File name:

Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exe

Full analysis: https://app.any.run/tasks/ce1669b9-787f-4312-b9aa-ca54c1995f3e
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: May 20, 2026, 04:38:24
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
phishing
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

F99019DC4163361B5A811B69B7733C0E

SHA1:

CCCDA73338B11E3072EC25DB76BBB26008156EF8

SHA256:

BFB34AC535BF58DF6286C50280F9D3E1DCAECF2045556A7178FAC89438FD7552

SSDEEP:

98304:NJ8G7Msq5fa7tEhihvT5i1E4mmhg8jUCeXLJYzH3PYU/UAQ4HL8+u0tI6QBEfLCG:NZXr4BLpVYw4knHF

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • dxwebsetup.exe (PID: 6028)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7688)
      • MicrosoftEdgeUpdate.exe (PID: 5764)
      • MicrosoftEdgeUpdate.exe (PID: 7428)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1312)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3420)
      • MicrosoftEdgeUpdate.exe (PID: 7752)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8036)
      • MicrosoftEdgeUpdate.exe (PID: 2940)
      • MicrosoftEdgeUpdate.exe (PID: 7960)
      • MicrosoftEdge_X64_148.0.3967.70.exe (PID: 2220)

    • PHISHING has been detected (SURICATA)

      • svchost.exe (PID: 2232)

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 5764)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exe (PID: 5768)

    • The process creates files with name similar to system file names

      • Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exe (PID: 5768)

    • Searches for installed software

      • Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exe (PID: 5768)

    • Executable content was dropped or overwritten

      • Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exe (PID: 5768)
      • MicrosoftEdgeUpdate.exe (PID: 5764)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7688)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 7688)
      • dxwebsetup.exe (PID: 6028)
      • MicrosoftEdgeUpdate.exe (PID: 5764)

    • Silent install from TEMP directory

      • Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exe (PID: 5768)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7688)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 5764)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1312)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3420)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8036)
      • MicrosoftEdgeUpdate.exe (PID: 7428)

  • INFO

    • Checks supported languages

      • Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exe (PID: 5768)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7688)
      • MicrosoftEdgeUpdate.exe (PID: 5764)
      • MicrosoftEdgeUpdate.exe (PID: 7428)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1312)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8036)
      • MicrosoftEdgeUpdate.exe (PID: 7752)
      • MicrosoftEdgeUpdate.exe (PID: 2940)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3420)
      • MicrosoftEdgeUpdate.exe (PID: 7960)
      • MicrosoftEdge_X64_148.0.3967.70.exe (PID: 2220)

    • The sample compiled with english language support

      • Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exe (PID: 5768)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7688)
      • MicrosoftEdgeUpdate.exe (PID: 5764)

    • Reads the computer name

      • Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exe (PID: 5768)
      • MicrosoftEdgeUpdate.exe (PID: 5764)
      • MicrosoftEdgeUpdate.exe (PID: 7428)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1312)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3420)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8036)
      • MicrosoftEdgeUpdate.exe (PID: 7752)
      • MicrosoftEdgeUpdate.exe (PID: 2940)
      • MicrosoftEdge_X64_148.0.3967.70.exe (PID: 2220)
      • MicrosoftEdgeUpdate.exe (PID: 7960)

    • There is functionality for taking screenshot (YARA)

      • Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exe (PID: 5768)

    • Create files in a temporary directory

      • Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exe (PID: 5768)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7688)
      • MicrosoftEdgeUpdate.exe (PID: 5764)

    • Reads security settings of Internet Explorer

      • Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exe (PID: 5768)
      • MicrosoftEdgeUpdate.exe (PID: 5764)
      • MicrosoftEdgeUpdate.exe (PID: 7960)

    • Reads the machine GUID from the registry

      • Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exe (PID: 5768)
      • MicrosoftEdgeUpdate.exe (PID: 7960)

    • Creates files or folders in the user directory

      • Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exe (PID: 5768)
      • MicrosoftEdgeUpdate.exe (PID: 5764)
      • MicrosoftEdgeUpdate.exe (PID: 7960)
      • MicrosoftEdge_X64_148.0.3967.70.exe (PID: 2220)

    • Launching a file from a Registry key

      • MicrosoftEdgeUpdate.exe (PID: 5764)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 7752)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 5764)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:09:25 21:56:47+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x3640
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.2.0.0
ProductVersionNumber: 1.2.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: Metaverse Launcher Preboarding_VTB
FileVersion: 1.2.0
LegalCopyright: -
ProductName: Metaverse Launcher Preboarding_VTB
ProductVersion: 1.2.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
148
Monitored processes
14
Malicious processes
6
Suspicious processes
7

Behavior graph

Click at the process to see the details
start metaverse launcher preboarding_vtb_1.2.0_x64-setup.exe slui.exe no specs dxwebsetup.exe no specs microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe microsoftedge_x64_148.0.3967.70.exe no specs #PHISHING svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
1312"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.233.3\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.233.3\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.233.3
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.233.3\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
2220"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{3027C5D1-3A47-4E2E-864D-F56EC4F3FFC1}\MicrosoftEdge_X64_148.0.3967.70.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --user-levelC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{3027C5D1-3A47-4E2E-864D-F56EC4F3FFC1}\MicrosoftEdge_X64_148.0.3967.70.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Version:
148.0.3967.70
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{3027c5d1-3a47-4e2e-864d-f56ec4f3ffc1}\microsoftedge_x64_148.0.3967.70.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2232C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2940"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=false" /installsource otherinstallcmd /sessionid "{63E4463F-F0D7-4D1E-9FE1-E6BEA51901EE}" /silentC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Version:
1.3.233.3
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
3420"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.233.3\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.233.3\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.233.3
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.233.3\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
5764C:\Users\admin\AppData\Local\Temp\EU9A19.tmp\MicrosoftEdgeUpdate.exe /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"C:\Users\admin\AppData\Local\Temp\EU9A19.tmp\MicrosoftEdgeUpdate.exe
MicrosoftEdgeWebview2Setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Version:
1.3.233.3
Modules
Images
c:\users\admin\appdata\local\temp\eu9a19.tmp\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
5768"C:\Users\admin\AppData\Local\Temp\Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exe" C:\Users\admin\AppData\Local\Temp\Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Metaverse Launcher Preboarding_VTB
Version:
1.2.0
Modules
Images
c:\users\admin\appdata\local\temp\metaverse launcher preboarding_vtb_1.2.0_x64-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
6028"C:\Users\admin\AppData\Local\Temp\launcher-prereqs\dxwebsetup.exe" /QC:\Users\admin\AppData\Local\Temp\launcher-prereqs\dxwebsetup.exeMetaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
DirectX 9.0 Web setup
Exit code:
3221226540
Version:
9.29.1974.0
Modules
Images
c:\users\admin\appdata\local\temp\launcher-prereqs\dxwebsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
7428"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserverC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.233.3
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
7688C:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe /silent /installC:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update Setup
Version:
1.3.233.3
Modules
Images
c:\users\admin\appdata\local\temp\microsoftedgewebview2setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
Total events
6 981
Read events
6 362
Write events
572
Delete events
47

Modification events

(PID) Process:(7800) slui.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\3d\52C64B7E
Operation:writeName:@%SystemRoot%\System32\sppcomapi.dll,-3200
Value:
Software Licensing
(PID) Process:(5768) Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(5768) Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(5768) Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(5764) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(5764) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:edgeupdate_task_name_ua
Value:
MicrosoftEdgeUpdateTaskUserS-1-5-21-1693682860-607145093-2874071422-1001UA{E5D8C935-4567-4B02-85FD-07C8039D7B97}
(PID) Process:(1312) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(1312) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(1312) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{00B00693-C379-4B00-828E-85A42646CC3A}\InprocHandler32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(1312) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{0982FB18-B2DC-43DF-9DA3-A54C41F699EA}\InProcServer32
Operation:writeName:ThreadingModel
Value:
Both
Executable files
211
Suspicious files
7
Text files
5
Unknown types
0

Dropped files

PID
Process
Filename
Type
5768Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exeC:\Users\admin\AppData\Local\Temp\nsfFBE7.tmp\modern-header.bmpimage
MD5:90AC40672E03165D856B5BDCFE716D5D
SHA256:1811AEF4848167867837186420863E41077BD49D0A77FFFAE2194381229D8728
5768Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exeC:\Users\admin\AppData\Local\Temp\nsfFBE7.tmp\System.dllexecutable
MD5:CFF85C549D536F651D4FB8387F1976F2
SHA256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
5768Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exeC:\Users\admin\AppData\Local\Temp\nsfFBE7.tmp\modern-wizard.bmpimage
MD5:31A91A986A760311BB1D4F96644E93AD
SHA256:A064CFB064DECD5A6D0EF862E4718C9F83DF5C69A137DAF75C0EDDD1D662841D
5768Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\439F613B3D55693954E1B080DE3085B4_34E5860FFE20BE5B0BFD962D5C01ADB7binary
MD5:97591553A84868639F8ADB8FA35FEA63
SHA256:6E8374D2BC30552B9447C0AC3E6DE821345B3EE489ED0FA6676CCBFC72C0AD7C
5768Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exeC:\Users\admin\AppData\Local\Temp\nsfFBE7.tmp\NSISdl.dllexecutable
MD5:EE68463FED225C5C98D800BDBD205598
SHA256:419485A096BC7D95F872ED1B9B7B5C537231183D710363BEEE4D235BB79DBE04
7688MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU9A19.tmp\MicrosoftEdgeUpdateBroker.exeexecutable
MD5:EBC76EBA204AEB0355D3A390FAB0B771
SHA256:40C22971750E0AE8FF9CB563AB6827DF799ED03308AF3067B996C1278A9A1CFB
7688MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU9A19.tmp\MicrosoftEdgeUpdate.exeexecutable
MD5:7A87637CC4D114EA49A30323FEB799F1
SHA256:A8FFAB0B134E177655DD255F9B05296BB5CA7C40C5C1A2157DB81FC68B350FFD
7688MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU9A19.tmp\CopilotUpdate.exeexecutable
MD5:1406C7F9C207356AEDBD240615DF1683
SHA256:0C03D62ED2866A4E5ED96DD00DE03B2910C5468D4C1A006C05E9ECBD72DE657B
7688MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU9A19.tmp\msedgeupdate.dllexecutable
MD5:E747832AEA740BD6C91005B535988D1A
SHA256:55D5EF2974CED0FD55437597118BDED0B853C40BFECBEFA749625103045D9A08
7688MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU9A19.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeexecutable
MD5:0320D105DBB1A068F800348DC15BF66F
SHA256:DDC661B958061D92DE9CCEF0988F0A724F066ADDBA8AECAA04F9FE489724505E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
35
TCP/UDP connections
29
DNS requests
25
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5276
MoUsoCoreWorker.exe
GET
304
48.209.133.15:443
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3094&FlightIds=&UpdateOfferedDays=4294967295&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&sku=48&ActivationChannel=Retail&AttrDataVer=186&IsMDMEnrolled=0&ProcessorCores=6&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&TotalPhysicalRAM=6144&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260281&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&UpdateServiceUrl=http%3A%2F%2Fneverupdatewindows10.com&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30
US
whitelisted
4312
SIHClient.exe
GET
304
135.233.95.144:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
4312
SIHClient.exe
GET
200
20.165.94.54:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
US
whitelisted
4312
SIHClient.exe
GET
200
135.233.95.144:443
https://slscr.update.microsoft.com/sls/ping
US
whitelisted
4312
SIHClient.exe
GET
304
135.233.95.144:443
https://slscr.update.microsoft.com/SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
5768
Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exe
GET
200
104.18.21.226:80
http://ocsp.globalsign.com/gsgccr6alphasslca2025/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTh7ASY0K%2BiXDlA%2FhD1Sl7HZw6%2FPAQUxbSTj28r3B5Iv7cQMIXO0bK7SC0CDGUckgKTuOQsvMKeEQ%3D%3D
US
binary
1.40 Kb
whitelisted
5768
Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exe
GET
200
87.249.33.16:443
https://0e871f5c-82d4-414c-a22d-2de4815b5a79.selstorage.ru/prerequisites/dxwebsetup.exe
RU
executable
288 Kb
unknown
7984
svchost.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
7984
svchost.exe
GET
304
48.209.133.15:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/UpdateHealthTools?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3626&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=SedimentPack&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
US
whitelisted
5316
svchost.exe
POST
400
40.126.32.136:443
https://login.live.com/ppsecure/deviceaddcredential.srf
US
text
204 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
7984
svchost.exe
48.209.138.168:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5276
MoUsoCoreWorker.exe
48.209.138.168:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
8124
slui.exe
128.24.231.64:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
7984
svchost.exe
2.16.164.49:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
7984
svchost.exe
23.52.181.212:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
3428
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5276
MoUsoCoreWorker.exe
48.209.133.15:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5316
svchost.exe
40.126.32.136:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 48.209.138.168
  • 48.209.133.15
whitelisted
activation-v2.sls.microsoft.com
  • 128.24.231.64
whitelisted
google.com
  • 142.251.127.138
  • 142.251.127.139
  • 142.251.127.100
  • 142.251.127.113
  • 142.251.127.101
  • 142.251.127.102
whitelisted
crl.microsoft.com
  • 2.16.164.49
  • 2.16.164.72
whitelisted
www.microsoft.com
  • 23.52.181.212
  • 88.221.169.152
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
login.live.com
  • 40.126.32.136
  • 20.190.160.128
  • 40.126.32.140
  • 40.126.32.133
  • 20.190.160.22
  • 20.190.160.130
  • 20.190.160.131
  • 20.190.160.64
whitelisted
ocsp.digicert.com
  • 23.11.40.157
whitelisted
slscr.update.microsoft.com
  • 135.233.95.144
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.165.94.54
whitelisted

Threats

PID
Process
Class
Message
7984
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
2232
svchost.exe
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Phishing Domain (selstorage .ru)
5768
Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exe
Potentially Bad Traffic
SUSPICIOUS [ANY.RUN] NSIS INetC plugin User-Agent observed in HTTP request
5768
Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exe
Misc activity
ET INFO Packed Executable Download
5748
svchost.exe
Misc activity
ET INFO Packed Executable Download
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Metaverse Launcher Preboarding_VTB_1.2.0_x64-setup.exe