URL:

https://modrinth.com/app

Full analysis: https://app.any.run/tasks/0b5a33af-4101-436c-994c-f4f5684772df
Verdict: Malicious activity
Analysis date: February 27, 2026, 19:48:39
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
rust
Indicators:
MD5:

87C5E4900B564ED4089FF4EEC47E8F00

SHA1:

311EC9A8FCACCFFFBF17617185ED5179A7084473

SHA256:

927650CFA376383DEEE70A1701400B8956233F14DC01ED8202BA44E996748665

SSDEEP:

3:N8jXMiGE:2Y9E

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 4336)

    • Potential DLL hijacking behavior detected

      • msedgewebview2.exe (PID: 8632)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • Modrinth App_0.10.30_x64-setup.exe (PID: 1520)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Modrinth App_0.10.30_x64-setup.exe (PID: 1520)

    • Searches for installed software

      • Modrinth App_0.10.30_x64-setup.exe (PID: 1520)
      • setup.exe (PID: 1820)
      • msedgewebview2.exe (PID: 8740)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 4336)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6468)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8332)
      • MicrosoftEdgeUpdate.exe (PID: 5016)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6808)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 1876)
      • MicrosoftEdgeUpdate.exe (PID: 4336)

    • Application launched itself

      • setup.exe (PID: 1820)
      • MicrosoftEdgeUpdate.exe (PID: 4924)
      • msedgewebview2.exe (PID: 8740)

  • INFO

    • Drops script file

      • msedge.exe (PID: 8456)
      • msedge.exe (PID: 7340)
      • setup.exe (PID: 1820)

    • Reads Environment values

      • identity_helper.exe (PID: 3920)
      • MicrosoftEdgeUpdate.exe (PID: 8572)
      • MicrosoftEdgeUpdate.exe (PID: 7772)
      • Modrinth App.exe (PID: 7244)
      • msedgewebview2.exe (PID: 8740)
      • javaw.exe (PID: 7428)

    • Reads the computer name

      • identity_helper.exe (PID: 3920)
      • Modrinth App_0.10.30_x64-setup.exe (PID: 1520)
      • MicrosoftEdgeUpdate.exe (PID: 5016)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6468)
      • MicrosoftEdgeUpdate.exe (PID: 4336)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8332)
      • MicrosoftEdgeUpdate.exe (PID: 8572)
      • MicrosoftEdgeUpdate.exe (PID: 7992)
      • MicrosoftEdgeUpdate.exe (PID: 4924)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6808)
      • MicrosoftEdge_X64_145.0.3800.82.exe (PID: 1760)
      • setup.exe (PID: 1820)
      • MicrosoftEdgeUpdate.exe (PID: 7772)
      • Modrinth App.exe (PID: 7244)
      • msedgewebview2.exe (PID: 8740)
      • msedgewebview2.exe (PID: 8632)
      • msedgewebview2.exe (PID: 2752)
      • MicrosoftEdgeUpdateCore.exe (PID: 1688)
      • MicrosoftEdgeUpdate.exe (PID: 7860)
      • msedgewebview2.exe (PID: 1388)

    • Checks supported languages

      • identity_helper.exe (PID: 3920)
      • Modrinth App_0.10.30_x64-setup.exe (PID: 1520)
      • MicrosoftEdgeUpdate.exe (PID: 5016)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6468)
      • MicrosoftEdgeWebview2Setup.exe (PID: 1876)
      • MicrosoftEdgeUpdate.exe (PID: 4336)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8332)
      • MicrosoftEdgeUpdate.exe (PID: 8572)
      • MicrosoftEdgeUpdate.exe (PID: 7992)
      • MicrosoftEdgeUpdate.exe (PID: 4924)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6808)
      • MicrosoftEdge_X64_145.0.3800.82.exe (PID: 1760)
      • setup.exe (PID: 1820)
      • setup.exe (PID: 4940)
      • MicrosoftEdgeUpdate.exe (PID: 7772)
      • Modrinth App.exe (PID: 7244)
      • msedgewebview2.exe (PID: 8740)
      • msedgewebview2.exe (PID: 6860)
      • msedgewebview2.exe (PID: 8632)
      • msedgewebview2.exe (PID: 2752)
      • msedgewebview2.exe (PID: 8472)
      • msedgewebview2.exe (PID: 7756)
      • msedgewebview2.exe (PID: 2820)
      • javaw.exe (PID: 7428)
      • MicrosoftEdgeUpdate.exe (PID: 7860)
      • MicrosoftEdgeUpdateCore.exe (PID: 1688)
      • msedgewebview2.exe (PID: 1792)
      • msedgewebview2.exe (PID: 1840)
      • msedgewebview2.exe (PID: 4336)
      • msedgewebview2.exe (PID: 4952)
      • msedgewebview2.exe (PID: 1388)
      • msedgewebview2.exe (PID: 8504)
      • msedgewebview2.exe (PID: 7432)
      • msedgewebview2.exe (PID: 936)

    • Application launched itself

      • msedge.exe (PID: 8456)

    • Launching a file from the Downloads directory

      • msedge.exe (PID: 8456)

    • Checks proxy server information

      • Modrinth App_0.10.30_x64-setup.exe (PID: 1520)
      • MicrosoftEdgeUpdate.exe (PID: 8572)
      • MicrosoftEdgeUpdate.exe (PID: 4924)
      • MicrosoftEdgeUpdate.exe (PID: 7772)
      • msedgewebview2.exe (PID: 8740)
      • Modrinth App.exe (PID: 7244)
      • slui.exe (PID: 6300)

    • Creates files or folders in the user directory

      • MicrosoftEdgeUpdate.exe (PID: 4336)
      • MicrosoftEdgeUpdate.exe (PID: 4924)
      • MicrosoftEdge_X64_145.0.3800.82.exe (PID: 1760)
      • setup.exe (PID: 1820)
      • setup.exe (PID: 4940)
      • Modrinth App_0.10.30_x64-setup.exe (PID: 1520)
      • Modrinth App.exe (PID: 7244)
      • msedgewebview2.exe (PID: 8740)
      • msedgewebview2.exe (PID: 6860)
      • msedgewebview2.exe (PID: 2752)
      • msedgewebview2.exe (PID: 1388)

    • Launching a file from a Registry key

      • MicrosoftEdgeUpdate.exe (PID: 4336)

    • Create files in a temporary directory

      • Modrinth App_0.10.30_x64-setup.exe (PID: 1520)
      • MicrosoftEdgeWebview2Setup.exe (PID: 1876)
      • msedgewebview2.exe (PID: 8740)
      • javaw.exe (PID: 7428)
      • Modrinth App.exe (PID: 7244)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 4336)
      • MicrosoftEdgeUpdate.exe (PID: 4924)
      • msedgewebview2.exe (PID: 8740)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 4336)
      • setup.exe (PID: 1820)
      • msedgewebview2.exe (PID: 8740)
      • msedgewebview2.exe (PID: 7756)
      • msedgewebview2.exe (PID: 2820)

    • There is functionality for taking screenshot (YARA)

      • Modrinth App_0.10.30_x64-setup.exe (PID: 1520)
      • Modrinth App.exe (PID: 7244)

    • Reads the machine GUID from the registry

      • MicrosoftEdgeUpdate.exe (PID: 4924)
      • msedgewebview2.exe (PID: 8740)
      • msedgewebview2.exe (PID: 1388)

    • Creates a software uninstall entry

      • setup.exe (PID: 1820)
      • Modrinth App_0.10.30_x64-setup.exe (PID: 1520)

    • Manual execution by a user

      • Modrinth App.exe (PID: 7244)
      • MicrosoftEdgeUpdateCore.exe (PID: 1688)

    • Reads product name

      • Modrinth App.exe (PID: 7244)

    • Reads CPU info

      • javaw.exe (PID: 7428)

    • Application based on Rust

      • Modrinth App.exe (PID: 7244)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
228
Monitored processes
73
Malicious processes
2
Suspicious processes
4

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs modrinth app_0.10.30_x64-setup.exe microsoftedgewebview2setup.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe microsoftedge_x64_145.0.3800.82.exe no specs setup.exe no specs setup.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs microsoftedgeupdate.exe modrinth app.exe msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedge.exe no specs msedgewebview2.exe no specs microsoftedgeupdatecore.exe no specs microsoftedgeupdate.exe no specs msedge.exe no specs msedge.exe no specs javaw.exe no specs msedge.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedge.exe no specs msedge.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedge.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedge.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
936"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.82\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\ModrinthApp\EBWebView" --webview-exe-name="Modrinth App.exe" --webview-exe-version=0.10.30 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --skip-read-main-dll --metrics-shmem-handle=5024,i,10529203163051983619,5860663788370933360,524288 --field-trial-handle=1872,i,15908882111919830421,17647981432854717184,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --trace-process-track-uuid=3190708999430457380 --mojo-platform-channel-handle=5436 /prefetch:8C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.82\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
145.0.3800.82
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.82\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.82\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
1388"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.82\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\ModrinthApp\EBWebView" --webview-exe-name="Modrinth App.exe" --webview-exe-version=0.10.30 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADoAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAEIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --skip-read-main-dll --metrics-shmem-handle=4788,i,28929438331511191,2277836127547405148,262144 --field-trial-handle=1872,i,15908882111919830421,17647981432854717184,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --trace-process-track-uuid=3190708996619331833 --mojo-platform-channel-handle=5236 /prefetch:8C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.82\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
145.0.3800.82
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.82\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.82\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
1520"C:\Users\admin\Downloads\Modrinth App_0.10.30_x64-setup.exe" C:\Users\admin\Downloads\Modrinth App_0.10.30_x64-setup.exe
msedge.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Modrinth App
Exit code:
0
Version:
0.10.30
Modules
Images
c:\users\admin\downloads\modrinth app_0.10.30_x64-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
1676"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=7684,i,9836501918221942838,13339652153642255966,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=8160 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1688"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.221.3\MicrosoftEdgeUpdateCore.exe"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.221.3\MicrosoftEdgeUpdateCore.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.221.3
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.221.3\microsoftedgeupdatecore.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
1760"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{8A7C2D39-9476-4E88-B374-0E4E188EF84C}\MicrosoftEdge_X64_145.0.3800.82.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --user-levelC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{8A7C2D39-9476-4E88-B374-0E4E188EF84C}\MicrosoftEdge_X64_145.0.3800.82.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
145.0.3800.82
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{8a7c2d39-9476-4e88-b374-0e4e188ef84c}\microsoftedge_x64_145.0.3800.82.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\shell32.dll
1792"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.82\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\ModrinthApp\EBWebView" --webview-exe-name="Modrinth App.exe" --webview-exe-version=0.10.30 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --ram-no-pressure-read-main-dll --metrics-shmem-handle=3588,i,2311806280522150411,7273247344417498053,524288 --field-trial-handle=1872,i,15908882111919830421,17647981432854717184,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --trace-process-track-uuid=3190708992871164437 --mojo-platform-channel-handle=5068 /prefetch:8C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.82\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
145.0.3800.82
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.82\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.82\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
1820"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{8A7C2D39-9476-4E88-B374-0E4E188EF84C}\EDGEMITMP_130F6.tmp\setup.exe" --install-archive="C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{8A7C2D39-9476-4E88-B374-0E4E188EF84C}\MicrosoftEdge_X64_145.0.3800.82.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --user-levelC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{8A7C2D39-9476-4E88-B374-0E4E188EF84C}\EDGEMITMP_130F6.tmp\setup.exeMicrosoftEdge_X64_145.0.3800.82.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
145.0.3800.82
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{8a7c2d39-9476-4e88-b374-0e4e188ef84c}\edgemitmp_130f6.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1840"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.82\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\ModrinthApp\EBWebView" --webview-exe-name="Modrinth App.exe" --webview-exe-version=0.10.30 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --skip-read-main-dll --metrics-shmem-handle=5152,i,9085378211909349802,206265609856547575,524288 --field-trial-handle=1872,i,15908882111919830421,17647981432854717184,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --trace-process-track-uuid=3190708993808206286 --mojo-platform-channel-handle=3420 /prefetch:8C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.82\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
145.0.3800.82
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.82\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.82\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
1876C:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe /silent /installC:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exeModrinth App_0.10.30_x64-setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update Setup
Exit code:
0
Version:
1.3.221.3
Modules
Images
c:\users\admin\appdata\local\temp\microsoftedgewebview2setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
Total events
16 627
Read events
14 591
Write events
1 968
Delete events
68

Modification events

(PID) Process:(4336) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(4336) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:edgeupdate_task_name_ua
Value:
MicrosoftEdgeUpdateTaskUserS-1-5-21-1693682860-607145093-2874071422-1001UA{5418E3B9-457D-4FCD-9D41-FF44345E89E3}
(PID) Process:(5016) MicrosoftEdgeUpdate.exeKey:HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(6808) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32
Operation:delete keyName:(default)
Value:
(PID) Process:(6808) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}
Operation:delete keyName:(default)
Value:
(PID) Process:(6808) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(6808) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32
Operation:delete keyName:(default)
Value:
(PID) Process:(6808) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}
Operation:delete keyName:(default)
Value:
(PID) Process:(6808) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{5EA43877-C6D8-4885-B77A-C0BB27E94372}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(6808) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{72808691-AF2A-4539-8B4A-3CDBA21C32F9}\InprocHandler32
Operation:delete keyName:(default)
Value:
Executable files
1
Suspicious files
35
Text files
250
Unknown types
5 846

Dropped files

PID
Process
Filename
Type
8456msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF1e55ce.TMP
MD5:
SHA256:
8456msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
8456msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF1e55de.TMP
MD5:
SHA256:
8456msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF1e55ee.TMP
MD5:
SHA256:
8456msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
8456msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
8456msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF1e561d.TMP
MD5:
SHA256:
8456msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF1e561d.TMP
MD5:
SHA256:
8456msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
8456msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
519
TCP/UDP connections
196
DNS requests
204
Threats
6

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
8976
msedge.exe
GET
200
104.18.22.35:443
https://modrinth.com/app
US
unknown
8976
msedge.exe
GET
200
150.171.28.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
US
binary
446 b
whitelisted
8976
msedge.exe
GET
200
104.18.23.222:443
https://copilot.microsoft.com/c/api/user/eligibility
US
text
25 b
whitelisted
8976
msedge.exe
GET
200
104.18.22.35:443
https://modrinth.com/app
US
binary
1.81 Mb
unknown
8976
msedge.exe
GET
200
104.18.22.35:443
https://modrinth.com/_nuxt/Button.BKtyQbBS.css
US
binary
73 b
unknown
8976
msedge.exe
GET
200
104.18.22.35:443
https://modrinth.com/_nuxt/PopoutMenu.CPytQWi-.css
US
165 b
unknown
8976
msedge.exe
GET
200
104.18.22.35:443
https://modrinth.com/_nuxt/CreatorTaxFormModal.Ci35YgRr.css
US
818 b
unknown
8976
msedge.exe
GET
200
104.18.22.35:443
https://modrinth.com/_nuxt/Chips.CWdwDKeI.css
US
469 b
unknown
8976
msedge.exe
GET
200
104.18.22.35:443
https://modrinth.com/_nuxt/CollectionCreateModal.L56whYez.css
US
202 b
unknown
8976
msedge.exe
GET
200
104.18.22.35:443
https://modrinth.com/_nuxt/NewModal.B6JxeKpw.css
US
2.10 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
8964
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5568
SearchApp.exe
2.16.241.218:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
204.79.197.203:80
oneocsp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5180
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
8976
msedge.exe
150.171.28.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 2.16.241.218
  • 2.16.241.207
  • 2.16.241.201
  • 2.16.241.205
  • 2.16.204.141
  • 2.16.204.137
  • 2.16.204.149
  • 2.16.204.152
  • 2.16.204.138
  • 2.16.204.147
  • 2.16.204.136
  • 2.16.204.139
  • 2.16.204.146
whitelisted
ocsp.digicert.com
  • 184.30.131.245
  • 2.17.190.73
whitelisted
google.com
  • 172.217.20.142
whitelisted
oneocsp.microsoft.com
  • 204.79.197.203
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 52.123.243.219
  • 52.123.243.64
  • 52.123.243.73
  • 52.123.224.64
  • 52.123.243.83
  • 52.123.243.201
  • 52.123.224.66
  • 52.123.243.213
  • 150.171.22.17
whitelisted
modrinth.com
  • 104.18.22.35
  • 104.18.23.35
whitelisted
api.edgeoffer.microsoft.com
  • 13.107.246.38
  • 13.107.213.38
whitelisted
copilot.microsoft.com
  • 104.18.23.222
  • 104.18.22.222
whitelisted

Threats

PID
Process
Class
Message
1520
Modrinth App_0.10.30_x64-setup.exe
Misc activity
ET INFO Packed Executable Download
1320
svchost.exe
Misc activity
ET INFO Packed Executable Download
8976
msedge.exe
Potentially Bad Traffic
ET INFO PE EXE or DLL Windows file download HTTP
5180
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
2752
msedgewebview2.exe
Misc activity
ET INFO Free Online Form Builder Domain in DNS Lookup (tally .so)
2752
msedgewebview2.exe
Misc activity
ET INFO Free Online Form Builder Domain in DNS Lookup (tally .so)
Process
Message
msedgewebview2.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Local\ModrinthApp directory exists )
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://modrinth.com/app