File name:

ModrinthApp_0.9.5_x64-setup.exe

Full analysis: https://app.any.run/tasks/31798797-20d5-4e31-beab-634ec115d094
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: May 08, 2025, 23:45:20
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

535524AE9DC2DABCAA03141F71E8D4CA

SHA1:

D0B76E5D13E6049F447FC889184EEAB86490564E

SHA256:

8F50EDEBEE5F0EA94C4F3566D001379BA113F71DC5B334AE941395D1A7E98BEF

SSDEEP:

98304:XJ8JBiY6vK7feQG7LnvZZfo3Fpj1UqlQEG1wu/ErMTkcBeGFBHI1sHDZsWRo3C/3:XekYer6MKG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • ModrinthApp_0.9.5_x64-setup.exe (PID: 7036)

    • The process creates files with name similar to system file names

      • ModrinthApp_0.9.5_x64-setup.exe (PID: 7036)

    • Searches for installed software

      • ModrinthApp_0.9.5_x64-setup.exe (PID: 7036)

    • Executable content was dropped or overwritten

      • ModrinthApp_0.9.5_x64-setup.exe (PID: 7036)
      • MicrosoftEdgeWebview2Setup.exe (PID: 3884)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 3884)
      • MicrosoftEdgeUpdate.exe (PID: 4560)

    • Process requests binary or script from the Internet

      • ModrinthApp_0.9.5_x64-setup.exe (PID: 7036)

    • Process drops legitimate windows executable

      • ModrinthApp_0.9.5_x64-setup.exe (PID: 7036)
      • MicrosoftEdgeWebview2Setup.exe (PID: 3884)
      • MicrosoftEdgeUpdate.exe (PID: 4560)

    • Disables SEHOP

      • MicrosoftEdgeUpdate.exe (PID: 4560)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 4560)

    • There is functionality for taking screenshot (YARA)

      • ModrinthApp_0.9.5_x64-setup.exe (PID: 7036)

  • INFO

    • Checks supported languages

      • ModrinthApp_0.9.5_x64-setup.exe (PID: 7036)
      • MicrosoftEdgeWebview2Setup.exe (PID: 3884)
      • MicrosoftEdgeUpdate.exe (PID: 4560)

    • The sample compiled with english language support

      • ModrinthApp_0.9.5_x64-setup.exe (PID: 7036)
      • MicrosoftEdgeUpdate.exe (PID: 4560)
      • MicrosoftEdgeWebview2Setup.exe (PID: 3884)

    • Create files in a temporary directory

      • ModrinthApp_0.9.5_x64-setup.exe (PID: 7036)

    • Reads the computer name

      • ModrinthApp_0.9.5_x64-setup.exe (PID: 7036)
      • MicrosoftEdgeUpdate.exe (PID: 4560)

    • Checks proxy server information

      • ModrinthApp_0.9.5_x64-setup.exe (PID: 7036)
      • MicrosoftEdgeUpdate.exe (PID: 4560)
      • wermgr.exe (PID: 5164)
      • slui.exe (PID: 6032)

    • Creates files in the program directory

      • MicrosoftEdgeWebview2Setup.exe (PID: 3884)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 4560)

    • Reads the software policy settings

      • MicrosoftEdgeUpdate.exe (PID: 4560)
      • wermgr.exe (PID: 5164)
      • slui.exe (PID: 6032)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 4560)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:09:25 21:56:47+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x3640
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 0.9.5.0
ProductVersionNumber: 0.9.5.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: Modrinth App
FileVersion: 0.9.5
LegalCopyright: -
ProductName: Modrinth App
ProductVersion: 0.9.5
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
133
Monitored processes
6
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start modrinthapp_0.9.5_x64-setup.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe wermgr.exe slui.exe modrinthapp_0.9.5_x64-setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1324"C:\Users\admin\Desktop\ModrinthApp_0.9.5_x64-setup.exe" C:\Users\admin\Desktop\ModrinthApp_0.9.5_x64-setup.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Modrinth App
Exit code:
3221226540
Version:
0.9.5
Modules
Images
c:\users\admin\desktop\modrinthapp_0.9.5_x64-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
3884C:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe /silent /installC:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
ModrinthApp_0.9.5_x64-setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update Setup
Exit code:
2147747592
Version:
1.3.195.57
Modules
Images
c:\users\admin\appdata\local\temp\microsoftedgewebview2setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
4560"C:\Program Files (x86)\Microsoft\Temp\EUDC87.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"C:\Program Files (x86)\Microsoft\Temp\EUDC87.tmp\MicrosoftEdgeUpdate.exe
MicrosoftEdgeWebview2Setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update
Exit code:
2147747592
Version:
1.3.195.57
Modules
Images
c:\program files (x86)\microsoft\temp\eudc87.tmp\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
5164"C:\WINDOWS\system32\wermgr.exe" "-outproc" "0" "4560" "2104" "2180" "2376" "0" "0" "0" "0" "0" "0" "0" "0" C:\Windows\SysWOW64\wermgr.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\wermgr.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
6032C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
7036"C:\Users\admin\Desktop\ModrinthApp_0.9.5_x64-setup.exe" C:\Users\admin\Desktop\ModrinthApp_0.9.5_x64-setup.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
Modrinth App
Version:
0.9.5
Modules
Images
c:\users\admin\desktop\modrinthapp_0.9.5_x64-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
13 330
Read events
13 296
Write events
32
Delete events
2

Modification events

(PID) Process:(4560) MicrosoftEdgeUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe
Operation:writeName:DisableExceptionChainValidation
Value:
0
(PID) Process:(4560) MicrosoftEdgeUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\PersistedPings\{C08E7F1F-92ED-472E-9EC5-664E37BB574F}
Operation:writeName:PersistedPingString
Value:
<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" updater="Omaha" updaterversion="1.3.195.57" shell_version="1.3.147.37" ismachine="1" sessionid="{DEECDC91-B537-4304-B34F-39173B95285C}" userid="{FD984739-A122-4DB0-BE5B-46E3E09D84E4}" installsource="otherinstallcmd" requestid="{C08E7F1F-92ED-472E-9EC5-664E37BB574F}" dedup="cr" domainjoined="0"><hw logical_cpus="4" physmemory="4" disk_type="2" sse="1" sse2="1" sse3="1" ssse3="1" sse41="1" sse42="1" avx="1"/><os platform="win" version="10.0.19045.4046" sp="" arch="x64" product_type="48" is_wip="0" is_in_lockdown_mode="0"/><oem product_manufacturer="DELL" product_name="DELL"/><exp etag="&quot;r452t1+k2Tgq/HXzjvFNBRhopBWR9sbjXxqeUDH9uX0=&quot;"/><app appid="{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}" version="1.3.185.17" nextversion="1.3.195.57" lang="" brand="" client=""><event eventtype="2" eventresult="1" errorcode="0" extracode1="0" system_uptime_ticks="9752575380" install_time_ms="609"/></app></request>
(PID) Process:(4560) MicrosoftEdgeUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\PersistedPings\{C08E7F1F-92ED-472E-9EC5-664E37BB574F}
Operation:writeName:PersistedPingTime
Value:
133912215387326127
(PID) Process:(4560) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\proxy
Operation:writeName:source
Value:
auto
(PID) Process:(4560) MicrosoftEdgeUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\PersistedPings\{C08E7F1F-92ED-472E-9EC5-664E37BB574F}
Operation:delete keyName:(default)
Value:
(PID) Process:(4560) MicrosoftEdgeUpdate.exeKey:\REGISTRY\A\{ee3c7ba2-afbc-50ea-b237-d56ee10f73f7}\Root\InventoryApplicationFile
Operation:writeName:WritePermissionsCheck
Value:
1
(PID) Process:(4560) MicrosoftEdgeUpdate.exeKey:\REGISTRY\A\{ee3c7ba2-afbc-50ea-b237-d56ee10f73f7}\Root\InventoryApplicationFile\PermissionsCheckTestKey
Operation:delete keyName:(default)
Value:
(PID) Process:(5164) wermgr.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
Operation:writeName:ClockTimeSeconds
Value:
24421D6800000000
(PID) Process:(5164) wermgr.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
Operation:writeName:TickCount
Value:
62EA100000000000
(PID) Process:(4560) MicrosoftEdgeUpdate.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\UsageStats\Daily\Timings
Operation:writeName:setup_lock_acquire_ms
Value:
0300000000000000000000000000000000000000000000000000000000000000
Executable files
204
Suspicious files
3
Text files
6
Unknown types
0

Dropped files

PID
Process
Filename
Type
7036ModrinthApp_0.9.5_x64-setup.exeC:\Users\admin\AppData\Local\Temp\nspC1DD.tmp\System.dllexecutable
MD5:CFF85C549D536F651D4FB8387F1976F2
SHA256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
3884MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EUDC87.tmp\psuser_64.dllexecutable
MD5:F4AD7A3F433B5FE25A49B7AE2BCF7BB2
SHA256:0ADF62C8F0E57A6007D0FE26712CF1256078C8D9A2AA2EAA350413EAD8CE46B5
3884MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EUDC87.tmp\MicrosoftEdgeUpdateCore.exeexecutable
MD5:28E6A18490028F644582C8E15A028BED
SHA256:BB99B0F91D6B2615CF193EAA63E6113733346E5AEBE182E8799B020BA9B6F0B2
3884MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EUDC87.tmp\msedgeupdate.dllexecutable
MD5:C4850C9C841ED29FF08A8860C8B48175
SHA256:F7BAC71570109778D3E971786340BB59955E8779C792B2EE74D2598E9C6F5569
7036ModrinthApp_0.9.5_x64-setup.exeC:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exeexecutable
MD5:A7E58B2280FE3768A007DE5BFCED6E1E
SHA256:3B8733318F3FD0B18714B651F1558B063A3EADBE287695B6A36BA45FAEF3DECA
3884MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EUDC87.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeexecutable
MD5:A2B91A80F7A2A32ABF8F2E524C07EB6B
SHA256:31DAB919FB0568B18E4A9C6CAF9F6C327AB312E226B05A8FB3C0C48895DEB03D
7036ModrinthApp_0.9.5_x64-setup.exeC:\Users\admin\AppData\Local\Temp\nspC1DD.tmp\NSISdl.dllexecutable
MD5:EE68463FED225C5C98D800BDBD205598
SHA256:419485A096BC7D95F872ED1B9B7B5C537231183D710363BEEE4D235BB79DBE04
3884MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EUDC87.tmp\psmachine_arm64.dllexecutable
MD5:9EFCD19FF09ABBB2374302BA9FE815E9
SHA256:342A254273C035644065C84FEB6192397994ABAEDD55D9B08538212FB824D38B
3884MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EUDC87.tmp\MicrosoftEdgeUpdate.exeexecutable
MD5:775BFFE023242A224DC00B190CDD6B0E
SHA256:868D0B887CED2B9C96F69256626EF20E06E1EA582412E02C77B67179F0BB488A
3884MicrosoftEdgeWebview2Setup.exeC:\Program Files (x86)\Microsoft\Temp\EUDC87.tmp\MicrosoftEdgeUpdateBroker.exeexecutable
MD5:74ABCEE07CF78D7DB223D6BDB5DD5CCA
SHA256:7E4AF81ED4C0B300D182ABE757ACD5436D160E35221B7B38CC0B14C21D70768B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
40
TCP/UDP connections
60
DNS requests
20
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2104
svchost.exe
GET
200
2.16.168.114:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2104
svchost.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7036
ModrinthApp_0.9.5_x64-setup.exe
GET
301
2.19.246.123:80
http://go.microsoft.com/fwlink/p/?LinkId=2124703
unknown
whitelisted
7036
ModrinthApp_0.9.5_x64-setup.exe
GET
200
2.16.168.212:80
http://msedge.sf.dl.delivery.mp.microsoft.com/filestreamingservice/files/7819ef26-d4fa-4dd3-988f-fc05ba1f3fe4/MicrosoftEdgeWebview2Setup.exe
unknown
whitelisted
GET
304
13.107.42.16:443
https://config.edge.skype.com/config/v1/EdgeUpdate/1.3.195.57?clientId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&appChannel_webview=5&appConsentState_webview=0&appDayOfInstall_webview=0&appInactivityBadgeApplied_webview=0&appInactivityBadgeCleared_webview=0&appInactivityBadgeDuration_webview=0&appInstallTimeDiffSec_webview=0&appIsPinnedSystem_webview=false&appLastLaunchCount_webview=0&appLastLaunchTime_webview=0&appLastLaunchTimeJson_webview=0&appLastLaunchTimeDaysAgo_webview=0&appUpdateCheckIsUpdateDisabled_webview=false&appUpdatesAllowedForMeteredNetworks_webview=false&hwDiskType=2&hwHasSsse3=true&hwLogicalCpus=4&hwPhysmemory=4&isCTADevice=false&isMsftDomainJoined=false&oemProductManufacturer=DELL&oemProductName=DELL&osArch=x64&osIsDefaultNetworkConnectionMetered=false&osIsInLockdownMode=false&osIsWIP=false&osPlatform=win&osProductType=48&osVersion=10.0.19045.4046&requestCheckPeriodSec=-1&requestDomainJoined=false&requestInstallSource=otherinstallcmd&requestIsMachine=true&requestOmahaShellVersion=1.3.147.37&requestOmahaVersion=1.3.195.57
unknown
GET
304
4.245.163.56:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
GET
200
52.165.164.15:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
unknown
1568
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
POST
200
20.190.159.71:443
https://login.live.com/RST2.srf
unknown
whitelisted
1568
SIHClient.exe
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2104
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
2104
svchost.exe
2.16.168.114:80
crl.microsoft.com
Akamai International B.V.
RU
whitelisted
2104
svchost.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
3216
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
20.190.160.65:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
7036
ModrinthApp_0.9.5_x64-setup.exe
2.19.246.123:80
go.microsoft.com
AKAMAI-AS
DE
whitelisted
7036
ModrinthApp_0.9.5_x64-setup.exe
2.16.168.212:80
msedge.sf.dl.delivery.mp.microsoft.com
Akamai International B.V.
RU
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 40.127.240.158
whitelisted
google.com
  • 142.250.184.238
whitelisted
crl.microsoft.com
  • 2.16.168.114
  • 2.16.168.124
  • 2.16.164.120
  • 2.16.164.49
whitelisted
www.microsoft.com
  • 2.23.246.101
  • 95.101.149.131
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
login.live.com
  • 20.190.160.65
  • 20.190.160.14
  • 20.190.160.130
  • 20.190.160.20
  • 20.190.160.22
  • 40.126.32.133
  • 40.126.32.72
  • 40.126.32.138
whitelisted
go.microsoft.com
  • 2.19.246.123
whitelisted
msedge.sf.dl.delivery.mp.microsoft.com
  • 2.16.168.212
  • 2.16.168.217
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
watson.events.data.microsoft.com
  • 20.189.173.20
whitelisted

Threats

PID
Process
Class
Message
7036
ModrinthApp_0.9.5_x64-setup.exe
Misc activity
ET INFO Packed Executable Download
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ModrinthApp_0.9.5_x64-setup.exe