File name:

Modrinth App_0.10.24_x64-setup.exe

Full analysis: https://app.any.run/tasks/f4cc3559-cf16-4092-ad87-44e3cb2a7693
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: February 22, 2026, 19:51:19
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

3AF5542ABB9C5FA03F0949FABA9DC3E4

SHA1:

2774F2F7A7BC3945F79E0E6F5F2D03A627263F13

SHA256:

476522CBD9B31C55C4E69448AFED59C0F300C7307232AC1639B8EFB1BEE93C49

SSDEEP:

98304:rJ884VnEunT/jHCx8vIqfM2ADoD6Yd77F/SAQARw8iji5HlsmPibjiwSW7Go0CDf:rqrz8DEKsT7h90/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 7360)

    • Potential DLL hijacking behavior detected

      • msedgewebview2.exe (PID: 8492)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • MicrosoftEdgeWebview2Setup.exe (PID: 8708)
      • MicrosoftEdgeUpdate.exe (PID: 7360)
      • Modrinth App_0.10.24_x64-setup.exe (PID: 7832)
      • MicrosoftEdge_X64_145.0.3800.70.exe (PID: 552)
      • setup.exe (PID: 8260)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeUpdate.exe (PID: 7360)
      • MicrosoftEdgeWebview2Setup.exe (PID: 8708)

    • The process creates files with name similar to system file names

      • Modrinth App_0.10.24_x64-setup.exe (PID: 7832)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Modrinth App_0.10.24_x64-setup.exe (PID: 7832)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 7360)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8572)
      • MicrosoftEdgeUpdate.exe (PID: 2248)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5636)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4144)

    • Application launched itself

      • setup.exe (PID: 8260)
      • MicrosoftEdgeUpdate.exe (PID: 6756)
      • msedgewebview2.exe (PID: 1824)

    • Searches for installed software

      • setup.exe (PID: 8260)
      • Modrinth App_0.10.24_x64-setup.exe (PID: 7832)

  • INFO

    • The sample compiled with english language support

      • Modrinth App_0.10.24_x64-setup.exe (PID: 7832)
      • MicrosoftEdgeWebview2Setup.exe (PID: 8708)
      • MicrosoftEdgeUpdate.exe (PID: 7360)
      • MicrosoftEdge_X64_145.0.3800.70.exe (PID: 552)
      • setup.exe (PID: 8260)

    • Create files in a temporary directory

      • MicrosoftEdgeWebview2Setup.exe (PID: 8708)
      • Modrinth App_0.10.24_x64-setup.exe (PID: 7832)
      • msedgewebview2.exe (PID: 1824)

    • Checks supported languages

      • MicrosoftEdgeUpdate.exe (PID: 7360)
      • Modrinth App_0.10.24_x64-setup.exe (PID: 7832)
      • MicrosoftEdgeUpdate.exe (PID: 2248)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8572)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5636)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4144)
      • MicrosoftEdgeUpdate.exe (PID: 7844)
      • MicrosoftEdgeUpdate.exe (PID: 3244)
      • MicrosoftEdgeUpdate.exe (PID: 6756)
      • MicrosoftEdge_X64_145.0.3800.70.exe (PID: 552)
      • setup.exe (PID: 8260)
      • setup.exe (PID: 5216)
      • MicrosoftEdgeUpdate.exe (PID: 4728)
      • Modrinth App.exe (PID: 7932)
      • msedgewebview2.exe (PID: 1824)
      • msedgewebview2.exe (PID: 1428)
      • msedgewebview2.exe (PID: 8492)
      • msedgewebview2.exe (PID: 4644)
      • msedgewebview2.exe (PID: 6728)
      • msedgewebview2.exe (PID: 8392)
      • MicrosoftEdgeWebview2Setup.exe (PID: 8708)
      • msedgewebview2.exe (PID: 3352)

    • Reads the computer name

      • MicrosoftEdgeUpdate.exe (PID: 7360)
      • MicrosoftEdgeUpdate.exe (PID: 2248)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8572)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5636)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4144)
      • MicrosoftEdgeUpdate.exe (PID: 7844)
      • MicrosoftEdgeUpdate.exe (PID: 3244)
      • MicrosoftEdgeUpdate.exe (PID: 6756)
      • MicrosoftEdge_X64_145.0.3800.70.exe (PID: 552)
      • setup.exe (PID: 8260)
      • MicrosoftEdgeUpdate.exe (PID: 4728)
      • Modrinth App.exe (PID: 7932)
      • msedgewebview2.exe (PID: 1824)
      • msedgewebview2.exe (PID: 8492)
      • msedgewebview2.exe (PID: 4644)
      • Modrinth App_0.10.24_x64-setup.exe (PID: 7832)

    • Creates files or folders in the user directory

      • MicrosoftEdgeUpdate.exe (PID: 7360)
      • MicrosoftEdgeUpdate.exe (PID: 6756)
      • MicrosoftEdge_X64_145.0.3800.70.exe (PID: 552)
      • setup.exe (PID: 5216)
      • setup.exe (PID: 8260)
      • Modrinth App_0.10.24_x64-setup.exe (PID: 7832)
      • Modrinth App.exe (PID: 7932)
      • msedgewebview2.exe (PID: 1824)
      • msedgewebview2.exe (PID: 1428)
      • msedgewebview2.exe (PID: 4644)

    • Launching a file from a Registry key

      • MicrosoftEdgeUpdate.exe (PID: 7360)

    • Checks proxy server information

      • MicrosoftEdgeUpdate.exe (PID: 7844)
      • MicrosoftEdgeUpdate.exe (PID: 6756)
      • MicrosoftEdgeUpdate.exe (PID: 4728)
      • Modrinth App_0.10.24_x64-setup.exe (PID: 7832)
      • msedgewebview2.exe (PID: 1824)
      • slui.exe (PID: 3700)
      • Modrinth App.exe (PID: 7932)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 7360)
      • setup.exe (PID: 8260)
      • msedgewebview2.exe (PID: 1824)
      • msedgewebview2.exe (PID: 6728)
      • msedgewebview2.exe (PID: 3352)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 7844)
      • MicrosoftEdgeUpdate.exe (PID: 4728)
      • Modrinth App.exe (PID: 7932)
      • msedgewebview2.exe (PID: 1824)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 7360)
      • MicrosoftEdgeUpdate.exe (PID: 6756)
      • msedgewebview2.exe (PID: 1824)

    • Reads the machine GUID from the registry

      • MicrosoftEdgeUpdate.exe (PID: 6756)
      • msedgewebview2.exe (PID: 1824)

    • Drops script file

      • setup.exe (PID: 8260)

    • Creates a software uninstall entry

      • setup.exe (PID: 8260)
      • Modrinth App_0.10.24_x64-setup.exe (PID: 7832)

    • Reads product name

      • Modrinth App.exe (PID: 7932)

    • Manual execution by a user

      • Modrinth App.exe (PID: 7932)

    • There is functionality for taking screenshot (YARA)

      • Modrinth App_0.10.24_x64-setup.exe (PID: 7832)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:09:25 21:56:47+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x3640
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 0.10.24.0
ProductVersionNumber: 0.10.24.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: Modrinth App
FileVersion: 0.10.24
LegalCopyright: -
ProductName: Modrinth App
ProductVersion: 0.10.24
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
173
Monitored processes
23
Malicious processes
4
Suspicious processes
1

Behavior graph

Click at the process to see the details
start modrinth app_0.10.24_x64-setup.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe microsoftedge_x64_145.0.3800.70.exe setup.exe setup.exe no specs slui.exe microsoftedgeupdate.exe modrinth app.exe msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
552"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{9F8262F6-573B-44F1-A739-92FA6D95E1E1}\MicrosoftEdge_X64_145.0.3800.70.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --user-levelC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{9F8262F6-573B-44F1-A739-92FA6D95E1E1}\MicrosoftEdge_X64_145.0.3800.70.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
145.0.3800.70
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{9f8262f6-573b-44f1-a739-92fa6d95e1e1}\microsoftedge_x64_145.0.3800.70.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1428C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.70\msedgewebview2.exe --type=crashpad-handler --user-data-dir=C:\Users\admin\AppData\Local\ModrinthApp\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\admin\AppData\Local\ModrinthApp\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=145.0.7632.110 --annotation=exe=C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.70\msedgewebview2.exe --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=145.0.3800.70 --initial-client-data=0x1a0,0x1a4,0x1a8,0x17c,0x1b0,0x7ffd707a0f18,0x7ffd707a0f24,0x7ffd707a0f30C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.70\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
145.0.3800.70
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.70\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.70\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
1824"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.70\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name="Modrinth App.exe" --webview-exe-version=0.10.24 --user-data-dir="C:\Users\admin\AppData\Local\ModrinthApp\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --lang=en-US --mojo-named-platform-channel-pipe=7932.6792.2020600396639337373C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.70\msedgewebview2.exe
Modrinth App.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
145.0.3800.70
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.70\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.70\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
2248"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserverC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.221.3
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
3244"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=false" /installsource otherinstallcmd /sessionid "{DD69808F-BD91-4020-BE88-EE11592E12E1}" /silentC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.221.3
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
3352"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.70\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\ModrinthApp\EBWebView" --webview-exe-name="Modrinth App.exe" --webview-exe-version=0.10.24 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--expose-gc --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=6 --skip-read-main-dll --metrics-shmem-handle=4440,i,48881006356216620,5344812997096087857,2097152 --field-trial-handle=1904,i,15008277880526024654,17311221081583792983,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --trace-process-track-uuid=3190708991934122588 --mojo-platform-channel-handle=4436 /prefetch:1C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.70\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
145.0.3800.70
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.70\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.70\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
3700C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
4144"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.221.3\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.221.3\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.221.3
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.221.3\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
4644"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.70\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\ModrinthApp\EBWebView" --webview-exe-name="Modrinth App.exe" --webview-exe-version=0.10.24 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --startup-read-main-dll --metrics-shmem-handle=2176,i,6298775921955228694,12356332525210190127,524288 --field-trial-handle=1904,i,15008277880526024654,17311221081583792983,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --trace-process-track-uuid=3190708989122997041 --mojo-platform-channel-handle=2184 /prefetch:3C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.70\msedgewebview2.exe
msedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
145.0.3800.70
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.70\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.70\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
4728"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4yMjEuMyIgc2hlbGxfdmVyc2lvbj0iMS4zLjIyMS4zIiBpc21hY2hpbmU9IjAiIHNlc3Npb25pZD0ie0RENjk4MDhGLUJEOTEtNDAyMC1CRTg4LUVFMTE1OTJFMTJFMX0iIHVzZXJpZD0iezE1NDVDMjI1LUU0NUQtNEYxOC1BQ0RCLTNBQ0VGQzlCNzAyMX0iIGluc3RhbGxzb3VyY2U9Im90aGVyaW5zdGFsbGNtZCIgcmVxdWVzdGlkPSJ7QUMwRjE2RTItRDZBOS00RjVELUJCQUUtNThBNTFBQjMzQjlGfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjYiIHBoeXNtZW1vcnk9IjYiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS40MDQ2IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRFTEwiIHByb2R1Y3RfbmFtZT0iREVMTCIvPjxleHAgZXRhZz0iJnF1b3Q7K1pGQWozU09JSTVCSnpvR3V6OE9wcjBoWjhIL3JEenFiL1FWcjNQWWg0ST0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTQ1LjAuMzgwMC43MCIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyMDA2NjIwMzkwNSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIwMDY2MzYwMTQ2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjAyNzA5MzAwNzkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzM3OGMwNDJmLThkZGYtNGFiZS1hNmU2LTUwMmU2OTc3YTIxZD9QMT0xNzcyMzk0NzA1JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUVadXB0JTJiVCUyZm9uU0J1dTM1aWN3TmJScnpnS1R3WE1sMmxzcGd2VlpOVVNCMWluTVE3ZGlSZ0dEN21pd3p6bnY5eXpwU3ZxU3o3UmtlU3FNVW81OXpQZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE4NjUyNjgxNiIgdG90YWw9IjE4NjUyNjgxNiIgZG93bmxvYWRfdGltZV9tcz0iMTc1MTgiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyMDI3MTA4NjI4MCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIwMjg3ODA1MTA2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyMDYyMTU1NDIwNSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9Ijc1MCIgZG93bmxvYWRfdGltZV9tcz0iMjA0NzIiIGRvd25sb2FkZWQ9IjE4NjUyNjgxNiIgdG90YWw9IjE4NjUyNjgxNiIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMzMzNzUiLz48L2FwcD48L3JlcXVlc3Q-C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.221.3
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
Total events
15 083
Read events
13 265
Write events
1 750
Delete events
68

Modification events

(PID) Process:(7360) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(7360) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:edgeupdate_task_name_ua
Value:
MicrosoftEdgeUpdateTaskUserS-1-5-21-1693682860-607145093-2874071422-1001UA{1CC57206-F91D-4B6F-B48B-CF2228F93F66}
(PID) Process:(8572) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(8572) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(8572) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{72808691-AF2A-4539-8B4A-3CDBA21C32F9}\InprocHandler32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(8572) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{BCF99248-58CE-4562-B227-14D1E171B49D}\InProcServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(5636) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32
Operation:delete keyName:(default)
Value:
(PID) Process:(5636) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}
Operation:delete keyName:(default)
Value:
(PID) Process:(5636) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(5636) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32
Operation:delete keyName:(default)
Value:
Executable files
213
Suspicious files
107
Text files
43
Unknown types
41

Dropped files

PID
Process
Filename
Type
7832Modrinth App_0.10.24_x64-setup.exeC:\Users\admin\AppData\Local\Temp\nss52B4.tmp\nsDialogs.dllexecutable
MD5:6C3F8C94D0727894D706940A8A980543
SHA256:56B96ADD1978B1ABBA286F7F8982B0EFBE007D4A48B3DED6A4D408E01D753FE2
8708MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU9383.tmp\msedgeupdate.dllexecutable
MD5:199E86B43574D222A7F31BCAD7128CFD
SHA256:ED5D86ADA7FD09E6477F701C38E1B948F36449BDFDB6E9A3280C27343E211909
8708MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU9383.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeexecutable
MD5:0CEC57005A27B4D312D7293E80897E18
SHA256:6765A0C7A04078611FACD8604A30DC7B9D1F033801ABE0F5D529C8BAA9438F34
8708MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU9383.tmp\MicrosoftEdgeUpdate.exeexecutable
MD5:F85E34009D3CCFE408B8B59584336EB8
SHA256:9205A5B4562CE19BA12B3D79EBB18F24402BDCD9FCE4D0DF23D6B814202A38DD
8708MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU9383.tmp\MicrosoftEdgeUpdateBroker.exeexecutable
MD5:E0802BD529DBF3BE1A5DE571309456E1
SHA256:0BDB48974D355374545F7051F308F3B0EB83C3E95D1A6515F7F93E994B2B9A80
8708MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU9383.tmp\CopilotUpdate.exeexecutable
MD5:F5FAA2CCCEF3E30B5C44F5CBD82E11B9
SHA256:57EAA21AC2C9B078E266E9456DA273C32DD36BD3E69D8F26DFDC070D260253CE
8708MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU9383.tmp\MicrosoftEdgeComRegisterShellARM64.exeexecutable
MD5:AB0CA151D798E72EE2D65B558A7718E2
SHA256:F8BD62F19AC0610C98724F507F07BB5D2CAF94CEA27F26882A5A8A4B8422A51B
8708MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU9383.tmp\psmachine_64.dllexecutable
MD5:74A0929881856AE42BC83058078EB0EA
SHA256:2A66713AB2B5169290CE18833F69DC159A02F36769150FD037CA84BC415E3AE2
8708MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU9383.tmp\psmachine.dllexecutable
MD5:F2BDC60DE8781AE7348DBF89DF872061
SHA256:38A4C88A0E1BB120C32ED8FCC10BABCB1305D951C5F173F7325872B8DCDA15D2
8708MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU9383.tmp\MicrosoftEdgeUpdateOnDemand.exeexecutable
MD5:F2AF6006DDAC988DBD1D84831F05EAF7
SHA256:367F84404016930A181CC40AFEBCF76A823DDED553BBD2D945F0475CCC5FB560
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
36
TCP/UDP connections
93
DNS requests
95
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6768
MoUsoCoreWorker.exe
GET
304
51.124.78.146:443
https://settings-win.data.microsoft.com/settings/v3.0/OneSettings/Client?OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&LocalDeviceID=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&AttrDataVer=186&OSUILocale=en-US&OSSkuId=48&App=WOSC&AppVer=&IsFlightingEnabled=0&TelemetryLevel=1&DeviceFamily=Windows.Desktop
US
whitelisted
2328
svchost.exe
GET
304
51.124.78.146:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/UpdateHealthTools?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3626&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=SedimentPack&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
US
whitelisted
GET
200
162.159.142.9:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAjTxtAB8my1oj8MfWpz%2F7Y%3D
US
binary
314 b
whitelisted
GET
200
204.79.197.203:80
http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ3L3%2F%2Fa6ADK8NraY2GXzVaYrHG4AQUb6t%2B2v%2BXQ3LsO2d33oJhNYhHQoUCEzMAAAAGb6JMMcOVb6sAAAAAAAY%3D
US
binary
959 b
whitelisted
4336
SIHClient.exe
GET
304
74.179.77.204:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
4336
SIHClient.exe
GET
200
74.178.76.54:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
US
whitelisted
4336
SIHClient.exe
GET
200
74.179.77.204:443
https://slscr.update.microsoft.com/sls/ping
US
whitelisted
4336
SIHClient.exe
GET
304
74.179.77.204:443
https://slscr.update.microsoft.com/SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
356
svchost.exe
POST
200
20.190.159.2:443
https://login.live.com/RST2.srf
US
xml
11.1 Kb
whitelisted
356
svchost.exe
POST
200
20.190.159.2:443
https://login.live.com/RST2.srf
US
xml
10.3 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2328
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
5780
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5568
SearchApp.exe
2.16.241.201:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
162.159.142.9:80
ocsp.digicert.com
CLOUDFLARENET
US
whitelisted
204.79.197.203:80
oneocsp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
356
svchost.exe
20.190.159.2:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 4.231.128.59
whitelisted
self.events.data.microsoft.com
  • 52.182.141.63
whitelisted
www.bing.com
  • 2.16.241.201
  • 2.16.241.218
  • 2.16.241.205
whitelisted
th.bing.com
  • 2.16.241.201
  • 2.16.241.205
  • 2.16.241.207
  • 2.16.241.218
whitelisted
ocsp.digicert.com
  • 162.159.142.9
  • 172.66.2.5
whitelisted
oneocsp.microsoft.com
  • 204.79.197.203
whitelisted
google.com
  • 142.251.127.139
  • 142.251.127.102
  • 142.251.127.113
  • 142.251.127.100
  • 142.251.127.101
  • 142.251.127.138
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
login.live.com
  • 20.190.159.2
  • 40.126.31.69
  • 40.126.31.128
  • 40.126.31.71
  • 20.190.159.131
  • 20.190.159.68
  • 40.126.31.129
  • 20.190.159.73
whitelisted
crl.microsoft.com
  • 23.55.110.193
  • 23.55.110.211
  • 2.16.164.120
  • 2.16.164.49
whitelisted

Threats

PID
Process
Class
Message
2328
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
7832
Modrinth App_0.10.24_x64-setup.exe
Misc activity
ET INFO Packed Executable Download
7048
svchost.exe
Misc activity
ET INFO Packed Executable Download
4644
msedgewebview2.exe
Misc activity
ET INFO Free Online Form Builder Domain in DNS Lookup (tally .so)
4644
msedgewebview2.exe
Misc activity
ET INFO Free Online Form Builder Domain in DNS Lookup (tally .so)
Process
Message
msedgewebview2.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Local\ModrinthApp directory exists )
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Modrinth App_0.10.24_x64-setup.exe