Malware analysis Modrinth App_0.10.7_x64-setup.exe Malicious activity

Add for printing

File name:	Modrinth App_0.10.7_x64-setup.exe
Full analysis:	https://app.any.run/tasks/c269289f-e110-42d8-8667-eb0e68d7fc95
Verdict:	Malicious activity
Threats:	A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. Malware Trends Tracker >>>
Analysis date:	August 20, 2025, 23:45:33
OS:	Windows 10 Professional (build: 19044, 64 bit)
Tags:	loader
Indicators:
MIME:	application/vnd.microsoft.portable-executable
File info:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:	3A7A26626243C3C6689884D3260863A2
SHA1:	4DBB307E90341CEC362058C1767CEB6A3949421F
SHA256:	A329F825984EC42C23CF983400B3304F10EB44AC4DA36CAACFAFBB09813410B6
SSDEEP:	98304:uJ88U71GHyUpdlqooBSMWPJEFWqHBTZYu3bpgofEiXSsgHGEQ4/GaD9X0f+PV1lm:ugJynFqHd1n1HaFA9H

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 240 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: 180 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (133.0.6943.127)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (133.0.3065.92)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (136.0)
Mozilla Maintenance Service (136.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
- Changes the autorun value in the registry
  - MicrosoftEdgeUpdate.exe (PID: 4836)
- The DLL Hijacking
  - msedgewebview2.exe (PID: 2696)
SUSPICIOUS
- Starts a Microsoft application from unusual location
  - MicrosoftEdgeWebview2Setup.exe (PID: 2220)
  - MicrosoftEdgeUpdate.exe (PID: 4836)
- Searches for installed software
  - Modrinth App_0.10.7_x64-setup.exe (PID: 1592)
  - setup.exe (PID: 5468)
- Malware-specific behavior (creating "System.dll" in Temp)
  - Modrinth App_0.10.7_x64-setup.exe (PID: 1592)
- The process creates files with name similar to system file names
  - Modrinth App_0.10.7_x64-setup.exe (PID: 1592)
- Process drops legitimate windows executable
  - MicrosoftEdgeWebview2Setup.exe (PID: 2220)
  - Modrinth App_0.10.7_x64-setup.exe (PID: 1592)
  - MicrosoftEdgeUpdate.exe (PID: 4836)
  - MicrosoftEdge_X64_139.0.3405.102.exe (PID: 5352)
  - setup.exe (PID: 5468)
- Starts itself from another location
  - MicrosoftEdgeUpdate.exe (PID: 4836)
- Creates/Modifies COM task schedule object
  - MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4748)
  - MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 2620)
  - MicrosoftEdgeUpdate.exe (PID: 6524)
  - MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5824)
- Reads security settings of Internet Explorer
  - MicrosoftEdgeUpdate.exe (PID: 4836)
  - MicrosoftEdgeUpdate.exe (PID: 4088)
  - msedgewebview2.exe (PID: 5172)
- There is functionality for taking screenshot (YARA)
  - Modrinth App_0.10.7_x64-setup.exe (PID: 1592)
- Application launched itself
  - setup.exe (PID: 5468)
  - MicrosoftEdgeUpdate.exe (PID: 4088)
  - msedgewebview2.exe (PID: 5172)
- Creates a software uninstall entry
  - setup.exe (PID: 5468)
  - Modrinth App_0.10.7_x64-setup.exe (PID: 1592)
INFO
- Reads the computer name
  - Modrinth App_0.10.7_x64-setup.exe (PID: 1592)
  - MicrosoftEdgeUpdate.exe (PID: 4836)
  - MicrosoftEdgeUpdate.exe (PID: 6524)
  - MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 2620)
  - MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4748)
  - MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5824)
  - MicrosoftEdgeUpdate.exe (PID: 4088)
  - MicrosoftEdgeUpdate.exe (PID: 760)
  - MicrosoftEdgeUpdate.exe (PID: 5456)
  - MicrosoftEdge_X64_139.0.3405.102.exe (PID: 5352)
  - setup.exe (PID: 5468)
  - MicrosoftEdgeUpdate.exe (PID: 4172)
  - Modrinth App.exe (PID: 6264)
  - msedgewebview2.exe (PID: 5172)
  - msedgewebview2.exe (PID: 6128)
  - msedgewebview2.exe (PID: 2696)
- Checks supported languages
  - Modrinth App_0.10.7_x64-setup.exe (PID: 1592)
  - MicrosoftEdgeWebview2Setup.exe (PID: 2220)
  - MicrosoftEdgeUpdate.exe (PID: 4836)
  - MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4748)
  - MicrosoftEdgeUpdate.exe (PID: 6524)
  - MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 2620)
  - MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5824)
  - MicrosoftEdge_X64_139.0.3405.102.exe (PID: 5352)
  - MicrosoftEdgeUpdate.exe (PID: 760)
  - MicrosoftEdgeUpdate.exe (PID: 5456)
  - MicrosoftEdgeUpdate.exe (PID: 4088)
  - setup.exe (PID: 6936)
  - MicrosoftEdgeUpdate.exe (PID: 4172)
  - setup.exe (PID: 5468)
  - Modrinth App.exe (PID: 6264)
  - msedgewebview2.exe (PID: 5172)
  - msedgewebview2.exe (PID: 6620)
  - msedgewebview2.exe (PID: 2696)
  - msedgewebview2.exe (PID: 6128)
  - msedgewebview2.exe (PID: 5988)
  - msedgewebview2.exe (PID: 1216)
  - msedgewebview2.exe (PID: 3688)
- Create files in a temporary directory
  - Modrinth App_0.10.7_x64-setup.exe (PID: 1592)
  - MicrosoftEdgeWebview2Setup.exe (PID: 2220)
  - msedgewebview2.exe (PID: 5172)
- The sample compiled with english language support
  - Modrinth App_0.10.7_x64-setup.exe (PID: 1592)
  - MicrosoftEdgeWebview2Setup.exe (PID: 2220)
  - MicrosoftEdgeUpdate.exe (PID: 4836)
  - MicrosoftEdge_X64_139.0.3405.102.exe (PID: 5352)
  - setup.exe (PID: 5468)
- Checks proxy server information
  - Modrinth App_0.10.7_x64-setup.exe (PID: 1592)
  - MicrosoftEdgeUpdate.exe (PID: 760)
  - MicrosoftEdgeUpdate.exe (PID: 4088)
  - MicrosoftEdgeUpdate.exe (PID: 4172)
  - msedgewebview2.exe (PID: 5172)
  - Modrinth App.exe (PID: 6264)
- Launching a file from a Registry key
  - MicrosoftEdgeUpdate.exe (PID: 4836)
- Creates files or folders in the user directory
  - MicrosoftEdgeUpdate.exe (PID: 4836)
  - MicrosoftEdgeUpdate.exe (PID: 4088)
  - MicrosoftEdge_X64_139.0.3405.102.exe (PID: 5352)
  - setup.exe (PID: 6936)
  - setup.exe (PID: 5468)
  - Modrinth App_0.10.7_x64-setup.exe (PID: 1592)
  - Modrinth App.exe (PID: 6264)
  - msedgewebview2.exe (PID: 5172)
  - msedgewebview2.exe (PID: 6620)
  - msedgewebview2.exe (PID: 6128)
- Reads Environment values
  - MicrosoftEdgeUpdate.exe (PID: 760)
  - MicrosoftEdgeUpdate.exe (PID: 4172)
  - msedgewebview2.exe (PID: 5172)
  - Modrinth App.exe (PID: 6264)
- Process checks computer location settings
  - MicrosoftEdgeUpdate.exe (PID: 4836)
  - setup.exe (PID: 5468)
  - msedgewebview2.exe (PID: 5172)
  - msedgewebview2.exe (PID: 1216)
  - msedgewebview2.exe (PID: 3688)
- Reads the machine GUID from the registry
  - MicrosoftEdgeUpdate.exe (PID: 4088)
  - msedgewebview2.exe (PID: 5172)
- Reads the software policy settings
  - MicrosoftEdgeUpdate.exe (PID: 4088)
  - MicrosoftEdgeUpdate.exe (PID: 760)
  - MicrosoftEdgeUpdate.exe (PID: 4172)
- Reads product name
  - Modrinth App.exe (PID: 6264)
- Manual execution by a user
  - Modrinth App.exe (PID: 6264)
- Reads CPU info
  - msedgewebview2.exe (PID: 5172)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win32 Executable MS Visual C++ (generic) (67.4)
.dll	\|	Win32 Dynamic Link Library (generic) (14.2)
.exe	\|	Win32 Executable (generic) (9.7)
.exe	\|	Generic Win/DOS Executable (4.3)
.exe	\|	DOS Executable Generic (4.3)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2021:09:25 21:56:47+00:00
ImageFileCharacteristics:	No relocs, Executable, No line numbers, No symbols, 32-bit
PEType:	PE32
LinkerVersion:	6
CodeSize:	26624
InitializedDataSize:	141824
UninitializedDataSize:	2048
EntryPoint:	0x3640
OSVersion:	4
ImageVersion:	6
SubsystemVersion:	4
Subsystem:	Windows GUI
FileVersionNumber:	0.10.7.0
ProductVersionNumber:	0.10.7.0
FileFlagsMask:	0x0000
FileFlags:	(none)
FileOS:	Win32
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	English (U.S.)
CharacterSet:	Unicode
FileDescription:	Modrinth App
FileVersion:	0.10.7
LegalCopyright:	-
ProductName:	Modrinth App
ProductVersion:	0.10.7

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

160

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

760

C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

MicrosoftEdgeUpdate.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge Update

Exit code:

Version:

1.3.195.65

Modules

Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll

1216

"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\139.0.3405.102\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\ModrinthApp\EBWebView" --webview-exe-name="Modrinth App.exe" --webview-exe-version=0.10.7 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --force-high-res-timeticks=disabled --autoplay-policy=no-user-gesture-required --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--expose-gc --ms-user-locale=" --always-read-main-dll --metrics-shmem-handle=3240,i,16154568374303034057,11919443332449379456,2097152 --field-trial-handle=1864,i,17310353604443974993,12240872339884683838,262144 --enable-features=ForceSWDCompWhenDCompFallbackRequired,msAggressiveCacheTrimming,msCustomDataPartition,msWebView2NoTabForScreenShare,msWindowsTaskManager --disable-features=BackForwardCache,BackgroundTabLoadingFromPerformanceManager,CloseOmniboxPopupOnInactiveAreaClick,CollectAVProductsInfo,CollectCodeIntegrityInfo,EnableHangWatcher,FilterAdsOnAbusiveSites,GetWifiProtocol,LoginDetection,MediaFoundationCameraUsageMonitoring,PreconnectToSearch,SafetyHub,SegmentationPlatform,SpareRendererForSitePerProcess,Ukm,WebPayments,msAITrackerClassification,msAbydosForWindowlessWV2,msAffirmVirtualCard,msAllowChromeWebstore,msAllowMSAPrtSSOForNonMSAProfile,msApplicationGuard,msAskBeforeClosingMultipleTabs,msAutoToggleAADPrtSSOForNonAADProfile,msAutofillEdgeCoupons,msAutofillEdgeCouponsAutoApply,msAutofillEdgeServiceRequest,msAutofillEnableEdgeSuggestions,msAutomaticTabFreeze,msBrowserSettingsSupported,msCoarseGeolocationService,msDataProtection,msDesktopMode,msDesktopRewards,msDisableVariationsSeedFetchThrottling,msEEProactiveHistory,msETFOffstoreExtensionFileDataCollection,msETFPasswordTheftDNRActionSignals,msEdgeAdPlatformUI,msEdgeAddWebCapturetoCollections,msEdgeAutofillShowDeployedPassword,msEdgeCaptureSelectionInPDF,msEdgeCloudConfigService,msEdgeCloudConfigServiceV2,msEdgeCohorts,msEdgeCollectionsPrismExperiment1,msEdgeCollectionsPrismOverallMigration,msEdgeComposeNext,msEdgeEnableNurturingFramework,msEdgeEnclavePrefsBasic,msEdgeEnclavePrefsNotification,msEdgeFaviconService,msEdgeHJTelemetry,msEdgeHubAppSkype,msEdgeImageEditorUI,msEdgeLinkDoctor,msEdgeMouseGestureDefaultEnabled,msEdgeMouseGestureSupported,msEdgeNewDeviceFre,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgePDFCMHighlightUX,msEdgePasswordIris,msEdgePasswordIrisSaveBubble,msEdgeProngPersonalization,msEdgeReadingView,msEdgeRose,msEdgeScreenshotUI,msEdgeSendTabToSelf,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingPersistentStorage,msEdgeShoppingUI,msEdgeSmartFind,msEdgeSuperDragDefaultEnabled,msEdgeSuperDragDropSupported,msEdgeTranslate,msEdgeUseCaptivePortalService,msEdgeWebCapture,msEdgeWebCaptureUniformExperience,msEdgeWebContentFilteringFeedback,msEdgeWorkSearchBanner,msEnableCustomJobMemoryLimitsOnXbox,msEnableMIPForPDF,msEnablePdfUpsell,msEnableThirdPartyScanning,msEnableWebSignInCta,msEnableWebToBrowserSignIn,msEndpointDlp,msEntityExtraction,msExtensionTelemetryFramework,msExternalTaskManager,msFileSystemAccessDirectoryIterationBlocklistCheck,msForceBrowserSignIn,msForeignSessionsPage,msGeolocationAccessService,msGeolocationOSLocationPermissionFallback,msGeolocationSQMService,msGeolocationService,msGrowthInfraLaunchSourceLogging,msGuidedSwitchAllowed,msHubPinPersist,msImplicitSignin,msIrm,msIrmv2,msKlarnaVirtualCard,msLlmConsumerDlpPurview,msLoadStatistics,msLogIsEdgePinnedToTaskbarOnLaunch,msMIPCrossTenantPdfViewSupport,msMdatpWebSiteDlp,msNotificationPermissionForPWA,msNumberOfSitesToPin,msNurturingGlobalSitePinningOnCloseModal,msNurturingSitePinningCITopSites,msNurturingSitePinningWithWindowsConsent,msOnHoverSearchInSidebar,msOpenOfficeDocumentsInWebViewer,msPasswordBreachDetection,msPdfAnnotationsVisibility,msPdfDataRecovery,msPdfDigitalSignatureRead,msPdfFreeText,msPdfFreeTextForCJK,msPdfHighlightMode,msPdfInking,msPdfKeyphraseSupport,msPdfOOUI,msPdfPopupMarkerRenderer,msPdfShare,msPdfSharedLibrary,msPdfTextNote,msPdfTextNoteMoreMenu,msPdfThumbnailCache,msPdfUnderside,msPdfViewRestore,msPersonalizationUMA,msPriceComparison,msPromptDefaultHandlerForPDF,msReactiveSearch,msReadAloud,msReadAloudPdf,msRedirectToShoreline,msRevokeExtensions,msSaasDlp,msShoppingTrigger,msShorelineSearch,msShorelineSearchFindOnPageWebUI,msShowOfflineGameEntrance,msShowReadAloudIconInAddressBar,msShowUXForAADPrtSSOForNonAADProfile,msSitePinningWithoutUi,msSmartScreenProtection,msSuspendMessageForNewSessionWhenHavingPendingNavigation,msSyncEdgeCollections,msTabResourceStats,msTokenizationAutofillInlineEnabled,msTouchMode,msTriggeringSignalGenerator,msUserUnderstanding,msVideoSuperResolutionUI,msWalletBuyNow,msWalletCheckout,msWalletDiagnosticDataLogger,msWalletHubEntry,msWalletHubIntlP3,msWalletPartialCard,msWalletPasswordCategorization,msWalletPasswordCategorizationPlatformExpansion,msWalletTokenizationCardMetadata,msWalletTokenizedAutofill,msWebAssist,msWebAssistHistorySearchService,msWebOOUI,msWindowsUserActivities,msZipPayVirtualCard --variations-seed-version --mojo-platform-channel-handle=3236 /prefetch:1

C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\139.0.3405.102\msedgewebview2.exe

—

msedgewebview2.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge WebView2

Version:

139.0.3405.102

Modules

Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\139.0.3405.102\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\139.0.3405.102\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1592

"C:\Users\admin\AppData\Local\Temp\Modrinth App_0.10.7_x64-setup.exe"

C:\Users\admin\AppData\Local\Temp\Modrinth App_0.10.7_x64-setup.exe

explorer.exe

User:

admin

Integrity Level:

MEDIUM

Description:

Modrinth App

Exit code:

Version:

0.10.7

Modules

Images
c:\users\admin\appdata\local\temp\modrinth app_0.10.7_x64-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll

2220

C:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe /silent /install

C:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

—

Modrinth App_0.10.7_x64-setup.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge Update Setup

Exit code:

Version:

1.3.195.65

Modules

Images
c:\users\admin\appdata\local\temp\microsoftedgewebview2setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll

2620

"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.65\MicrosoftEdgeUpdateComRegisterShell64.exe" /user

C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.65\MicrosoftEdgeUpdateComRegisterShell64.exe

—

MicrosoftEdgeUpdate.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge Update COM Registration Helper

Exit code:

Version:

1.3.195.65

Modules

Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.195.65\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll

2696

"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\139.0.3405.102\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\ModrinthApp\EBWebView" --webview-exe-name="Modrinth App.exe" --webview-exe-version=0.10.7 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-pre-read-main-dll --force-high-res-timeticks=disabled --gpu-preferences=SAAAAAAAAADgAAAIAAAAAAAAAAAAAGAAAQAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --always-read-main-dll --metrics-shmem-handle=1700,i,1548986814260288116,3740163521920939677,262144 --field-trial-handle=1864,i,17310353604443974993,12240872339884683838,262144 --enable-features=ForceSWDCompWhenDCompFallbackRequired,msAggressiveCacheTrimming,msCustomDataPartition,msWebView2NoTabForScreenShare,msWindowsTaskManager --disable-features=BackForwardCache,BackgroundTabLoadingFromPerformanceManager,CloseOmniboxPopupOnInactiveAreaClick,CollectAVProductsInfo,CollectCodeIntegrityInfo,EnableHangWatcher,FilterAdsOnAbusiveSites,GetWifiProtocol,LoginDetection,MediaFoundationCameraUsageMonitoring,PreconnectToSearch,SafetyHub,SegmentationPlatform,SpareRendererForSitePerProcess,Ukm,WebPayments,msAITrackerClassification,msAbydosForWindowlessWV2,msAffirmVirtualCard,msAllowChromeWebstore,msAllowMSAPrtSSOForNonMSAProfile,msApplicationGuard,msAskBeforeClosingMultipleTabs,msAutoToggleAADPrtSSOForNonAADProfile,msAutofillEdgeCoupons,msAutofillEdgeCouponsAutoApply,msAutofillEdgeServiceRequest,msAutofillEnableEdgeSuggestions,msAutomaticTabFreeze,msBrowserSettingsSupported,msCoarseGeolocationService,msDataProtection,msDesktopMode,msDesktopRewards,msDisableVariationsSeedFetchThrottling,msEEProactiveHistory,msETFOffstoreExtensionFileDataCollection,msETFPasswordTheftDNRActionSignals,msEdgeAdPlatformUI,msEdgeAddWebCapturetoCollections,msEdgeAutofillShowDeployedPassword,msEdgeCaptureSelectionInPDF,msEdgeCloudConfigService,msEdgeCloudConfigServiceV2,msEdgeCohorts,msEdgeCollectionsPrismExperiment1,msEdgeCollectionsPrismOverallMigration,msEdgeComposeNext,msEdgeEnableNurturingFramework,msEdgeEnclavePrefsBasic,msEdgeEnclavePrefsNotification,msEdgeFaviconService,msEdgeHJTelemetry,msEdgeHubAppSkype,msEdgeImageEditorUI,msEdgeLinkDoctor,msEdgeMouseGestureDefaultEnabled,msEdgeMouseGestureSupported,msEdgeNewDeviceFre,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgePDFCMHighlightUX,msEdgePasswordIris,msEdgePasswordIrisSaveBubble,msEdgeProngPersonalization,msEdgeReadingView,msEdgeRose,msEdgeScreenshotUI,msEdgeSendTabToSelf,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingPersistentStorage,msEdgeShoppingUI,msEdgeSmartFind,msEdgeSuperDragDefaultEnabled,msEdgeSuperDragDropSupported,msEdgeTranslate,msEdgeUseCaptivePortalService,msEdgeWebCapture,msEdgeWebCaptureUniformExperience,msEdgeWebContentFilteringFeedback,msEdgeWorkSearchBanner,msEnableCustomJobMemoryLimitsOnXbox,msEnableMIPForPDF,msEnablePdfUpsell,msEnableThirdPartyScanning,msEnableWebSignInCta,msEnableWebToBrowserSignIn,msEndpointDlp,msEntityExtraction,msExtensionTelemetryFramework,msExternalTaskManager,msFileSystemAccessDirectoryIterationBlocklistCheck,msForceBrowserSignIn,msForeignSessionsPage,msGeolocationAccessService,msGeolocationOSLocationPermissionFallback,msGeolocationSQMService,msGeolocationService,msGrowthInfraLaunchSourceLogging,msGuidedSwitchAllowed,msHubPinPersist,msImplicitSignin,msIrm,msIrmv2,msKlarnaVirtualCard,msLlmConsumerDlpPurview,msLoadStatistics,msLogIsEdgePinnedToTaskbarOnLaunch,msMIPCrossTenantPdfViewSupport,msMdatpWebSiteDlp,msNotificationPermissionForPWA,msNumberOfSitesToPin,msNurturingGlobalSitePinningOnCloseModal,msNurturingSitePinningCITopSites,msNurturingSitePinningWithWindowsConsent,msOnHoverSearchInSidebar,msOpenOfficeDocumentsInWebViewer,msPasswordBreachDetection,msPdfAnnotationsVisibility,msPdfDataRecovery,msPdfDigitalSignatureRead,msPdfFreeText,msPdfFreeTextForCJK,msPdfHighlightMode,msPdfInking,msPdfKeyphraseSupport,msPdfOOUI,msPdfPopupMarkerRenderer,msPdfShare,msPdfSharedLibrary,msPdfTextNote,msPdfTextNoteMoreMenu,msPdfThumbnailCache,msPdfUnderside,msPdfViewRestore,msPersonalizationUMA,msPriceComparison,msPromptDefaultHandlerForPDF,msReactiveSearch,msReadAloud,msReadAloudPdf,msRedirectToShoreline,msRevokeExtensions,msSaasDlp,msShoppingTrigger,msShorelineSearch,msShorelineSearchFindOnPageWebUI,msShowOfflineGameEntrance,msShowReadAloudIconInAddressBar,msShowUXForAADPrtSSOForNonAADProfile,msSitePinningWithoutUi,msSmartScreenProtection,msSuspendMessageForNewSessionWhenHavingPendingNavigation,msSyncEdgeCollections,msTabResourceStats,msTokenizationAutofillInlineEnabled,msTouchMode,msTriggeringSignalGenerator,msUserUnderstanding,msVideoSuperResolutionUI,msWalletBuyNow,msWalletCheckout,msWalletDiagnosticDataLogger,msWalletHubEntry,msWalletHubIntlP3,msWalletPartialCard,msWalletPasswordCategorization,msWalletPasswordCategorizationPlatformExpansion,msWalletTokenizationCardMetadata,msWalletTokenizedAutofill,msWebAssist,msWebAssistHistorySearchService,msWebOOUI,msWindowsUserActivities,msZipPayVirtualCard --variations-seed-version --mojo-platform-channel-handle=1856 /prefetch:2

C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\139.0.3405.102\msedgewebview2.exe

—

msedgewebview2.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge WebView2

Version:

139.0.3405.102

Modules

Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\139.0.3405.102\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\139.0.3405.102\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll

3688

"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\139.0.3405.102\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\ModrinthApp\EBWebView" --webview-exe-name="Modrinth App.exe" --webview-exe-version=0.10.7 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --force-high-res-timeticks=disabled --autoplay-policy=no-user-gesture-required --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--expose-gc --ms-user-locale=" --always-read-main-dll --metrics-shmem-handle=4148,i,459240178801129119,9094620679274479827,2097152 --field-trial-handle=1864,i,17310353604443974993,12240872339884683838,262144 --enable-features=ForceSWDCompWhenDCompFallbackRequired,msAggressiveCacheTrimming,msCustomDataPartition,msWebView2NoTabForScreenShare,msWindowsTaskManager --disable-features=BackForwardCache,BackgroundTabLoadingFromPerformanceManager,CloseOmniboxPopupOnInactiveAreaClick,CollectAVProductsInfo,CollectCodeIntegrityInfo,EnableHangWatcher,FilterAdsOnAbusiveSites,GetWifiProtocol,LoginDetection,MediaFoundationCameraUsageMonitoring,PreconnectToSearch,SafetyHub,SegmentationPlatform,SpareRendererForSitePerProcess,Ukm,WebPayments,msAITrackerClassification,msAbydosForWindowlessWV2,msAffirmVirtualCard,msAllowChromeWebstore,msAllowMSAPrtSSOForNonMSAProfile,msApplicationGuard,msAskBeforeClosingMultipleTabs,msAutoToggleAADPrtSSOForNonAADProfile,msAutofillEdgeCoupons,msAutofillEdgeCouponsAutoApply,msAutofillEdgeServiceRequest,msAutofillEnableEdgeSuggestions,msAutomaticTabFreeze,msBrowserSettingsSupported,msCoarseGeolocationService,msDataProtection,msDesktopMode,msDesktopRewards,msDisableVariationsSeedFetchThrottling,msEEProactiveHistory,msETFOffstoreExtensionFileDataCollection,msETFPasswordTheftDNRActionSignals,msEdgeAdPlatformUI,msEdgeAddWebCapturetoCollections,msEdgeAutofillShowDeployedPassword,msEdgeCaptureSelectionInPDF,msEdgeCloudConfigService,msEdgeCloudConfigServiceV2,msEdgeCohorts,msEdgeCollectionsPrismExperiment1,msEdgeCollectionsPrismOverallMigration,msEdgeComposeNext,msEdgeEnableNurturingFramework,msEdgeEnclavePrefsBasic,msEdgeEnclavePrefsNotification,msEdgeFaviconService,msEdgeHJTelemetry,msEdgeHubAppSkype,msEdgeImageEditorUI,msEdgeLinkDoctor,msEdgeMouseGestureDefaultEnabled,msEdgeMouseGestureSupported,msEdgeNewDeviceFre,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgePDFCMHighlightUX,msEdgePasswordIris,msEdgePasswordIrisSaveBubble,msEdgeProngPersonalization,msEdgeReadingView,msEdgeRose,msEdgeScreenshotUI,msEdgeSendTabToSelf,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingPersistentStorage,msEdgeShoppingUI,msEdgeSmartFind,msEdgeSuperDragDefaultEnabled,msEdgeSuperDragDropSupported,msEdgeTranslate,msEdgeUseCaptivePortalService,msEdgeWebCapture,msEdgeWebCaptureUniformExperience,msEdgeWebContentFilteringFeedback,msEdgeWorkSearchBanner,msEnableCustomJobMemoryLimitsOnXbox,msEnableMIPForPDF,msEnablePdfUpsell,msEnableThirdPartyScanning,msEnableWebSignInCta,msEnableWebToBrowserSignIn,msEndpointDlp,msEntityExtraction,msExtensionTelemetryFramework,msExternalTaskManager,msFileSystemAccessDirectoryIterationBlocklistCheck,msForceBrowserSignIn,msForeignSessionsPage,msGeolocationAccessService,msGeolocationOSLocationPermissionFallback,msGeolocationSQMService,msGeolocationService,msGrowthInfraLaunchSourceLogging,msGuidedSwitchAllowed,msHubPinPersist,msImplicitSignin,msIrm,msIrmv2,msKlarnaVirtualCard,msLlmConsumerDlpPurview,msLoadStatistics,msLogIsEdgePinnedToTaskbarOnLaunch,msMIPCrossTenantPdfViewSupport,msMdatpWebSiteDlp,msNotificationPermissionForPWA,msNumberOfSitesToPin,msNurturingGlobalSitePinningOnCloseModal,msNurturingSitePinningCITopSites,msNurturingSitePinningWithWindowsConsent,msOnHoverSearchInSidebar,msOpenOfficeDocumentsInWebViewer,msPasswordBreachDetection,msPdfAnnotationsVisibility,msPdfDataRecovery,msPdfDigitalSignatureRead,msPdfFreeText,msPdfFreeTextForCJK,msPdfHighlightMode,msPdfInking,msPdfKeyphraseSupport,msPdfOOUI,msPdfPopupMarkerRenderer,msPdfShare,msPdfSharedLibrary,msPdfTextNote,msPdfTextNoteMoreMenu,msPdfThumbnailCache,msPdfUnderside,msPdfViewRestore,msPersonalizationUMA,msPriceComparison,msPromptDefaultHandlerForPDF,msReactiveSearch,msReadAloud,msReadAloudPdf,msRedirectToShoreline,msRevokeExtensions,msSaasDlp,msShoppingTrigger,msShorelineSearch,msShorelineSearchFindOnPageWebUI,msShowOfflineGameEntrance,msShowReadAloudIconInAddressBar,msShowUXForAADPrtSSOForNonAADProfile,msSitePinningWithoutUi,msSmartScreenProtection,msSuspendMessageForNewSessionWhenHavingPendingNavigation,msSyncEdgeCollections,msTabResourceStats,msTokenizationAutofillInlineEnabled,msTouchMode,msTriggeringSignalGenerator,msUserUnderstanding,msVideoSuperResolutionUI,msWalletBuyNow,msWalletCheckout,msWalletDiagnosticDataLogger,msWalletHubEntry,msWalletHubIntlP3,msWalletPartialCard,msWalletPasswordCategorization,msWalletPasswordCategorizationPlatformExpansion,msWalletTokenizationCardMetadata,msWalletTokenizedAutofill,msWebAssist,msWebAssistHistorySearchService,msWebOOUI,msWindowsUserActivities,msZipPayVirtualCard --variations-seed-version --mojo-platform-channel-handle=4144 /prefetch:1

C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\139.0.3405.102\msedgewebview2.exe

—

msedgewebview2.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge WebView2

Version:

139.0.3405.102

Modules

Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\139.0.3405.102\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\139.0.3405.102\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

4088

"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" -Embedding

C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

svchost.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge Update

Exit code:

Version:

1.3.195.65

Modules

Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll

4172

"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNjUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNjUiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7QkIzOUY5RUItOTg5NC00RDk5LUEzQUYtNThENDZCMzA3OTU1fSIgdXNlcmlkPSJ7QTcxQzAyMUUtNDNFQi00QjVCLTkzQjQtMTkwQjNCNThGMUNFfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFQzQxQzUxQi1FOEQzLTQ5RjEtQTZDQS1DMjkxMDg1NjYxMDh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzkuMC4zNDA1LjEwMiIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNjM1NDM4NDcwMiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE2MzU0Mzg0NzAyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTY0OTk5NzEwMjkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2JlOTEwNTBkLTFjMWMtNGY4MC1iOTMwLThlMDVhNDU5MTY2Mj9QMT0xNzU2MzM4MzUwJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUhuRjZwbXN6YVlEZHI1VE9VSk9OQjRtZzhvbnFRcU96M2VyZmhWRGR0emVoMmJUJTJmVVNoVWNuUHJBcHBMSDJJJTJiNTRRTEE3SmVEU21OMGVPQlBZY0RWQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE4Mjc4ODY4OCIgdG90YWw9IjE4Mjc4ODY4OCIgZG93bmxvYWRfdGltZV9tcz0iMTEwMjgiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNjUwMDEyNzYwOCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE2NTIxMjIyNDEyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNjg1Nzk2NTg5NyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjczNCIgZG93bmxvYWRfdGltZV9tcz0iMTQ1NTYiIGRvd25sb2FkZWQ9IjE4Mjc4ODY4OCIgdG90YWw9IjE4Mjc4ODY4OCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMzM2NzQiLz48L2FwcD48L3JlcXVlc3Q-

C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

MicrosoftEdgeUpdate.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge Update

Exit code:

Version:

1.3.195.65

Modules

Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll

4748

"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.65\MicrosoftEdgeUpdateComRegisterShell64.exe" /user

C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.65\MicrosoftEdgeUpdateComRegisterShell64.exe

—

MicrosoftEdgeUpdate.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge Update COM Registration Helper

Exit code:

Version:

1.3.195.65

Modules

Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.195.65\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll

Add for printing

Total events

14 733

Read events

13 066

Write events

1 600

Delete events

Modification events


(PID) Process:	(4836) MicrosoftEdgeUpdate.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:	write	Name:	path
Value: C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(PID) Process:	(4836) MicrosoftEdgeUpdate.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:	write	Name:	UninstallCmdLine
Value: "C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /uninstall
(PID) Process:	(4836) MicrosoftEdgeUpdate.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:	write	Name:	pv
Value: 1.3.195.65
(PID) Process:	(4836) MicrosoftEdgeUpdate.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:	write	Name:	name
Value: Microsoft Edge Update
(PID) Process:	(4836) MicrosoftEdgeUpdate.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:	write	Name:	pv
Value: 1.3.195.65
(PID) Process:	(4836) MicrosoftEdgeUpdate.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:	write	Name:	Microsoft Edge Update
Value: "C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.65\MicrosoftEdgeUpdateCore.exe"
(PID) Process:	(4836) MicrosoftEdgeUpdate.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:	write	Name:	edgeupdate_task_name_c
Value: MicrosoftEdgeUpdateTaskUserS-1-5-21-1693682860-607145093-2874071422-1001Core{4D05CEA0-A5A2-41FC-8F5B-A60130260D9A}
(PID) Process:	(4836) MicrosoftEdgeUpdate.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:	write	Name:	edgeupdate_task_name_ua
Value: MicrosoftEdgeUpdateTaskUserS-1-5-21-1693682860-607145093-2874071422-1001UA{A8825DB2-B0A8-4E51-9820-97B4C8F77B9B}
(PID) Process:	(4748) MicrosoftEdgeUpdateComRegisterShell64.exe	Key:	HKEY_CLASSES_ROOT\CLSID\{D8599F80-3D26-46D2-8CF1-0AD21B0ECF31}\InProcServer32
Operation:	write	Name:	ThreadingModel
Value: Both
(PID) Process:	(4836) MicrosoftEdgeUpdate.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:	delete value	Name:	eulaaccepted
Value:

Add for printing

Executable files

214

Suspicious files

127

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
2220	MicrosoftEdgeWebview2Setup.exe	C:\Users\admin\AppData\Local\Temp\EUEA7A.tmp\msedgeupdate.dll		executable
		MD5:FADF3B40EA0BE2351EA8CBE57D5116F8	SHA256:E2C8B7BD5B0095F08E9A3C4142C81936B0946394E7CD0A83B8C171C44CAD3A1C
1592	Modrinth App_0.10.7_x64-setup.exe	C:\Users\admin\AppData\Local\Temp\nsvCD5F.tmp\nsDialogs.dll		executable
		MD5:6C3F8C94D0727894D706940A8A980543	SHA256:56B96ADD1978B1ABBA286F7F8982B0EFBE007D4A48B3DED6A4D408E01D753FE2
2220	MicrosoftEdgeWebview2Setup.exe	C:\Users\admin\AppData\Local\Temp\EUEA7A.tmp\MicrosoftEdgeUpdateBroker.exe		executable
		MD5:1AB505E831556BD56A75038062536E8E	SHA256:C438D3598CE4D2166AB2A636A585FF2C6E866E1355CB149DAA1C815488431D41
2220	MicrosoftEdgeWebview2Setup.exe	C:\Users\admin\AppData\Local\Temp\EUEA7A.tmp\MicrosoftEdgeUpdate.exe		executable
		MD5:00F783B313796440834D82778F2850E5	SHA256:F4CE25C64DA2142B2CB7D9C5B0F1540D1718E4A5CEF38683634E7BA2636D7D7B
2220	MicrosoftEdgeWebview2Setup.exe	C:\Users\admin\AppData\Local\Temp\EUEA7A.tmp\MicrosoftEdgeComRegisterShellARM64.exe		—
		MD5:B9690BC05B42CDAF092162A50806264C	SHA256:FF577F4C29A184A37014992DE44549BD81DFF20997D8DEAF55DF509F3D33ED1C
2220	MicrosoftEdgeWebview2Setup.exe	C:\Users\admin\AppData\Local\Temp\EUEA7A.tmp\psmachine.dll		executable
		MD5:EAD519174ECE77F205B731C834FA1254	SHA256:1CC5C90531D6DE53BD1953F61ABABCFF1E925D4A86D1FEE2EB085E1C5AB1A308
2220	MicrosoftEdgeWebview2Setup.exe	C:\Users\admin\AppData\Local\Temp\EUEA7A.tmp\EdgeUpdate.dat		binary
		MD5:369BBC37CFF290ADB8963DC5E518B9B8	SHA256:3D7EC761BEF1B1AF418B909F1C81CE577C769722957713FDAFBC8131B0A0C7D3
1592	Modrinth App_0.10.7_x64-setup.exe	C:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe		executable
		MD5:FB7FF07F000EF3F6EBF22B0044F0DC13	SHA256:1BDCFC30FD8F711134DDC400C39C126A7678ED5717E9E3A320BBF4F4E4DA2ED4
1592	Modrinth App_0.10.7_x64-setup.exe	C:\Users\admin\AppData\Local\Temp\nsvCD5F.tmp\modern-wizard.bmp		image
		MD5:CBE40FD2B1EC96DAEDC65DA172D90022	SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
1592	Modrinth App_0.10.7_x64-setup.exe	C:\Users\admin\AppData\Local\Temp\nsvCD5F.tmp\NSISdl.dll		executable
		MD5:EE68463FED225C5C98D800BDBD205598	SHA256:419485A096BC7D95F872ED1B9B7B5C537231183D710363BEEE4D235BB79DBE04

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
72	svchost.exe	GET	200	184.30.131.245:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	US	binary	471 b	whitelisted
4080	svchost.exe	HEAD	200	217.20.57.36:80	http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/be91050d-1c1c-4f80-b930-8e05a4591662?P1=1756338350&P2=404&P3=2&P4=HnF6pmszaYDdr5TOUJONB4mg8onqQqOz3erfhVDdtzeh2bT%2fUShUcnPrAppLH2I%2b54QLA7JeDSmN0eOBPYcDVA%3d%3d	US	—	—	whitelisted
1268	svchost.exe	GET	200	23.3.109.244:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	DE	binary	814 b	whitelisted
1592	Modrinth App_0.10.7_x64-setup.exe	GET	301	23.35.238.131:80	http://go.microsoft.com/fwlink/p/?LinkId=2124703	DE	—	—	whitelisted
1592	Modrinth App_0.10.7_x64-setup.exe	GET	200	23.48.23.55:80	http://msedge.sf.dl.delivery.mp.microsoft.com/filestreamingservice/files/f2910a1e-e5a6-4f17-b52d-7faf525d17f8/MicrosoftEdgeWebview2Setup.exe	DE	executable	1.57 Mb	whitelisted
4080	svchost.exe	GET	—	217.20.57.36:80	http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/be91050d-1c1c-4f80-b930-8e05a4591662?P1=1756338350&P2=404&P3=2&P4=HnF6pmszaYDdr5TOUJONB4mg8onqQqOz3erfhVDdtzeh2bT%2fUShUcnPrAppLH2I%2b54QLA7JeDSmN0eOBPYcDVA%3d%3d	US	—	—	whitelisted
1268	svchost.exe	GET	200	23.216.77.36:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	DE	binary	825 b	whitelisted
2112	SIHClient.exe	GET	200	23.35.229.160:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl	DE	binary	420 b	whitelisted
2112	SIHClient.exe	GET	200	23.35.229.160:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl	DE	binary	407 b	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:137	—	—	—	whitelisted
1268	svchost.exe	51.104.136.2:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
5944	MoUsoCoreWorker.exe	51.104.136.2:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
4024	RUXIMICS.exe	51.104.136.2:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
1592	Modrinth App_0.10.7_x64-setup.exe	23.35.238.131:80	go.microsoft.com	AKAMAI-AS	DE	whitelisted
1592	Modrinth App_0.10.7_x64-setup.exe	23.48.23.55:80	msedge.sf.dl.delivery.mp.microsoft.com	Akamai International B.V.	DE	whitelisted
72	svchost.exe	40.126.31.71:443	login.live.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
72	svchost.exe	184.30.131.245:80	ocsp.digicert.com	AKAMAI-AS	US	whitelisted
760	MicrosoftEdgeUpdate.exe	52.123.243.92:443	config.edge.skype.com	MICROSOFT-CORP-MSN-AS-BLOCK	DE	whitelisted

DNS requests

Domain	IP	Reputation
google.com	142.250.184.238	whitelisted
go.microsoft.com	23.35.238.131	whitelisted
msedge.sf.dl.delivery.mp.microsoft.com	23.48.23.55 23.48.23.21 23.48.23.28	whitelisted
login.live.com	40.126.31.71 20.190.159.23 20.190.159.71 40.126.31.69 40.126.31.0 20.190.159.75 20.190.159.4 40.126.31.129	whitelisted
ocsp.digicert.com	184.30.131.245	whitelisted
config.edge.skype.com	52.123.243.92 52.123.243.93 52.123.224.64 150.171.22.17	whitelisted
msedge.api.cdp.microsoft.com	20.165.94.46	whitelisted
settings-win.data.microsoft.com	51.124.78.146	whitelisted
crl.microsoft.com	23.216.77.36 23.216.77.25 23.216.77.28 23.216.77.20 23.216.77.6	whitelisted
www.microsoft.com	23.3.109.244 23.35.229.160	whitelisted

Threats

PID	Process	Class	Message
1592	Modrinth App_0.10.7_x64-setup.exe	Misc activity	ET INFO Packed Executable Download
4080	svchost.exe	Misc activity	ET INFO Packed Executable Download
6128	msedgewebview2.exe	Misc activity	ET INFO Free Online Form Builder Domain in DNS Lookup (tally .so)
6128	msedgewebview2.exe	Misc activity	ET INFO Free Online Form Builder Domain in DNS Lookup (tally .so)
6128	msedgewebview2.exe	Generic Protocol Command Decode	SURICATA QUIC failed decrypt
6128	msedgewebview2.exe	Generic Protocol Command Decode	SURICATA QUIC failed decrypt
6128	msedgewebview2.exe	Generic Protocol Command Decode	SURICATA QUIC failed decrypt
6128	msedgewebview2.exe	Generic Protocol Command Decode	SURICATA QUIC failed decrypt
6128	msedgewebview2.exe	Generic Protocol Command Decode	SURICATA QUIC failed decrypt
6128	msedgewebview2.exe	Generic Protocol Command Decode	SURICATA QUIC failed decrypt

Add for printing

Process	Message
msedgewebview2.exe	RecursiveDirectoryCreate( C:\Users\admin\AppData\Local\ModrinthApp directory exists )

General Info

Modrinth App_0.10.7_x64-setup.exe

3A7A26626243C3C6689884D3260863A2

4DBB307E90341CEC362058C1767CEB6A3949421F

A329F825984EC42C23CF983400B3304F10EB44AC4DA36CAACFAFBB09813410B6

98304:uJ88U71GHyUpdlqooBSMWPJEFWqHBTZYu3bpgofEiXSsgHGEQ4/GaD9X0f+PV1lm:ugJynFqHd1n1HaFA9H

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

Changes the autorun value in the registry

The DLL Hijacking

SUSPICIOUS

Starts a Microsoft application from unusual location

Searches for installed software

Malware-specific behavior (creating "System.dll" in Temp)

The process creates files with name similar to system file names

Process drops legitimate windows executable

Starts itself from another location

Creates/Modifies COM task schedule object

Reads security settings of Internet Explorer

There is functionality for taking screenshot (YARA)

Application launched itself

Creates a software uninstall entry

INFO

Reads the computer name

Checks supported languages

Create files in a temporary directory

The sample compiled with english language support

Checks proxy server information

Launching a file from a Registry key

Creates files or folders in the user directory

Reads Environment values

Process checks computer location settings

Reads the machine GUID from the registry

Reads the software policy settings

Reads product name

Manual execution by a user

Reads CPU info

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats