File name:

Vynx Launcher_1.0.0_x64_en-US.msi

Full analysis: https://app.any.run/tasks/8cf5fc07-c85d-476a-a9b7-9a0bedc4841f
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: December 20, 2025, 20:46:15
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
generated-doc
loader
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Vynx Launcher, Author: VynxLauncher, Keywords: Installer, Comments: This installer database contains the logic and data required to install Vynx Launcher., Template: x64;0, Revision Number: {30E98CB8-DAE7-4C89-8790-BA015302A8EF}, Create Time/Date: Sat Dec 20 19:02:06 2025, Last Saved Time/Date: Sat Dec 20 19:02:06 2025, Number of Pages: 450, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
MD5:

94282C58BD48AFB63A56BB2E0DB226CA

SHA1:

E7586E281C457B2D3F5F49E4ACBC6EF42296C90A

SHA256:

97153100819DA63021233AED652D78E52366CC58053725BC251DEE741AAD5BD8

SSDEEP:

98304:NzrZY+o7BZJGSiALDQJD5PBnlH0Xsqa96ksRUK52oMiM1klh29hhaei/iWdKwxCX:GB1VUUXa5

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Run PowerShell with an invisible window

      • powershell.exe (PID: 7188)

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 8044)

    • Potential DLL hijacking behavior detected

      • msedgewebview2.exe (PID: 1868)

  • SUSPICIOUS

    • Executes as Windows Service

      • VSSVC.exe (PID: 7856)

    • Downloads file from URI via Powershell

      • powershell.exe (PID: 7188)

    • Starts process via Powershell

      • powershell.exe (PID: 7188)

    • Manipulates environment variables

      • powershell.exe (PID: 7188)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 6508)
      • MicrosoftEdgeUpdate.exe (PID: 8044)

    • Executable content was dropped or overwritten

      • MicrosoftEdgeWebview2Setup.exe (PID: 6508)
      • powershell.exe (PID: 7188)
      • MicrosoftEdgeUpdate.exe (PID: 8044)
      • MicrosoftEdge_X64_143.0.3650.96.exe (PID: 5604)
      • setup.exe (PID: 3352)

    • Process drops legitimate windows executable

      • MicrosoftEdgeWebview2Setup.exe (PID: 6508)
      • powershell.exe (PID: 7188)
      • MicrosoftEdgeUpdate.exe (PID: 8044)
      • MicrosoftEdge_X64_143.0.3650.96.exe (PID: 5604)
      • setup.exe (PID: 3352)

    • The process bypasses the loading of PowerShell profile settings

      • msiexec.exe (PID: 7716)

    • Starts POWERSHELL.EXE for commands execution

      • msiexec.exe (PID: 7716)

    • Gets or sets the security protocol (POWERSHELL)

      • powershell.exe (PID: 7188)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8124)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 424)
      • MicrosoftEdgeUpdate.exe (PID: 2864)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7512)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 8044)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 8044)
      • MicrosoftEdgeUpdate.exe (PID: 8152)
      • msedgewebview2.exe (PID: 3040)

    • Application launched itself

      • setup.exe (PID: 3352)
      • MicrosoftEdgeUpdate.exe (PID: 8152)
      • msedgewebview2.exe (PID: 3040)

    • Searches for installed software

      • setup.exe (PID: 3352)
      • msedgewebview2.exe (PID: 3040)

    • Connects to unusual port

      • msedgewebview2.exe (PID: 7472)

  • INFO

    • Checks supported languages

      • msiexec.exe (PID: 7716)
      • msiexec.exe (PID: 7800)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6508)
      • MicrosoftEdgeUpdate.exe (PID: 2864)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8124)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 424)
      • MicrosoftEdgeUpdate.exe (PID: 8044)
      • MicrosoftEdgeUpdate.exe (PID: 7468)
      • MicrosoftEdgeUpdate.exe (PID: 3656)
      • MicrosoftEdgeUpdate.exe (PID: 8152)
      • MicrosoftEdge_X64_143.0.3650.96.exe (PID: 5604)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7512)
      • setup.exe (PID: 3352)
      • setup.exe (PID: 144)
      • MicrosoftEdgeUpdate.exe (PID: 4680)
      • launcher.exe (PID: 2228)
      • msedgewebview2.exe (PID: 3040)
      • msedgewebview2.exe (PID: 5416)
      • msedgewebview2.exe (PID: 1868)
      • msedgewebview2.exe (PID: 7472)
      • msedgewebview2.exe (PID: 2480)
      • msedgewebview2.exe (PID: 7228)
      • msedgewebview2.exe (PID: 8032)
      • msedgewebview2.exe (PID: 8140)
      • msedgewebview2.exe (PID: 7396)

    • An automatically generated document

      • msiexec.exe (PID: 7584)

    • Manages system restore points

      • SrTasks.exe (PID: 7492)

    • Reads the computer name

      • msiexec.exe (PID: 7800)
      • msiexec.exe (PID: 7716)
      • MicrosoftEdgeUpdate.exe (PID: 2864)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8124)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 424)
      • MicrosoftEdgeUpdate.exe (PID: 8044)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7512)
      • MicrosoftEdgeUpdate.exe (PID: 7468)
      • MicrosoftEdgeUpdate.exe (PID: 8152)
      • MicrosoftEdgeUpdate.exe (PID: 3656)
      • MicrosoftEdge_X64_143.0.3650.96.exe (PID: 5604)
      • setup.exe (PID: 3352)
      • MicrosoftEdgeUpdate.exe (PID: 4680)
      • launcher.exe (PID: 2228)
      • msedgewebview2.exe (PID: 3040)
      • msedgewebview2.exe (PID: 1868)
      • msedgewebview2.exe (PID: 7472)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 7584)
      • msiexec.exe (PID: 7716)

    • Create files in a temporary directory

      • MicrosoftEdgeWebview2Setup.exe (PID: 6508)
      • msedgewebview2.exe (PID: 3040)

    • The sample compiled with english language support

      • MicrosoftEdgeWebview2Setup.exe (PID: 6508)
      • powershell.exe (PID: 7188)
      • MicrosoftEdgeUpdate.exe (PID: 8044)
      • MicrosoftEdge_X64_143.0.3650.96.exe (PID: 5604)
      • setup.exe (PID: 3352)

    • Disables trace logs

      • powershell.exe (PID: 7188)

    • Checks proxy server information

      • powershell.exe (PID: 7188)
      • MicrosoftEdgeUpdate.exe (PID: 7468)
      • MicrosoftEdgeUpdate.exe (PID: 8152)
      • MicrosoftEdgeUpdate.exe (PID: 4680)
      • launcher.exe (PID: 2228)
      • msedgewebview2.exe (PID: 3040)
      • slui.exe (PID: 7940)

    • The executable file from the user directory is run by the Powershell process

      • MicrosoftEdgeWebview2Setup.exe (PID: 6508)

    • Launching a file from a Registry key

      • MicrosoftEdgeUpdate.exe (PID: 8044)

    • Creates files or folders in the user directory

      • MicrosoftEdgeUpdate.exe (PID: 8044)
      • MicrosoftEdgeUpdate.exe (PID: 8152)
      • MicrosoftEdge_X64_143.0.3650.96.exe (PID: 5604)
      • setup.exe (PID: 144)
      • setup.exe (PID: 3352)
      • msedgewebview2.exe (PID: 3040)
      • msedgewebview2.exe (PID: 5416)
      • msedgewebview2.exe (PID: 7472)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 7468)
      • MicrosoftEdgeUpdate.exe (PID: 4680)
      • msedgewebview2.exe (PID: 3040)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 8044)
      • setup.exe (PID: 3352)
      • msedgewebview2.exe (PID: 3040)
      • msedgewebview2.exe (PID: 2480)

    • Reads the machine GUID from the registry

      • MicrosoftEdgeUpdate.exe (PID: 8152)
      • msedgewebview2.exe (PID: 3040)

    • Creates a software uninstall entry

      • setup.exe (PID: 3352)

    • Reads CPU info

      • msedgewebview2.exe (PID: 3040)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Windows Installer (98.5)
.msi | Microsoft Installer (100)

EXIF

FlashPix

CodePage: Windows Latin 1 (Western European)
Title: Installation Database
Subject: Vynx Launcher
Author: VynxLauncher
Keywords: Installer
Comments: This installer database contains the logic and data required to install Vynx Launcher.
Template: x64;0
RevisionNumber: {30E98CB8-DAE7-4C89-8790-BA015302A8EF}
CreateDate: 2025:12:20 19:02:06
ModifyDate: 2025:12:20 19:02:06
Pages: 450
Words: 2
Software: Windows Installer XML Toolset (3.14.1.8722)
Security: Read-only recommended
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
184
Monitored processes
32
Malicious processes
5
Suspicious processes
1

Behavior graph

Click at the process to see the details
start msiexec.exe msiexec.exe msiexec.exe no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs powershell.exe conhost.exe no specs microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe microsoftedge_x64_143.0.3650.96.exe slui.exe setup.exe setup.exe no specs microsoftedgeupdate.exe launcher.exe msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
144C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{BA4ECE33-55C5-4F57-99E8-83CA2562E2D1}\EDGEMITMP_48D73.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=143.0.7499.147 --annotation=exe=C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{BA4ECE33-55C5-4F57-99E8-83CA2562E2D1}\EDGEMITMP_48D73.tmp\setup.exe --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=143.0.3650.96 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x7ff7b0f74798,0x7ff7b0f747a4,0x7ff7b0f747b0C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{BA4ECE33-55C5-4F57-99E8-83CA2562E2D1}\EDGEMITMP_48D73.tmp\setup.exesetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
143.0.3650.96
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{ba4ece33-55c5-4f57-99e8-83ca2562e2d1}\edgemitmp_48d73.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
424"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.213.7\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.213.7\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.213.7
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.213.7\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
1868"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\143.0.3650.96\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\VynxLauncher\EBWebView" --webview-exe-name=launcher.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-pre-read-main-dll --force-high-res-timeticks=disabled --gpu-preferences=SAAAAAAAAADgAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --startup-read-main-dll --metrics-shmem-handle=1700,i,4998745127491561359,7975763577207061461,262144 --field-trial-handle=1868,i,11793119166157009382,7604103232743542166,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --trace-process-track-uuid=3190708988185955192 --mojo-platform-channel-handle=1864 /prefetch:2C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\143.0.3650.96\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
143.0.3650.96
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\143.0.3650.96\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\143.0.3650.96\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
2228"C:\Program Files\Vynx Launcher\launcher.exe"C:\Program Files\Vynx Launcher\launcher.exe
msiexec.exe
User:
admin
Company:
VynxLauncher
Integrity Level:
MEDIUM
Description:
Vynx Launcher
Version:
0.1.0
Modules
Images
c:\program files\vynx launcher\launcher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2460\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSrTasks.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2480"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\143.0.3650.96\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\VynxLauncher\EBWebView" --webview-exe-name=launcher.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --dma-cps-flags=0 --force-high-res-timeticks=disabled --autoplay-policy=no-user-gesture-required --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--expose-gc --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=5 --ram-no-pressure-read-main-dll --metrics-shmem-handle=3244,i,4573630151213161978,1495179331903493940,2097152 --field-trial-handle=1868,i,11793119166157009382,7604103232743542166,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --trace-process-track-uuid=3190708990997080739 --mojo-platform-channel-handle=3344 /prefetch:1C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\143.0.3650.96\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
143.0.3650.96
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\143.0.3650.96\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\143.0.3650.96\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
2864"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserverC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.213.7
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
3040"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\143.0.3650.96\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=launcher.exe --webview-exe-version=0.1.0 --user-data-dir="C:\Users\admin\AppData\Local\VynxLauncher\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --lang=en-US --mojo-named-platform-channel-pipe=2228.1232.12097726211411934872C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\143.0.3650.96\msedgewebview2.exe
launcher.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
143.0.3650.96
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\143.0.3650.96\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\143.0.3650.96\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\version.dll
3352"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{BA4ECE33-55C5-4F57-99E8-83CA2562E2D1}\EDGEMITMP_48D73.tmp\setup.exe" --install-archive="C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{BA4ECE33-55C5-4F57-99E8-83CA2562E2D1}\MicrosoftEdge_X64_143.0.3650.96.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --user-levelC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{BA4ECE33-55C5-4F57-99E8-83CA2562E2D1}\EDGEMITMP_48D73.tmp\setup.exe
MicrosoftEdge_X64_143.0.3650.96.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
143.0.3650.96
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{ba4ece33-55c5-4f57-99e8-83ca2562e2d1}\edgemitmp_48d73.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
3656"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=false" /installsource otherinstallcmd /sessionid "{32655993-F206-4B12-89C9-4FBB1BF37488}" /silentC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.213.7
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
Total events
22 439
Read events
20 496
Write events
1 867
Delete events
76

Modification events

(PID) Process:(7716) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
4800000000000000DDDB7AB7F171DC01241E0000A01E0000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7716) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
4800000000000000DDDB7AB7F171DC01241E0000A01E0000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7716) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
48000000000000003DA6E3B7F171DC01241E0000A01E0000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7716) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:writeName:LastIndex
Value:
15
(PID) Process:(7716) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\VssapiPublisher
Operation:writeName:IDENTIFY (Enter)
Value:
48000000000000003BA502B8F171DC01241E0000081F0000E803000001000000000000000000000024538A43D8066D4B856947E2995F152900000000000000000000000000000000
(PID) Process:(7856) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\COM+ REGDB Writer
Operation:writeName:IDENTIFY (Leave)
Value:
480000000000000077B715B8F171DC01B01E0000281F0000E80300000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7856) VSSVC.exeKey:HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\11000001
Operation:delete keyName:(default)
Value:
(PID) Process:(7856) VSSVC.exeKey:HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\11000001
Operation:writeName:Element
Value:
0000000000000000000000000000000006000000000000004800000000000000715E5C2FA985EB1190A89A9B763584210000000000000000745E5C2FA985EB1190A89A9B7635842100000000000000000000000000000000
(PID) Process:(7856) VSSVC.exeKey:HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\12000002
Operation:delete keyName:(default)
Value:
(PID) Process:(7856) VSSVC.exeKey:HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\12000002
Operation:writeName:Element
Value:
\EFI\Microsoft\Boot\bootmgfw.efi
Executable files
209
Suspicious files
116
Text files
98
Unknown types
0

Dropped files

PID
Process
Filename
Type
7716msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
7716msiexec.exeC:\Windows\Installer\10232a.msi
MD5:
SHA256:
7716msiexec.exeC:\Windows\Installer\10232c.msi
MD5:
SHA256:
7716msiexec.exeC:\System Volume Information\SPP\OnlineMetadataCache\{438a5324-06d8-4b6d-8569-47e2995f1529}_OnDiskSnapshotPropbinary
MD5:B770C733920F41A39B7E1356C51B13FB
SHA256:AE467CBE5FC4166169C1F9DB97E1E6E6F54E5884460D25DB76A29B9D81BB80E8
7716msiexec.exeC:\Windows\Temp\~DF241E1022B4A24B65.TMPbinary
MD5:BF619EAC0CDF3F68D496EA9344137E8B
SHA256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
7716msiexec.exeC:\Program Files\Vynx Launcher\launcher.exeexecutable
MD5:A56DE5827AF54F7BBAB9C9B2EA0BAB46
SHA256:A1AAD851ADFE70C6A1ECD418381194E20D8F30524FD2458FD0FDB354C5908B50
7716msiexec.exeC:\Program Files\Vynx Launcher\Uninstall Vynx Launcher.lnkbinary
MD5:8583A543A57358F9DA9D5A2B08E721FF
SHA256:CDA38351910264B83418BCA4AB14AB163AC711B507EB69368B39E1B74BAC4494
7716msiexec.exeC:\Windows\Installer\inprogressinstallinfo.ipibinary
MD5:2B13357BFE9825CBAA4B6E14A32E5D46
SHA256:68CEF1CF3D491D134A11F6B8E0DFB326BA77C262ADBB82439F2D8F62C2AC1BD2
7716msiexec.exeC:\System Volume Information\SPP\snapshot-2binary
MD5:B770C733920F41A39B7E1356C51B13FB
SHA256:AE467CBE5FC4166169C1F9DB97E1E6E6F54E5884460D25DB76A29B9D81BB80E8
7584msiexec.exeC:\Users\admin\AppData\Local\Temp\MSIED54.tmpexecutable
MD5:CFBB8568BD3711A97E6124C56FCFA8D9
SHA256:7F47D98AB25CFEA9B3A2E898C3376CC9BA1CD893B4948B0C27CAA530FD0E34CC
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
50
TCP/UDP connections
57
DNS requests
37
Threats
6

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6768
MoUsoCoreWorker.exe
GET
304
4.231.128.59:443
https://settings-win.data.microsoft.com/settings/v3.0/OneSettings/Client?OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&LocalDeviceID=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&AttrDataVer=186&OSUILocale=en-US&OSSkuId=48&App=WOSC&AppVer=&IsFlightingEnabled=0&TelemetryLevel=1&DeviceFamily=Windows.Desktop
US
whitelisted
7188
powershell.exe
GET
301
23.52.181.141:443
https://go.microsoft.com/fwlink/p/?LinkId=2124703
US
whitelisted
7188
powershell.exe
GET
200
199.232.210.172:443
https://msedge.sf.dl.delivery.mp.microsoft.com/filestreamingservice/files/0c61cd84-5aba-452f-a4da-0b3680446041/MicrosoftEdgeWebview2Setup.exe
US
executable
128 Kb
whitelisted
6188
svchost.exe
GET
200
172.66.2.5:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
binary
471 b
whitelisted
6188
svchost.exe
POST
200
20.190.159.68:443
https://login.live.com/RST2.srf
US
xml
11.1 Kb
whitelisted
3520
svchost.exe
GET
200
23.216.77.8:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
3520
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
7444
svchost.exe
POST
403
23.52.181.141:443
https://go.microsoft.com/fwlink/?LinkID=2257403&clcid=0x409
US
html
386 b
whitelisted
7444
svchost.exe
POST
403
23.52.181.141:443
https://go.microsoft.com/fwlink/?LinkID=2257403&clcid=0x409
US
html
386 b
whitelisted
7444
svchost.exe
POST
403
23.52.181.141:443
https://go.microsoft.com/fwlink/?LinkID=2257403&clcid=0x409
US
html
386 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3520
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
6768
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3176
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
3412
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6188
svchost.exe
20.190.159.68:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6188
svchost.exe
172.66.2.5:80
ocsp.digicert.com
CLOUDFLARENET
US
whitelisted
3520
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3520
svchost.exe
23.216.77.8:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
google.com
  • 142.250.184.238
whitelisted
client.wns.windows.com
  • 172.211.123.250
  • 172.211.123.249
whitelisted
login.live.com
  • 20.190.159.68
  • 20.190.159.131
  • 20.190.159.128
  • 40.126.31.73
  • 40.126.31.128
  • 20.190.159.64
  • 20.190.159.130
  • 20.190.159.73
whitelisted
ocsp.digicert.com
  • 172.66.2.5
  • 162.159.142.9
whitelisted
crl.microsoft.com
  • 23.216.77.8
  • 23.216.77.25
  • 23.216.77.30
  • 23.216.77.36
  • 23.216.77.22
  • 23.216.77.6
  • 23.216.77.42
  • 23.216.77.20
  • 23.216.77.28
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted
go.microsoft.com
  • 23.52.181.141
whitelisted
msedge.sf.dl.delivery.mp.microsoft.com
  • 199.232.210.172
  • 199.232.214.172
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted

Threats

PID
Process
Class
Message
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
Not Suspicious Traffic
ET INFO Windows Powershell User-Agent Usage
Misc activity
ET INFO Request for EXE via Powershell
Not Suspicious Traffic
ET INFO Windows Powershell User-Agent Usage
Misc activity
ET INFO Packed Executable Download
5304
svchost.exe
Misc activity
ET INFO Packed Executable Download
Process
Message
msedgewebview2.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Local\VynxLauncher directory exists )
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Vynx Launcher_1.0.0_x64_en-US.msi