File name:

liquidlauncher_0.3.0_x64_en-US.msi

Full analysis: https://app.any.run/tasks/0906d3d6-5bcc-4ded-a7a4-ca2002f6f297
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: August 11, 2024, 22:01:08
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
generated-doc
loader
qrcode
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: liquidlauncher, Author: CCBlueX, Keywords: Installer, Comments: This installer database contains the logic and data required to install liquidlauncher., Template: x64;0, Revision Number: {62EC839C-C40F-4104-9AEA-E6DA7C22520D}, Create Time/Date: Mon Jul 1 07:46:54 2024, Last Saved Time/Date: Mon Jul 1 07:46:54 2024, Number of Pages: 450, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
MD5:

723D227589B2292CCAD10025944B0073

SHA1:

4312057F848E0A412884EC7C3186E4F2C99AF531

SHA256:

19C120E8809D2314DB86A2BFEBC677F9733FDC1874DE0EF2248F904460F9B271

SSDEEP:

98304:+x9ZXC0mmoBBgTHAtJz3e86jhFyn7ztCmgrG4UaJV5oJ8qIdWO1yb+mRC+eYUVpK:DEXT5vQMCC9ReV6ZbXu

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Run PowerShell with an invisible window

      • powershell.exe (PID: 3268)

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 4132)

    • Scans artifacts that could help determine the target

      • msedgewebview2.exe (PID: 2608)

    • The DLL Hijacking

      • msedgewebview2.exe (PID: 7492)

  • SUSPICIOUS

    • Drops the executable file immediately after the start

      • msiexec.exe (PID: 6420)
      • msiexec.exe (PID: 6512)
      • powershell.exe (PID: 3268)
      • MicrosoftEdgeWebview2Setup.exe (PID: 4704)
      • MicrosoftEdgeUpdate.exe (PID: 4132)
      • MicrosoftEdgeUpdate.exe (PID: 5112)
      • MicrosoftEdge_X64_127.0.2651.98.exe (PID: 7964)
      • setup.exe (PID: 8032)
      • msedgewebview2.exe (PID: 7988)
      • msedgewebview2.exe (PID: 4576)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 6512)

    • Executes as Windows Service

      • VSSVC.exe (PID: 6808)

    • Starts POWERSHELL.EXE for commands execution

      • msiexec.exe (PID: 6512)

    • Request a resource from the Internet using PowerShell's cmdlet

      • msiexec.exe (PID: 6512)

    • Downloads file from URI

      • powershell.exe (PID: 3268)

    • The process bypasses the loading of PowerShell profile settings

      • msiexec.exe (PID: 6512)

    • Gets or sets the security protocol (POWERSHELL)

      • powershell.exe (PID: 3268)

    • Powershell scripting: start process

      • msiexec.exe (PID: 6512)

    • Executable content was dropped or overwritten

      • powershell.exe (PID: 3268)
      • MicrosoftEdgeWebview2Setup.exe (PID: 4704)
      • MicrosoftEdgeUpdate.exe (PID: 4132)
      • setup.exe (PID: 8032)
      • MicrosoftEdge_X64_127.0.2651.98.exe (PID: 7964)
      • msedgewebview2.exe (PID: 4576)

    • Process drops legitimate windows executable

      • powershell.exe (PID: 3268)
      • MicrosoftEdgeWebview2Setup.exe (PID: 4704)
      • MicrosoftEdgeUpdate.exe (PID: 4132)
      • MicrosoftEdgeUpdate.exe (PID: 5112)
      • MicrosoftEdge_X64_127.0.2651.98.exe (PID: 7964)
      • setup.exe (PID: 8032)
      • msedgewebview2.exe (PID: 4576)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 4704)
      • MicrosoftEdgeUpdate.exe (PID: 4132)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 4132)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3356)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5920)
      • MicrosoftEdgeUpdate.exe (PID: 3324)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6188)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 4132)
      • MicrosoftEdgeUpdate.exe (PID: 5112)
      • msiexec.exe (PID: 6592)
      • msedgewebview2.exe (PID: 2608)

    • Reads the date of Windows installation

      • MicrosoftEdgeUpdate.exe (PID: 4132)
      • msiexec.exe (PID: 6592)

    • Potential Corporate Privacy Violation

      • MicrosoftEdgeUpdate.exe (PID: 5112)

    • Checks Windows Trust Settings

      • MicrosoftEdgeUpdate.exe (PID: 5112)

    • Application launched itself

      • setup.exe (PID: 8032)
      • MicrosoftEdgeUpdate.exe (PID: 5112)
      • msedgewebview2.exe (PID: 2608)

    • Searches for installed software

      • setup.exe (PID: 8032)
      • msedgewebview2.exe (PID: 2608)

    • Creates a software uninstall entry

      • setup.exe (PID: 8032)

  • INFO

    • Checks supported languages

      • msiexec.exe (PID: 6512)
      • msiexec.exe (PID: 6592)
      • MicrosoftEdgeWebview2Setup.exe (PID: 4704)
      • MicrosoftEdgeUpdate.exe (PID: 4132)
      • MicrosoftEdgeUpdate.exe (PID: 3324)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3356)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6188)
      • MicrosoftEdgeUpdate.exe (PID: 5064)
      • MicrosoftEdgeUpdate.exe (PID: 6412)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5920)
      • MicrosoftEdgeUpdate.exe (PID: 5112)
      • MicrosoftEdge_X64_127.0.2651.98.exe (PID: 7964)
      • setup.exe (PID: 8032)
      • setup.exe (PID: 8056)
      • MicrosoftEdgeUpdate.exe (PID: 7220)
      • msedgewebview2.exe (PID: 3032)
      • msedgewebview2.exe (PID: 2608)
      • liquidlauncher.exe (PID: 6032)
      • msedgewebview2.exe (PID: 7492)
      • msedgewebview2.exe (PID: 7452)
      • msedgewebview2.exe (PID: 6972)
      • msedgewebview2.exe (PID: 7512)
      • msedgewebview2.exe (PID: 7240)
      • TextInputHost.exe (PID: 7656)
      • msedgewebview2.exe (PID: 6640)
      • msedgewebview2.exe (PID: 4824)
      • msedgewebview2.exe (PID: 2680)
      • msedgewebview2.exe (PID: 7700)
      • msedgewebview2.exe (PID: 7876)
      • msedgewebview2.exe (PID: 692)
      • msedgewebview2.exe (PID: 7788)
      • msedgewebview2.exe (PID: 7660)
      • msedgewebview2.exe (PID: 6212)
      • msedgewebview2.exe (PID: 8140)
      • msedgewebview2.exe (PID: 8152)
      • msedgewebview2.exe (PID: 8160)
      • msedgewebview2.exe (PID: 1568)
      • msedgewebview2.exe (PID: 1044)
      • msedgewebview2.exe (PID: 6188)
      • msedgewebview2.exe (PID: 5064)
      • msedgewebview2.exe (PID: 6300)
      • msedgewebview2.exe (PID: 7020)
      • msedgewebview2.exe (PID: 2340)
      • msedgewebview2.exe (PID: 7276)
      • msedgewebview2.exe (PID: 8016)
      • msedgewebview2.exe (PID: 7368)
      • msedgewebview2.exe (PID: 7996)
      • msedgewebview2.exe (PID: 2960)
      • msedgewebview2.exe (PID: 2524)
      • msedgewebview2.exe (PID: 6652)
      • msedgewebview2.exe (PID: 2472)
      • msedgewebview2.exe (PID: 7968)
      • msedgewebview2.exe (PID: 8188)
      • msedgewebview2.exe (PID: 4316)
      • msedgewebview2.exe (PID: 7644)
      • msedgewebview2.exe (PID: 6256)
      • msedgewebview2.exe (PID: 6588)
      • msedgewebview2.exe (PID: 6992)
      • msedgewebview2.exe (PID: 7836)
      • msedgewebview2.exe (PID: 7760)
      • msedgewebview2.exe (PID: 8020)
      • msedgewebview2.exe (PID: 6268)
      • msedgewebview2.exe (PID: 7988)
      • msedgewebview2.exe (PID: 4576)

    • Reads the computer name

      • msiexec.exe (PID: 6512)
      • msiexec.exe (PID: 6592)
      • MicrosoftEdgeUpdate.exe (PID: 4132)
      • MicrosoftEdgeUpdate.exe (PID: 3324)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3356)
      • MicrosoftEdgeUpdate.exe (PID: 5064)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5920)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6188)
      • MicrosoftEdgeUpdate.exe (PID: 6412)
      • MicrosoftEdgeUpdate.exe (PID: 5112)
      • MicrosoftEdge_X64_127.0.2651.98.exe (PID: 7964)
      • setup.exe (PID: 8032)
      • MicrosoftEdgeUpdate.exe (PID: 7220)
      • msedgewebview2.exe (PID: 2608)
      • liquidlauncher.exe (PID: 6032)
      • msedgewebview2.exe (PID: 7492)
      • msedgewebview2.exe (PID: 7452)
      • TextInputHost.exe (PID: 7656)
      • msedgewebview2.exe (PID: 6212)
      • msedgewebview2.exe (PID: 7660)
      • msedgewebview2.exe (PID: 6268)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 6420)
      • msiexec.exe (PID: 6512)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 6512)

    • Disables trace logs

      • powershell.exe (PID: 3268)

    • Checks proxy server information

      • powershell.exe (PID: 3268)
      • MicrosoftEdgeUpdate.exe (PID: 5064)
      • MicrosoftEdgeUpdate.exe (PID: 5112)
      • MicrosoftEdgeUpdate.exe (PID: 7220)
      • msedgewebview2.exe (PID: 2608)
      • liquidlauncher.exe (PID: 6032)

    • The executable file from the user directory is run by the Powershell process

      • MicrosoftEdgeWebview2Setup.exe (PID: 4704)

    • Create files in a temporary directory

      • MicrosoftEdgeWebview2Setup.exe (PID: 4704)
      • MicrosoftEdgeUpdate.exe (PID: 4132)
      • MicrosoftEdgeUpdate.exe (PID: 5112)
      • msedgewebview2.exe (PID: 2608)

    • Creates files or folders in the user directory

      • MicrosoftEdgeUpdate.exe (PID: 4132)
      • MicrosoftEdgeUpdate.exe (PID: 5112)
      • MicrosoftEdge_X64_127.0.2651.98.exe (PID: 7964)
      • setup.exe (PID: 8056)
      • setup.exe (PID: 8032)
      • msedgewebview2.exe (PID: 2608)
      • liquidlauncher.exe (PID: 6032)
      • msedgewebview2.exe (PID: 3032)
      • msedgewebview2.exe (PID: 7452)
      • msedgewebview2.exe (PID: 6268)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 4132)
      • setup.exe (PID: 8032)
      • msiexec.exe (PID: 6592)
      • msedgewebview2.exe (PID: 2608)
      • msedgewebview2.exe (PID: 7512)
      • msedgewebview2.exe (PID: 7240)
      • msedgewebview2.exe (PID: 6640)
      • msedgewebview2.exe (PID: 4824)
      • msedgewebview2.exe (PID: 2680)
      • msedgewebview2.exe (PID: 7700)
      • msedgewebview2.exe (PID: 7876)
      • msedgewebview2.exe (PID: 7788)
      • msedgewebview2.exe (PID: 692)
      • msedgewebview2.exe (PID: 8152)
      • msedgewebview2.exe (PID: 8140)
      • msedgewebview2.exe (PID: 8160)
      • msedgewebview2.exe (PID: 1568)
      • msedgewebview2.exe (PID: 1044)
      • msedgewebview2.exe (PID: 5064)
      • msedgewebview2.exe (PID: 6188)
      • msedgewebview2.exe (PID: 7020)
      • msedgewebview2.exe (PID: 2340)
      • msedgewebview2.exe (PID: 7276)
      • msedgewebview2.exe (PID: 7996)
      • msedgewebview2.exe (PID: 2960)
      • msedgewebview2.exe (PID: 2524)
      • msedgewebview2.exe (PID: 6652)
      • msedgewebview2.exe (PID: 7644)
      • msedgewebview2.exe (PID: 4316)
      • msedgewebview2.exe (PID: 2472)
      • msedgewebview2.exe (PID: 7968)
      • msedgewebview2.exe (PID: 6256)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 5064)
      • MicrosoftEdgeUpdate.exe (PID: 7220)
      • liquidlauncher.exe (PID: 6032)
      • msedgewebview2.exe (PID: 2608)

    • Reads the software policy settings

      • MicrosoftEdgeUpdate.exe (PID: 5064)
      • MicrosoftEdgeUpdate.exe (PID: 5112)
      • MicrosoftEdgeUpdate.exe (PID: 7220)
      • liquidlauncher.exe (PID: 6032)

    • Reads the machine GUID from the registry

      • MicrosoftEdgeUpdate.exe (PID: 5112)
      • msedgewebview2.exe (PID: 2608)
      • msedgewebview2.exe (PID: 6268)

    • Reads product name

      • liquidlauncher.exe (PID: 6032)

    • Reads Microsoft Office registry keys

      • msedgewebview2.exe (PID: 2608)

    • Dropped object may contain TOR URL's

      • msedgewebview2.exe (PID: 7988)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Windows Installer (98.5)
.msi | Microsoft Installer (100)

EXIF

FlashPix

CodePage: Windows Latin 1 (Western European)
Title: Installation Database
Subject: liquidlauncher
Author: CCBlueX
Keywords: Installer
Comments: This installer database contains the logic and data required to install liquidlauncher.
Template: x64;0
RevisionNumber: {62EC839C-C40F-4104-9AEA-E6DA7C22520D}
CreateDate: 2024:07:01 07:46:54
ModifyDate: 2024:07:01 07:46:54
Pages: 450
Words: 2
Software: Windows Installer XML Toolset (3.11.2.4516)
Security: Read-only recommended
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
215
Monitored processes
72
Malicious processes
12
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msiexec.exe msiexec.exe msiexec.exe no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs powershell.exe conhost.exe no specs microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe microsoftedge_x64_127.0.2651.98.exe setup.exe setup.exe no specs microsoftedgeupdate.exe liquidlauncher.exe msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs textinputhost.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe

Process information

PID
CMD
Path
Indicators
Parent process
304"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\net.ccbluex.liquidlauncher\EBWebView" --webview-exe-name=liquidlauncher.exe --webview-exe-version=0.3.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=7128,i,12843961011452978932,11523146629444478455,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=7060 /prefetch:1C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
127.0.2651.98
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\127.0.2651.98\msedgewebview2.exe
c:\windows\system32\ntdll.dll
692"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\net.ccbluex.liquidlauncher\EBWebView" --webview-exe-name=liquidlauncher.exe --webview-exe-version=0.3.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=6276,i,12843961011452978932,11523146629444478455,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=6288 /prefetch:1C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
127.0.2651.98
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\127.0.2651.98\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\127.0.2651.98\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
840\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1044"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\net.ccbluex.liquidlauncher\EBWebView" --webview-exe-name=liquidlauncher.exe --webview-exe-version=0.3.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=7516,i,12843961011452978932,11523146629444478455,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=6716 /prefetch:1C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
127.0.2651.98
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\127.0.2651.98\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\127.0.2651.98\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1568"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\net.ccbluex.liquidlauncher\EBWebView" --webview-exe-name=liquidlauncher.exe --webview-exe-version=0.3.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=7264,i,12843961011452978932,11523146629444478455,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=7184 /prefetch:1C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
127.0.2651.98
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\127.0.2651.98\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\127.0.2651.98\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2340"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\net.ccbluex.liquidlauncher\EBWebView" --webview-exe-name=liquidlauncher.exe --webview-exe-version=0.3.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=7020,i,12843961011452978932,11523146629444478455,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=6248 /prefetch:1C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
127.0.2651.98
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\127.0.2651.98\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\127.0.2651.98\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2472"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\net.ccbluex.liquidlauncher\EBWebView" --webview-exe-name=liquidlauncher.exe --webview-exe-version=0.3.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=6880,i,12843961011452978932,11523146629444478455,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4480 /prefetch:1C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
127.0.2651.98
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\127.0.2651.98\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\127.0.2651.98\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2524"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\net.ccbluex.liquidlauncher\EBWebView" --webview-exe-name=liquidlauncher.exe --webview-exe-version=0.3.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=5980,i,12843961011452978932,11523146629444478455,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=5960 /prefetch:1C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
127.0.2651.98
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\127.0.2651.98\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\127.0.2651.98\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2608"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=liquidlauncher.exe --webview-exe-version=0.3.0 --user-data-dir="C:\Users\admin\AppData\Local\net.ccbluex.liquidlauncher\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --enable-features=MojoIpcz --lang=en-US --mojo-named-platform-channel-pipe=6032.4760.3321802195403822770C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe
liquidlauncher.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
127.0.2651.98
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\127.0.2651.98\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\127.0.2651.98\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2628\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSrTasks.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
42 360
Read events
38 340
Write events
3 915
Delete events
105

Modification events

(PID) Process:(6512) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
48000000000000005E0F38033AECDA0170190000881A0000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6512) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
48000000000000005E0F38033AECDA0170190000881A0000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6512) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
4800000000000000A06C78033AECDA0170190000881A0000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6512) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
4800000000000000A06C78033AECDA0170190000881A0000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6512) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
48000000000000000DCF7A033AECDA0170190000881A0000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6512) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
4800000000000000C9327D033AECDA0170190000881A0000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6512) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:writeName:LastIndex
Value:
11
(PID) Process:(6512) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Enter)
Value:
4800000000000000290BF2033AECDA0170190000881A0000D30700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6512) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\VssapiPublisher
Operation:writeName:IDENTIFY (Enter)
Value:
4800000000000000BE5BF4033AECDA0170190000F41A0000E80300000100000000000000000000004C405CE05A42C3478D065AFFBA37D30A00000000000000000000000000000000
(PID) Process:(6808) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\COM+ REGDB Writer
Operation:writeName:IDENTIFY (Enter)
Value:
4800000000000000B9E9FD033AECDA01981A00000C1B0000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
217
Suspicious files
627
Text files
111
Unknown types
31

Dropped files

PID
Process
Filename
Type
6512msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
6512msiexec.exeC:\Windows\Installer\eb477.msi
MD5:
SHA256:
6512msiexec.exeC:\Windows\Installer\eb479.msi
MD5:
SHA256:
6512msiexec.exeC:\System Volume Information\SPP\OnlineMetadataCache\{e05c404c-425a-47c3-8d06-5affba37d30a}_OnDiskSnapshotPropbinary
MD5:D3F2C9EF02BD60F6321D270B879254B4
SHA256:05709C134EBEED301065309C89003D1A341938653FA60E7D260935BF43327079
6512msiexec.exeC:\Windows\Installer\inprogressinstallinfo.ipibinary
MD5:2B1DFF37791BAC82DA0DFD62ADA591E1
SHA256:D9F83CF75690D64FF81050991A153C5F7BE0886F0E2AA1F06190F05802514914
6512msiexec.exeC:\Windows\Installer\MSIB89D.tmpbinary
MD5:B4074299A27F902CFF86201977AA2F0F
SHA256:772723B568F2C85A8EA40FD45E6244908E76217DFB8EFFB162A5DBC91BFEB647
6512msiexec.exeC:\Windows\Temp\~DFC3CF2CB9A439FF88.TMPbinary
MD5:BF619EAC0CDF3F68D496EA9344137E8B
SHA256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
6512msiexec.exeC:\Windows\Temp\~DFC09A43E18A0183DF.TMPbinary
MD5:A576FDAF7BDC246480AEA46165301D8C
SHA256:A43C57D1164B467917B2F604C8F7B671081194A4DE49359423D735350FD46F2A
6512msiexec.exeC:\Windows\Installer\{97B096A4-32C4-42A4-BCDB-8568FD8572E1}\ProductIconimage
MD5:8B3CEA8EC4A5EBAA1457EF0B7F0D45DF
SHA256:2026F1AA8B8EDBECA9869B1B73BCFD0B6C5FCD3A0512EBF89850596DC35F2F59
6512msiexec.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\liquidlauncher\liquidlauncher.lnklnk
MD5:4297346684BFFB5040631604CB193C7D
SHA256:78721695ABB561F2B689D2CA94B73ECCC727F344BAAC258E522FED9150CFB588
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
30
TCP/UDP connections
319
DNS requests
336
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5248
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
binary
471 b
whitelisted
7028
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
US
binary
471 b
whitelisted
7052
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
US
binary
471 b
whitelisted
8024
svchost.exe
HEAD
200
152.199.19.161:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/c78f9967-7a8c-44b0-ad94-732b63c89638?P1=1723482625&P2=404&P3=2&P4=SkWG9ygaMpflt9Ki86PPUBNBCMUNXSMav%2fG6TfwhGAvF9kzEv5Oo6evaQeiv0rmhfoAvZOpQtULOljqJXOZBRw%3d%3d
US
whitelisted
5112
MicrosoftEdgeUpdate.exe
GET
200
2.19.126.157:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/529a41cd-5c0c-4cd0-8061-b71feaa8a336?P1=1724018512&P2=404&P3=2&P4=JiKmeLa3EPNp6OtMjKMMMzLEU1WA%2brzCusao4VaorIPPbG%2fvgOGg3RZjLR1rX5%2bYa3nnCJ1o9koQkmIM7egf2A%3d%3d
DE
executable
164 Mb
whitelisted
8024
svchost.exe
GET
206
152.199.19.161:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/c78f9967-7a8c-44b0-ad94-732b63c89638?P1=1723482625&P2=404&P3=2&P4=SkWG9ygaMpflt9Ki86PPUBNBCMUNXSMav%2fG6TfwhGAvF9kzEv5Oo6evaQeiv0rmhfoAvZOpQtULOljqJXOZBRw%3d%3d
US
binary
1.09 Kb
whitelisted
8024
svchost.exe
GET
206
152.199.19.161:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/c78f9967-7a8c-44b0-ad94-732b63c89638?P1=1723482625&P2=404&P3=2&P4=SkWG9ygaMpflt9Ki86PPUBNBCMUNXSMav%2fG6TfwhGAvF9kzEv5Oo6evaQeiv0rmhfoAvZOpQtULOljqJXOZBRw%3d%3d
US
binary
1.81 Kb
whitelisted
8024
svchost.exe
GET
206
152.199.19.161:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/c78f9967-7a8c-44b0-ad94-732b63c89638?P1=1723482625&P2=404&P3=2&P4=SkWG9ygaMpflt9Ki86PPUBNBCMUNXSMav%2fG6TfwhGAvF9kzEv5Oo6evaQeiv0rmhfoAvZOpQtULOljqJXOZBRw%3d%3d
US
binary
9.62 Kb
whitelisted
8024
svchost.exe
GET
206
152.199.19.161:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/c78f9967-7a8c-44b0-ad94-732b63c89638?P1=1723482625&P2=404&P3=2&P4=SkWG9ygaMpflt9Ki86PPUBNBCMUNXSMav%2fG6TfwhGAvF9kzEv5Oo6evaQeiv0rmhfoAvZOpQtULOljqJXOZBRw%3d%3d
US
binary
3.37 Kb
whitelisted
8024
svchost.exe
GET
206
152.199.19.161:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/c78f9967-7a8c-44b0-ad94-732b63c89638?P1=1723482625&P2=404&P3=2&P4=SkWG9ygaMpflt9Ki86PPUBNBCMUNXSMav%2fG6TfwhGAvF9kzEv5Oo6evaQeiv0rmhfoAvZOpQtULOljqJXOZBRw%3d%3d
US
text
21.2 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
1128
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3476
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2120
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
1128
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5336
SearchApp.exe
95.100.146.19:443
www.bing.com
Akamai International B.V.
CZ
unknown
5248
svchost.exe
20.190.160.14:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
5336
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
  • 51.124.78.146
whitelisted
google.com
  • 216.58.212.174
whitelisted
www.bing.com
  • 95.100.146.19
  • 95.100.146.33
  • 95.100.146.27
  • 95.100.146.8
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 20.190.160.14
  • 40.126.32.134
  • 20.190.160.20
  • 40.126.32.74
  • 40.126.32.138
  • 20.190.160.17
  • 40.126.32.72
  • 20.190.160.22
whitelisted
client.wns.windows.com
  • 40.113.110.67
  • 20.197.71.89
whitelisted
th.bing.com
  • 95.100.146.8
  • 95.100.146.19
  • 95.100.146.33
  • 95.100.146.27
whitelisted
fd.api.iris.microsoft.com
  • 20.223.35.26
  • 20.223.36.55
whitelisted
arc.msn.com
  • 20.199.58.43
whitelisted
go.microsoft.com
  • 184.28.89.167
  • 184.30.17.189
whitelisted

Threats

PID
Process
Class
Message
5112
MicrosoftEdgeUpdate.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
7452
msedgewebview2.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
7452
msedgewebview2.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
7452
msedgewebview2.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
7452
msedgewebview2.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
Process
Message
msedgewebview2.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Local\net.ccbluex.liquidlauncher directory exists )
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
liquidlauncher_0.3.0_x64_en-US.msi