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exePING.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
664"C:\Program Files (x86)\xmodhub\xmodhub.exe" C:\Users\admin\Desktop\xmodhubInstaller__20251209_143503_channel100163.exeC:\Program Files (x86)\xmodhub\xmodhub.exe
ChannelInstaller.exe
User:
admin
Company:
成都威算科技有限公司
Integrity Level:
HIGH
Description:
xmodhub
Exit code:
0
Version:
1.26.0.766
Modules
Images
c:\program files (x86)\xmodhub\xmodhub.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
680"C:\Program Files (x86)\xmodhub\cert\CertMgr.exe" -all -add "C:\Program Files (x86)\xmodhub\cert\squidV2.crt" -s -r localMachine RootC:\Program Files (x86)\xmodhub\cert\CertMgr.exexmodhub.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
ECM Certificate Manager
Exit code:
0
Version:
10.0.16299.15 (WinBuild.160101.0800)
Modules
Images
c:\program files (x86)\xmodhub\cert\certmgr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
812\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exePING.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1132C:\WINDOWS\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""C:\Windows\System32\cmd.exexmodhub.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
1176C:\WINDOWS/system32/ping.exe -4 -w 3000 -n 1 -l 32 xmodbff.xhubplay.comC:\Windows\System32\PING.EXExmodhub.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
TCP/IP Ping Command
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\ping.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
1192\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exePING.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1268\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exePING.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1684C:\WINDOWS/system32/ping.exe -4 -w 3000 -n 1 -l 32 cbs.xhubplay.comC:\Windows\System32\PING.EXExmodhub.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
TCP/IP Ping Command
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\ping.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
Total events
36 777
Read events
36 748
Write events
20
Delete events
9

Modification events

(PID) Process:(2952) xmodhubInstaller__20251209_143503_channel100163.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\xmodhub
Operation:writeName:DisplayVersion
Value:
(PID) Process:(6864) ChannelInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\xmodhub
Operation:writeName:UninstallString
Value:
(PID) Process:(6864) ChannelInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\xmodhub
Operation:writeName:DisplayName
Value:
xmodhub
(PID) Process:(6864) ChannelInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\xmodhub
Operation:writeName:URLInfoAbout
Value:
https://www.xmodhub.com/
(PID) Process:(6864) ChannelInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\xmodhub
Operation:writeName:Publisher
Value:
成都威算科技有限公司
(PID) Process:(6864) ChannelInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\xmodhub
Operation:writeName:DisplayVersion
Value:
1.26.0
(PID) Process:(6864) ChannelInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\xmodhub
Operation:writeName:DisplayIcon
Value:
C:\Program Files (x86)\xmodhub\xmodhub.exe
(PID) Process:(6864) ChannelInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\xmodhub
Operation:writeName:UninstallString
Value:
C:\Program Files (x86)\xmodhub\xmodhub_uninstall.exe
(PID) Process:(6864) ChannelInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\xmodhub
Operation:writeName:PlatformID
Value:
(PID) Process:(6864) ChannelInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\xmodhub
Operation:writeName:AID
Value:
Executable files
93
Suspicious files
77
Text files
147
Unknown types
0

Dropped files

PID
Process
Filename
Type
2952xmodhubInstaller__20251209_143503_channel100163.exeC:\Users\admin\AppData\Local\Temp\ChannelInstaller.exe
MD5:
SHA256:
6864ChannelInstaller.exeC:\Users\admin\AppData\Local\Temp\xmodhub.7z
MD5:
SHA256:
6864ChannelInstaller.exeC:\Program Files (x86)\xmodhub\resources.pak
MD5:
SHA256:
6864ChannelInstaller.exeC:\Program Files (x86)\xmodhub\locales\ja.pakbinary
MD5:67A379C826F0EB60750BFBA0B8E10468
SHA256:2C5457B0FA6FE41B7B524AA726DAE4DD69E7072864F73F211C731810D00B9323
6864ChannelInstaller.exeC:\Program Files (x86)\xmodhub\locales\id.pakbinary
MD5:0E82CF23475AB7328741670F4DFA3093
SHA256:21368245D99265E760B1B57A3169FEB72E6B5099C3F1855155D147B2F788EDA4
6864ChannelInstaller.exeC:\Program Files (x86)\xmodhub\locales\ko.pakbinary
MD5:3340FD0A5E8F97F122E1D6E9A2052CA6
SHA256:3EE7D79AF9EC226BEBFDD9D79907F1BC97D528D2009DBD0DB23D74AD655E0256
6864ChannelInstaller.exeC:\Program Files (x86)\xmodhub\resources\app.asar.unpacked\resources\Sounds\CheatActive.mp3binary
MD5:E8EDBA02E810542D3A1D1007B604540A
SHA256:B91488E7CFFEFB807F2AA2607C358266BD8ACFB59DFCF10AE3D2B7A7433EB8AA
6864ChannelInstaller.exeC:\Program Files (x86)\xmodhub\locales\fr.pakbinary
MD5:13968778147DAD5AF68FDB7464CA517C
SHA256:7AF39AF49846FBA6D6B8EE18B2A212F1323EBC1CFF1AF0053194D01D8D5433F6
6864ChannelInstaller.exeC:\Program Files (x86)\xmodhub\locales\pt-BR.pakbinary
MD5:E4B1FB0229DC7A913012CB5313123C3C
SHA256:7B171F2A6D46295147A8D10E475048BAC4346C6A5162B32A0336334BACCAD520
6864ChannelInstaller.exeC:\Program Files (x86)\xmodhub\LICENSES.chromium.html
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
39
TCP/UDP connections
60
DNS requests
52
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2952
xmodhubInstaller__20251209_143503_channel100163.exe
GET
163.181.58.170:443
https://xmod-static.xhubplay.com/xmod/official/pc/client_channel/xmodhubInstaller.exe
unknown
unknown
5276
MoUsoCoreWorker.exe
GET
304
51.104.136.2:443
https://settings-win.data.microsoft.com/settings/v3.0/OneSettings/Client?OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&LocalDeviceID=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&AttrDataVer=186&OSUILocale=en-US&OSSkuId=48&App=WOSC&AppVer=&IsFlightingEnabled=0&TelemetryLevel=1&DeviceFamily=Windows.Desktop
unknown
whitelisted
1176
SIHClient.exe
GET
304
20.165.94.63:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
whitelisted
1176
SIHClient.exe
GET
200
74.178.76.54:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
unknown
whitelisted
1176
SIHClient.exe
GET
200
20.165.94.63:443
https://slscr.update.microsoft.com/sls/ping
unknown
whitelisted
1176
SIHClient.exe
GET
304
20.165.94.63:443
https://slscr.update.microsoft.com/SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
whitelisted
5316
svchost.exe
GET
200
162.159.142.9:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
whitelisted
5316
svchost.exe
POST
200
20.190.160.3:443
https://login.live.com/RST2.srf
unknown
xml
1.24 Kb
whitelisted
5392
svchost.exe
GET
304
20.73.194.208:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/UpdateHealthTools?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3626&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=SedimentPack&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
unknown
whitelisted
5316
svchost.exe
POST
400
20.190.160.3:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
5392
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5276
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
128.24.231.65:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
5316
svchost.exe
20.190.160.3:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5316
svchost.exe
162.159.142.9:80
ocsp.digicert.com
CLOUDFLARENET
US
whitelisted
2952
xmodhubInstaller__20251209_143503_channel100163.exe
163.181.58.170:443
xmod-static.xhubplay.com
TAOBAO Zhejiang Taobao Network Co.,Ltd
CN
whitelisted
3428
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5392
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 51.104.136.2
  • 20.73.194.208
whitelisted
activation-v2.sls.microsoft.com
  • 128.24.231.65
whitelisted
google.com
  • 142.251.127.101
  • 142.251.127.100
  • 142.251.127.138
  • 142.251.127.139
  • 142.251.127.102
  • 142.251.127.113
whitelisted
login.live.com
  • 20.190.160.3
  • 20.190.160.2
  • 20.190.160.67
  • 40.126.32.133
  • 20.190.160.65
  • 40.126.32.138
  • 40.126.32.72
  • 20.190.160.20
whitelisted
ocsp.digicert.com
  • 162.159.142.9
  • 172.66.2.5
whitelisted
xmod-static.xhubplay.com
  • 163.181.58.170
  • 163.181.58.177
  • 163.181.58.176
  • 163.181.58.174
  • 163.181.58.175
  • 163.181.58.172
  • 163.181.58.171
  • 163.181.58.173
unknown
client.wns.windows.com
  • 172.211.123.249
whitelisted
crl.microsoft.com
  • 23.216.77.42
  • 23.216.77.8
  • 23.216.77.36
  • 23.216.77.6
  • 23.216.77.22
  • 23.216.77.28
whitelisted
www.microsoft.com
  • 23.59.18.102
whitelisted
slscr.update.microsoft.com
  • 20.165.94.63
whitelisted

Threats

PID
Process
Class
Message
5392
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
Process
Message
xmodhubInstaller__20251209_143503_channel100163.exe
platform_id:,aid:
xmodhubInstaller__20251209_143503_channel100163.exe
SelectPage:3036:1,page:1
xmodhubInstaller__20251209_143503_channel100163.exe
__update namepipestr \\.\pipe\autoupdate_pipe_xmod_2952
ChannelInstaller.exe
platform_id:,aid:
ChannelInstaller.exe
\\.\pipe\autoupdate_pipe_xmod_2952
xmodhubInstaller__20251209_143503_channel100163.exe
Client connected suc
ChannelInstaller.exe
__install pipename suc \\.\pipe\autoupdate_pipe_xmod_2952
ChannelInstaller.exe
SelectPage:2100:1,page:1
xmodhubInstaller__20251209_143503_channel100163.exe
__update ReadFile 1
xmodhubInstaller__20251209_143503_channel100163.exe
__update ReadFile 2
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
xmodhubInstaller__20251209_143503_channel100163.exe