File name:

Migurinth_0.10.27-138_x64-setup.exe

Full analysis: https://app.any.run/tasks/1cb43c2a-99d9-440d-86bd-bc683944bf75
Verdict: Malicious activity
Analysis date: March 01, 2026, 23:17:19
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto-reg
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

9F36FDB2BADCF35B357E57FAC6ED8BF6

SHA1:

8EFF0D4575A05DC995CBBA4410EE84A90B5A655B

SHA256:

30E9D799EC1B154D4E35DDA69C4FEB373E58F1EFB53734E500274877C3C44067

SSDEEP:

98304:bJ88Ef7QHjkMV8SHqwccwn42DvpX2A5TuvzawiXvNCRCnzK83CLHCI0kyIvAjuDm:bZhRcIX2C+MlX6VJR5JqKnQPq

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 2912)

    • Potential DLL hijacking behavior detected

      • msedgewebview2.exe (PID: 2460)

    • Scans artifacts that could help determine the target

      • msedgewebview2.exe (PID: 1584)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Migurinth_0.10.27-138_x64-setup.exe (PID: 6912)

    • Searches for installed software

      • Migurinth_0.10.27-138_x64-setup.exe (PID: 6912)
      • setup.exe (PID: 8860)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 2428)
      • MicrosoftEdgeUpdate.exe (PID: 2912)

    • The process creates files with name similar to system file names

      • Migurinth_0.10.27-138_x64-setup.exe (PID: 6912)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 2912)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 9028)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 2756)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 468)
      • MicrosoftEdgeUpdate.exe (PID: 8228)

    • Application launched itself

      • setup.exe (PID: 8860)
      • MicrosoftEdgeUpdate.exe (PID: 4540)
      • msedgewebview2.exe (PID: 1584)

  • INFO

    • The sample compiled with english language support

      • Migurinth_0.10.27-138_x64-setup.exe (PID: 6912)

    • Checks proxy server information

      • Migurinth_0.10.27-138_x64-setup.exe (PID: 6912)
      • MicrosoftEdgeUpdate.exe (PID: 5108)
      • MicrosoftEdgeUpdate.exe (PID: 4540)
      • MicrosoftEdgeUpdate.exe (PID: 7932)
      • msedgewebview2.exe (PID: 1584)
      • slui.exe (PID: 8260)
      • Migurinth.exe (PID: 6792)

    • Checks supported languages

      • Migurinth_0.10.27-138_x64-setup.exe (PID: 6912)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2428)
      • MicrosoftEdgeUpdate.exe (PID: 2912)
      • MicrosoftEdgeUpdate.exe (PID: 8228)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 468)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 2756)
      • MicrosoftEdgeUpdateCore.exe (PID: 5768)
      • MicrosoftEdgeUpdate.exe (PID: 5108)
      • MicrosoftEdgeUpdate.exe (PID: 3244)
      • MicrosoftEdgeUpdate.exe (PID: 1176)
      • MicrosoftEdgeUpdate.exe (PID: 4540)
      • MicrosoftEdge_X64_145.0.3800.82.exe (PID: 6996)
      • setup.exe (PID: 9072)
      • setup.exe (PID: 8860)
      • MicrosoftEdgeUpdate.exe (PID: 7932)
      • Migurinth.exe (PID: 6792)
      • msedgewebview2.exe (PID: 1584)
      • msedgewebview2.exe (PID: 7864)
      • msedgewebview2.exe (PID: 2460)
      • msedgewebview2.exe (PID: 2252)
      • msedgewebview2.exe (PID: 4472)
      • msedgewebview2.exe (PID: 5048)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 9028)

    • Reads the computer name

      • Migurinth_0.10.27-138_x64-setup.exe (PID: 6912)
      • MicrosoftEdgeUpdate.exe (PID: 2912)
      • MicrosoftEdgeUpdate.exe (PID: 8228)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 468)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 2756)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 9028)
      • MicrosoftEdgeUpdateCore.exe (PID: 5768)
      • MicrosoftEdgeUpdate.exe (PID: 3244)
      • MicrosoftEdgeUpdate.exe (PID: 5108)
      • MicrosoftEdgeUpdate.exe (PID: 1176)
      • MicrosoftEdgeUpdate.exe (PID: 4540)
      • MicrosoftEdge_X64_145.0.3800.82.exe (PID: 6996)
      • setup.exe (PID: 8860)
      • MicrosoftEdgeUpdate.exe (PID: 7932)
      • Migurinth.exe (PID: 6792)
      • msedgewebview2.exe (PID: 1584)
      • msedgewebview2.exe (PID: 2460)
      • msedgewebview2.exe (PID: 2252)

    • Create files in a temporary directory

      • Migurinth_0.10.27-138_x64-setup.exe (PID: 6912)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2428)
      • msedgewebview2.exe (PID: 1584)

    • Creates files or folders in the user directory

      • MicrosoftEdgeUpdate.exe (PID: 2912)
      • MicrosoftEdgeUpdate.exe (PID: 4540)
      • MicrosoftEdge_X64_145.0.3800.82.exe (PID: 6996)
      • setup.exe (PID: 9072)
      • setup.exe (PID: 8860)
      • Migurinth_0.10.27-138_x64-setup.exe (PID: 6912)
      • Migurinth.exe (PID: 6792)
      • msedgewebview2.exe (PID: 1584)
      • msedgewebview2.exe (PID: 7864)
      • msedgewebview2.exe (PID: 2252)

    • Launching a file from a Registry key

      • MicrosoftEdgeUpdate.exe (PID: 2912)

    • Manual execution by a user

      • MicrosoftEdgeUpdateCore.exe (PID: 5768)
      • Migurinth.exe (PID: 6792)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 5108)
      • MicrosoftEdgeUpdate.exe (PID: 7932)
      • Migurinth.exe (PID: 6792)
      • msedgewebview2.exe (PID: 1584)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 2912)
      • MicrosoftEdgeUpdate.exe (PID: 4540)
      • msedgewebview2.exe (PID: 1584)

    • Reads the machine GUID from the registry

      • MicrosoftEdgeUpdate.exe (PID: 5108)
      • MicrosoftEdgeUpdate.exe (PID: 4540)
      • MicrosoftEdgeUpdate.exe (PID: 7932)
      • msedgewebview2.exe (PID: 1584)

    • There is functionality for taking screenshot (YARA)

      • Migurinth_0.10.27-138_x64-setup.exe (PID: 6912)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 2912)
      • setup.exe (PID: 8860)
      • msedgewebview2.exe (PID: 1584)
      • msedgewebview2.exe (PID: 5048)

    • Drops script file

      • setup.exe (PID: 8860)

    • Creates a software uninstall entry

      • setup.exe (PID: 8860)
      • Migurinth_0.10.27-138_x64-setup.exe (PID: 6912)

    • Reads product name

      • Migurinth.exe (PID: 6792)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:09:25 21:56:47+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x3640
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 0.10.27.0
ProductVersionNumber: 0.10.27.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: Migurinth
FileVersion: 0.10.27-138
LegalCopyright: -
ProductName: Migurinth
ProductVersion: 0.10.27-138
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
171
Monitored processes
24
Malicious processes
2
Suspicious processes
4

Behavior graph

Click at the process to see the details
start migurinth_0.10.27-138_x64-setup.exe microsoftedgewebview2setup.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecore.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe slui.exe microsoftedge_x64_145.0.3800.82.exe no specs setup.exe no specs setup.exe no specs microsoftedgeupdate.exe migurinth.exe msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
468"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.223.11\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.223.11\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.223.11
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.223.11\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1176"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=false" /installsource otherinstallcmd /sessionid "{30873666-E1F9-41F1-B7D9-FB106914A91B}" /silentC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.223.11
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
1584"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.82\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Migurinth.exe --webview-exe-version=0.10.27-138 --user-data-dir="C:\Users\admin\AppData\Local\Migurinth\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --lang=en-US --mojo-named-platform-channel-pipe=6792.7920.15741704512188078076C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.82\msedgewebview2.exe
Migurinth.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
145.0.3800.82
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.82\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.82\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
2252"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.82\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\Migurinth\EBWebView" --webview-exe-name=Migurinth.exe --webview-exe-version=0.10.27-138 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --startup-read-main-dll --metrics-shmem-handle=2196,i,17733791233916216652,9009448647055677434,524288 --field-trial-handle=1936,i,3671725766386411697,10165952083311288752,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --trace-process-track-uuid=3190708989122997041 --mojo-platform-channel-handle=2192 /prefetch:3C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.82\msedgewebview2.exe
msedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
145.0.3800.82
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.82\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.82\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
2428C:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe /silent /installC:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exeMigurinth_0.10.27-138_x64-setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update Setup
Exit code:
0
Version:
1.3.223.11
Modules
Images
c:\users\admin\appdata\local\temp\microsoftedgewebview2setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2460"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.82\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\Migurinth\EBWebView" --webview-exe-name=Migurinth.exe --webview-exe-version=0.10.27-138 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --startup-read-main-dll --metrics-shmem-handle=1764,i,4781816751757404718,10599875130997716645,262144 --field-trial-handle=1936,i,3671725766386411697,10165952083311288752,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --trace-process-track-uuid=3190708988185955192 --mojo-platform-channel-handle=1928 /prefetch:2C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.82\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
145.0.3800.82
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.82\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.82\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
2756"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.223.11\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.223.11\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.223.11
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.223.11\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
2912C:\Users\admin\AppData\Local\Temp\EU8347.tmp\MicrosoftEdgeUpdate.exe /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"C:\Users\admin\AppData\Local\Temp\EU8347.tmp\MicrosoftEdgeUpdate.exe
MicrosoftEdgeWebview2Setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.223.11
Modules
Images
c:\users\admin\appdata\local\temp\eu8347.tmp\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
3244"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /cC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdateCore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.223.11
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
4472"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.82\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\Migurinth\EBWebView" --webview-exe-name=Migurinth.exe --webview-exe-version=0.10.27-138 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --startup-read-main-dll --metrics-shmem-handle=2348,i,7896862234724986780,17248352924313378610,524288 --field-trial-handle=1936,i,3671725766386411697,10165952083311288752,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --trace-process-track-uuid=3190708990060038890 --mojo-platform-channel-handle=2360 /prefetch:8C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.82\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
145.0.3800.82
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.82\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.82\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
Total events
22 154
Read events
19 315
Write events
2 771
Delete events
68

Modification events

(PID) Process:(2912) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(2912) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:path
Value:
C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(PID) Process:(2912) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:CopilotUpdatePath
Value:
C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\CopilotUpdate.exe
(PID) Process:(2912) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:UninstallCmdLine
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /uninstall
(PID) Process:(2912) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.223.11
(PID) Process:(2912) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:name
Value:
Microsoft Edge Update
(PID) Process:(2912) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.223.11
(PID) Process:(2912) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Microsoft Edge Update
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.223.11\MicrosoftEdgeUpdateCore.exe"
(PID) Process:(2912) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:edgeupdate_task_name_c
Value:
MicrosoftEdgeUpdateTaskUserS-1-5-21-1693682860-607145093-2874071422-1001Core{41AADBE6-94AD-4073-9A53-41B3D993E618}
(PID) Process:(2912) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:edgeupdate_task_name_ua
Value:
MicrosoftEdgeUpdateTaskUserS-1-5-21-1693682860-607145093-2874071422-1001UA{1942D4AD-F6D7-4D0E-B688-98D513EE2434}
Executable files
0
Suspicious files
9
Text files
20
Unknown types
350

Dropped files

PID
Process
Filename
Type
2428MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU8347.tmp\psmachine.dllbinary
MD5:5EDAE0C3BB3B5A4CE707451962D74E7A
SHA256:2308CDE68A1CB142E2F0CEB388717B4E5C5622B74F25B2A4ACC2F216FE6C79CB
2428MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU8347.tmp\MicrosoftEdgeUpdateOnDemand.exebinary
MD5:04C1C922A566B595BD9BA76C56BC2829
SHA256:62EA469AAF042615085B9562FD03B2C500E9B546A7B8AEFE300E370B55B35091
2428MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU8347.tmp\msedgeupdate.dllbinary
MD5:6280E5E7732D12D4D3229CCE4AF11C44
SHA256:2DFD1C1379D56E5DD5682691C3412E18C1BA22C600997D6D2E60C393EF86B49E
6912Migurinth_0.10.27-138_x64-setup.exeC:\Users\admin\AppData\Local\Temp\nsk6542.tmp\NSISdl.dllbinary
MD5:EE68463FED225C5C98D800BDBD205598
SHA256:419485A096BC7D95F872ED1B9B7B5C537231183D710363BEEE4D235BB79DBE04
2428MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU8347.tmp\MicrosoftEdgeUpdate.exebinary
MD5:914935EB0B6612DD88BB6BC0072534BE
SHA256:75E2B57A45553E33851C84E00DBFF3704B3253D68F79E5540DD4C862B331612B
6912Migurinth_0.10.27-138_x64-setup.exeC:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exebinary
MD5:E1B8E430FFC4F86DB1FA3C587D2CCB36
SHA256:FE1A747FCB4BC6587FC3CB4C1753B09E2095164BA2129465DA0326DEDD76F831
2428MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU8347.tmp\CopilotUpdate.exebinary
MD5:FEDE51F282FA88344B5BC59C9139EC34
SHA256:6C7B99587D6BFC625907E7C45AB29DE9DD8553F4D9F1CBCD64BC93D99820E112
2428MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU8347.tmp\MicrosoftEdgeComRegisterShellARM64.exebinary
MD5:05ED214B1EF9949DAA8700982EEA2A15
SHA256:B761F7CEB6BAEE53071E35A94A5C3BBF3904E3D03DE9AF13443F3F409D160A03
2428MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU8347.tmp\MicrosoftEdgeUpdateComRegisterShell64.exebinary
MD5:BC5BB4B3026DEEA250D14823D6868014
SHA256:53D7009905C1322FBA275FB8AAB53D5E1B4B3DCF6498D15F2CB7DD37C2CDA796
2428MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU8347.tmp\psuser.dllbinary
MD5:93D8012EF9FE61F432B5EB2C9F16DF23
SHA256:DCA9A2D1E43D48B1AA0C32EAF827F1B56AEFC621216AD8CF241FE85F909C51DD
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
83
TCP/UDP connections
132
DNS requests
44
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7240
svchost.exe
GET
200
23.55.110.211:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.55.110.211:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6768
MoUsoCoreWorker.exe
GET
200
23.55.110.211:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
72.246.29.11:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6768
MoUsoCoreWorker.exe
GET
200
72.246.29.11:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
3920
SIHClient.exe
GET
304
135.232.92.137:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
whitelisted
7240
svchost.exe
GET
200
72.246.29.11:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
200
40.126.31.67:443
https://login.live.com/RST2.srf
unknown
binary
11.1 Kb
whitelisted
POST
200
20.190.159.75:443
https://login.live.com/RST2.srf
unknown
binary
10.3 Kb
whitelisted
POST
200
40.126.31.67:443
https://login.live.com/RST2.srf
unknown
binary
10.3 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
184.86.251.27:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
7240
svchost.exe
23.55.110.211:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
23.55.110.211:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
6768
MoUsoCoreWorker.exe
23.55.110.211:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
72.246.29.11:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
6768
MoUsoCoreWorker.exe
72.246.29.11:80
www.microsoft.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
self.events.data.microsoft.com
  • 13.89.178.26
  • 20.42.73.24
whitelisted
www.bing.com
  • 184.86.251.27
  • 184.86.251.22
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
google.com
  • 142.250.186.78
whitelisted
crl.microsoft.com
  • 23.55.110.211
  • 23.55.110.193
  • 184.24.77.35
  • 184.24.77.37
whitelisted
www.microsoft.com
  • 72.246.29.11
  • 23.52.181.212
  • 88.221.169.152
whitelisted
login.live.com
  • 20.190.159.68
  • 40.126.31.67
  • 40.126.31.3
  • 40.126.31.2
  • 20.190.159.2
  • 20.190.159.23
  • 20.190.159.128
  • 40.126.31.131
whitelisted
go.microsoft.com
  • 88.221.169.205
whitelisted
msedge.sf.dl.delivery.mp.microsoft.com
  • 199.232.210.172
  • 199.232.214.172
whitelisted

Threats

PID
Process
Class
Message
6912
Migurinth_0.10.27-138_x64-setup.exe
Misc activity
ET INFO Packed Executable Download
8376
svchost.exe
Misc activity
ET INFO Packed Executable Download
2252
msedgewebview2.exe
Misc activity
ET INFO Free Online Form Builder Domain in DNS Lookup (tally .so)
2252
msedgewebview2.exe
Misc activity
ET INFO Free Online Form Builder Domain in DNS Lookup (tally .so)
Process
Message
msedgewebview2.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Local\Migurinth directory exists )
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Migurinth_0.10.27-138_x64-setup.exe