File name:

Mangadex-Desktop_0.1.3_x64_en-US.msi

Full analysis: https://app.any.run/tasks/e2e16f35-2c35-4895-9f81-45edf0fef056
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: December 21, 2024, 08:49:06
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
generated-doc
loader
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Mangadex-Desktop, Author: tonymushah, Keywords: Installer, Comments: This installer database contains the logic and data required to install Mangadex-Desktop., Template: x64;0, Revision Number: {3FC796D9-1061-4D6D-A583-6E000F036CE3}, Create Time/Date: Thu Feb 23 17:38:34 2023, Last Saved Time/Date: Thu Feb 23 17:38:34 2023, Number of Pages: 450, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
MD5:

FB270041F97D8D8B917663FB2F2BCCB5

SHA1:

0279C11608EBFB0E053575C2351B860E2C0AC313

SHA256:

5840230F7E939239E6508973B5EC22329AB3105B7C8A8C4BBF4B9C10B32035F9

SSDEEP:

98304:8EMtYVfc2Uv4P2RmhE14DCF6qFq5FnSrE/pKdH/ADA3y81brJRfX6Mte7i8DjwZ2:PrJLWyyBmsXNlP5iIQFV4zkRmn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Run PowerShell with an invisible window

      • powershell.exe (PID: 6364)

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 5712)

    • The DLL Hijacking

      • msedgewebview2.exe (PID: 5256)

    • Scans artifacts that could help determine the target

      • msedgewebview2.exe (PID: 2956)

  • SUSPICIOUS

    • Manipulates environment variables

      • powershell.exe (PID: 6364)

    • Starts process via Powershell

      • powershell.exe (PID: 6364)

    • Executes as Windows Service

      • VSSVC.exe (PID: 6668)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 6556)

    • Downloads file from URI via Powershell

      • powershell.exe (PID: 6364)

    • Starts POWERSHELL.EXE for commands execution

      • msiexec.exe (PID: 6556)

    • The process bypasses the loading of PowerShell profile settings

      • msiexec.exe (PID: 6556)

    • Gets or sets the security protocol (POWERSHELL)

      • powershell.exe (PID: 6364)

    • Executable content was dropped or overwritten

      • powershell.exe (PID: 6364)
      • MicrosoftEdgeUpdate.exe (PID: 5712)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5112)
      • setup.exe (PID: 6852)
      • MicrosoftEdge_X64_131.0.2903.112.exe (PID: 6944)

    • Process drops legitimate windows executable

      • MicrosoftEdgeWebview2Setup.exe (PID: 5112)
      • powershell.exe (PID: 6364)
      • MicrosoftEdgeUpdate.exe (PID: 5712)
      • MicrosoftEdge_X64_131.0.2903.112.exe (PID: 6944)
      • setup.exe (PID: 6852)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeUpdate.exe (PID: 5712)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5112)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 5712)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6924)
      • MicrosoftEdgeUpdate.exe (PID: 4120)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6864)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6988)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 5712)
      • MicrosoftEdgeUpdate.exe (PID: 6972)
      • msiexec.exe (PID: 6612)
      • msedgewebview2.exe (PID: 2956)

    • Checks Windows Trust Settings

      • MicrosoftEdgeUpdate.exe (PID: 6972)

    • Potential Corporate Privacy Violation

      • svchost.exe (PID: 628)

    • Searches for installed software

      • setup.exe (PID: 6852)

    • Application launched itself

      • MicrosoftEdgeUpdate.exe (PID: 6972)
      • msedgewebview2.exe (PID: 2956)
      • setup.exe (PID: 6852)

    • Creates a software uninstall entry

      • setup.exe (PID: 6852)

  • INFO

    • Reads the computer name

      • msiexec.exe (PID: 6556)
      • msiexec.exe (PID: 6612)
      • MicrosoftEdgeUpdate.exe (PID: 5712)
      • MicrosoftEdgeUpdate.exe (PID: 4120)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6924)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6864)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6988)
      • MicrosoftEdgeUpdate.exe (PID: 7044)
      • MicrosoftEdgeUpdate.exe (PID: 7016)
      • MicrosoftEdgeUpdate.exe (PID: 6972)
      • MicrosoftEdge_X64_131.0.2903.112.exe (PID: 6944)
      • MicrosoftEdgeUpdate.exe (PID: 1572)
      • msedgewebview2.exe (PID: 2956)
      • Mangadex-Desktop.exe (PID: 2976)
      • msedgewebview2.exe (PID: 5256)
      • msedgewebview2.exe (PID: 5880)
      • setup.exe (PID: 6852)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 6440)
      • msiexec.exe (PID: 6556)

    • Manages system restore points

      • SrTasks.exe (PID: 5460)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 6556)

    • Checks supported languages

      • msiexec.exe (PID: 6556)
      • msiexec.exe (PID: 6612)
      • MicrosoftEdgeUpdate.exe (PID: 5712)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5112)
      • MicrosoftEdgeUpdate.exe (PID: 4120)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6924)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6864)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6988)
      • MicrosoftEdgeUpdate.exe (PID: 7044)
      • MicrosoftEdgeUpdate.exe (PID: 7016)
      • MicrosoftEdgeUpdate.exe (PID: 6972)
      • MicrosoftEdge_X64_131.0.2903.112.exe (PID: 6944)
      • setup.exe (PID: 6852)
      • setup.exe (PID: 2744)
      • MicrosoftEdgeUpdate.exe (PID: 1572)
      • Mangadex-Desktop.exe (PID: 2976)
      • msedgewebview2.exe (PID: 2956)
      • msedgewebview2.exe (PID: 3436)
      • msedgewebview2.exe (PID: 5256)
      • msedgewebview2.exe (PID: 5880)
      • msedgewebview2.exe (PID: 2120)
      • msedgewebview2.exe (PID: 1080)
      • msedgewebview2.exe (PID: 3172)

    • An automatically generated document

      • msiexec.exe (PID: 6440)

    • Checks proxy server information

      • powershell.exe (PID: 6364)
      • MicrosoftEdgeUpdate.exe (PID: 7044)
      • MicrosoftEdgeUpdate.exe (PID: 6972)
      • MicrosoftEdgeUpdate.exe (PID: 1572)
      • msedgewebview2.exe (PID: 2956)

    • Disables trace logs

      • powershell.exe (PID: 6364)

    • The process uses the downloaded file

      • powershell.exe (PID: 6364)
      • msiexec.exe (PID: 6612)

    • The sample compiled with english language support

      • powershell.exe (PID: 6364)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5112)
      • MicrosoftEdgeUpdate.exe (PID: 5712)
      • svchost.exe (PID: 628)
      • MicrosoftEdge_X64_131.0.2903.112.exe (PID: 6944)
      • setup.exe (PID: 6852)

    • The executable file from the user directory is run by the Powershell process

      • MicrosoftEdgeWebview2Setup.exe (PID: 5112)

    • Create files in a temporary directory

      • MicrosoftEdgeUpdate.exe (PID: 5712)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5112)
      • svchost.exe (PID: 628)
      • msedgewebview2.exe (PID: 2956)

    • Creates files or folders in the user directory

      • MicrosoftEdgeUpdate.exe (PID: 5712)
      • MicrosoftEdgeUpdate.exe (PID: 6972)
      • MicrosoftEdge_X64_131.0.2903.112.exe (PID: 6944)
      • setup.exe (PID: 6852)
      • setup.exe (PID: 2744)
      • msedgewebview2.exe (PID: 2956)
      • msedgewebview2.exe (PID: 3436)
      • msedgewebview2.exe (PID: 5880)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 7044)
      • MicrosoftEdgeUpdate.exe (PID: 1572)
      • msedgewebview2.exe (PID: 2956)

    • Reads the software policy settings

      • MicrosoftEdgeUpdate.exe (PID: 6972)
      • MicrosoftEdgeUpdate.exe (PID: 7044)
      • MicrosoftEdgeUpdate.exe (PID: 1572)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 5712)
      • setup.exe (PID: 6852)
      • msiexec.exe (PID: 6612)
      • msedgewebview2.exe (PID: 2956)
      • msedgewebview2.exe (PID: 1080)
      • msedgewebview2.exe (PID: 3172)

    • Reads the machine GUID from the registry

      • MicrosoftEdgeUpdate.exe (PID: 6972)
      • msedgewebview2.exe (PID: 2956)

    • Sends debugging messages

      • msedgewebview2.exe (PID: 2956)
      • Mangadex-Desktop.exe (PID: 2976)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Windows Installer (98.5)
.msi | Microsoft Installer (100)

EXIF

FlashPix

CodePage: Windows Latin 1 (Western European)
Title: Installation Database
Subject: Mangadex-Desktop
Author: tonymushah
Keywords: Installer
Comments: This installer database contains the logic and data required to install Mangadex-Desktop.
Template: x64;0
RevisionNumber: {3FC796D9-1061-4D6D-A583-6E000F036CE3}
CreateDate: 2023:02:23 17:38:34
ModifyDate: 2023:02:23 17:38:34
Pages: 450
Words: 2
Software: Windows Installer XML Toolset (3.11.2.4516)
Security: Read-only recommended
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
161
Monitored processes
30
Malicious processes
10
Suspicious processes
1

Behavior graph

Click at the process to see the details
start msiexec.exe msiexec.exe msiexec.exe no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs powershell.exe conhost.exe no specs microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe svchost.exe microsoftedge_x64_131.0.2903.112.exe setup.exe setup.exe no specs microsoftedgeupdate.exe mangadex-desktop.exe msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
628C:\WINDOWS\System32\svchost.exe -k netsvcs -p -s BITSC:\Windows\System32\svchost.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
1080"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\com.tonymushah.dev\EBWebView" --webview-exe-name=Mangadex-Desktop.exe --webview-exe-version=0.1.3 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3420,i,16030260819549573408,14013515134336469439,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3496 /prefetch:1C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
131.0.2903.112
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\131.0.2903.112\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\131.0.2903.112\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1572"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzkiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7QTJFQTQ2RjktMkJDMy00OEVBLThCODUtRTE3NjVDODQ5QzZCfSIgdXNlcmlkPSJ7MUZCNzJEREYtMEE4Mi00MDQxLTgyMjEtQkM0RDAwQUM5MTUyfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins2RDZEMTMyMC1EMTI4LTRDMEMtOTc5MC1CNjkwMjU3QTdEQUJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSImcXVvdDtzemxOQkp1OXlEc3pmazlCUWdobWhFMmJCN00yekcvQzFCWjh5QS9rWWI0PSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzEuMC4yOTAzLjExMiIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzExNDA1OTE4MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzMTE0MzcyMjc2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM1Mjc2NTExNjciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzdkOWNkOTNjLTFkNWUtNDQ5Yi05YWQ3LWYxZThkNmI5MDUwOT9QMT0xNzM1Mzc1ODAxJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVFwZlRycWhWODNnb0tQNDFVelduUHh5YXRtSUdJUzlOVFFZTzJ4MXoyMFB0d3ZJT3ZNJTJiZXVPa25HdkI0JTJiVzh1MHpveE1MM3NkT3YlMmJYeXgxN3RQVnRBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTc2ODcwOTc2IiB0b3RhbD0iMTc2ODcwOTc2IiBkb3dubG9hZF90aW1lX21zPSIzNjQwNiIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzNTI3ODA3Nzg1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM1NTAxNTM3MzQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzOTQ3NDk3OTg5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNzk3IiBkb3dubG9hZF90aW1lX21zPSI0MTM0MyIgZG93bmxvYWRlZD0iMTc2ODcwOTc2IiB0b3RhbD0iMTc2ODcwOTc2IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSIzOTczNCIvPjwvYXBwPjwvcmVxdWVzdD4C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.39
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
1868\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2120"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\com.tonymushah.dev\EBWebView" --webview-exe-name=Mangadex-Desktop.exe --webview-exe-version=0.1.3 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2408,i,16030260819549573408,14013515134336469439,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2424 /prefetch:8C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
131.0.2903.112
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\131.0.2903.112\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\131.0.2903.112\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2744C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{FBE0436C-B2DD-41E9-AD50-280F677D7ED5}\EDGEMITMP_5BD29.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.205 --annotation=exe=C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{FBE0436C-B2DD-41E9-AD50-280F677D7ED5}\EDGEMITMP_5BD29.tmp\setup.exe --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.112 --initial-client-data=0x240,0x244,0x248,0x21c,0x24c,0x7ff6b9de2918,0x7ff6b9de2924,0x7ff6b9de2930C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{FBE0436C-B2DD-41E9-AD50-280F677D7ED5}\EDGEMITMP_5BD29.tmp\setup.exesetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
131.0.2903.112
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{fbe0436c-b2dd-41e9-ad50-280f677d7ed5}\edgemitmp_5bd29.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
2956"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Mangadex-Desktop.exe --webview-exe-version=0.1.3 --user-data-dir="C:\Users\admin\AppData\Local\com.tonymushah.dev\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --lang=en-US --mojo-named-platform-channel-pipe=2976.5592.15938385797921786567C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
Mangadex-Desktop.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
131.0.2903.112
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\131.0.2903.112\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\131.0.2903.112\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2976"C:\Program Files\Mangadex-Desktop\Mangadex-Desktop.exe" C:\Program Files\Mangadex-Desktop\Mangadex-Desktop.exe
msiexec.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Mangadex-Desktop
Version:
0.1.3
Modules
Images
c:\program files\mangadex-desktop\mangadex-desktop.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
3172"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\com.tonymushah.dev\EBWebView" --webview-exe-name=Mangadex-Desktop.exe --webview-exe-version=0.1.3 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4144,i,16030260819549573408,14013515134336469439,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4156 /prefetch:1C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
131.0.2903.112
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\131.0.2903.112\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\131.0.2903.112\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3436C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe --type=crashpad-handler --user-data-dir=C:\Users\admin\AppData\Local\com.tonymushah.dev\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\admin\AppData\Local\com.tonymushah.dev\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.205 --annotation=exe=C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=131.0.2903.112 --initial-client-data=0x184,0x188,0x18c,0x160,0x194,0x7ff820216070,0x7ff82021607c,0x7ff820216088C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
131.0.2903.112
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\131.0.2903.112\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\131.0.2903.112\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
21 345
Read events
18 494
Write events
2 766
Delete events
85

Modification events

(PID) Process:(6556) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
48000000000000008C0A0A428553DB019C190000FC190000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6556) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
48000000000000008C0A0A428553DB019C190000FC190000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6556) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
4800000000000000DBC54C428553DB019C190000FC190000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6556) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
4800000000000000DBC54C428553DB019C190000FC190000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6556) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
480000000000000064294F428553DB019C190000FC190000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6556) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
480000000000000095F253428553DB019C190000FC190000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6556) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:writeName:LastIndex
Value:
11
(PID) Process:(6668) VSSVC.exeKey:HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\11000001
Operation:delete keyName:(default)
Value:
(PID) Process:(6556) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Enter)
Value:
48000000000000004769C6428553DB019C190000FC190000D30700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6556) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\VssapiPublisher
Operation:writeName:IDENTIFY (Enter)
Value:
48000000000000004769C6428553DB019C190000681A0000E8030000010000000000000000000000EB93831B4C86574AA95740FF970543B300000000000000000000000000000000
Executable files
209
Suspicious files
163
Text files
35
Unknown types
16

Dropped files

PID
Process
Filename
Type
6556msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
6556msiexec.exeC:\Windows\Installer\13d739.msi
MD5:
SHA256:
6556msiexec.exeC:\Windows\Installer\13d73b.msi
MD5:
SHA256:
6556msiexec.exeC:\System Volume Information\SPP\OnlineMetadataCache\{1b8393eb-864c-4a57-a957-40ff970543b3}_OnDiskSnapshotPropbinary
MD5:0DE9E9A26870B80E409DB5C50E74B0F2
SHA256:45522533974F12702CA9C97CCBD29022AACCA01D2579A4E30FF2EE687E3DDE32
6556msiexec.exeC:\Program Files\Mangadex-Desktop\Uninstall Mangadex-Desktop.lnklnk
MD5:37427C4AD450820728AABCA3705E94F8
SHA256:DFE9CDA57845A5E442AAE8C4829126E51CA965867023FC1604567267BB74153C
6440msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI905C.tmpexecutable
MD5:4FDD16752561CF585FED1506914D73E0
SHA256:AECD2D2FE766F6D439ACC2BBF1346930ECC535012CF5AD7B3273D2875237B7E7
5112MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUF62B.tmp\msedgeupdate.dllexecutable
MD5:3F84AC83FA44FB5E069640648E1660E7
SHA256:17C62E9ED5BEBDCCE2AC0CB41A255C5F63F6544FB5AB148B6810617B854F6319
6556msiexec.exeC:\Users\Public\Desktop\Mangadex-Desktop.lnklnk
MD5:F2E2A3866DC090032D7EE2BFFF7D0617
SHA256:7C24D0EF997026D5A578E1CF36B7832CEF15B84F848E6FF6957E167773B7D6C6
6556msiexec.exeC:\System Volume Information\SPP\snapshot-2binary
MD5:0DE9E9A26870B80E409DB5C50E74B0F2
SHA256:45522533974F12702CA9C97CCBD29022AACCA01D2579A4E30FF2EE687E3DDE32
5112MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUF62B.tmp\MicrosoftEdgeUpdateBroker.exeexecutable
MD5:6513BF6501B147F7A6BB78F543C4A104
SHA256:829FE05CCF8C87A8B428BAE43CAFCA9434551EE5C80718C737D22548C9E7F342
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
41
DNS requests
27
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7128
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5968
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
7128
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
628
svchost.exe
HEAD
200
199.232.214.172:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/7d9cd93c-1d5e-449b-9ad7-f1e8d6b90509?P1=1735375801&P2=404&P3=2&P4=QpfTrqhV83goKP41UzWnPxyatmIGIS9NTQYO2x1z20PtwvIOvM%2beuOknGvB4%2bW8u0zoxML3sdOv%2bXyx17tPVtA%3d%3d
unknown
whitelisted
628
svchost.exe
GET
200
199.232.214.172:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/7d9cd93c-1d5e-449b-9ad7-f1e8d6b90509?P1=1735375801&P2=404&P3=2&P4=QpfTrqhV83goKP41UzWnPxyatmIGIS9NTQYO2x1z20PtwvIOvM%2beuOknGvB4%2bW8u0zoxML3sdOv%2bXyx17tPVtA%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4712
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
4652
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
2.21.110.139:443
www.bing.com
AKAMAI-AS
DE
whitelisted
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2.23.181.156:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
1176
svchost.exe
40.126.31.69:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 20.73.194.208
  • 51.124.78.146
whitelisted
www.bing.com
  • 2.21.110.139
  • 2.21.110.146
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
www.microsoft.com
  • 2.23.181.156
whitelisted
google.com
  • 142.250.184.238
whitelisted
login.live.com
  • 40.126.31.69
  • 20.190.159.68
  • 40.126.31.73
  • 20.190.159.71
  • 20.190.159.4
  • 20.190.159.75
  • 20.190.159.73
  • 40.126.31.67
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted
fd.api.iris.microsoft.com
  • 20.223.35.26
whitelisted

Threats

PID
Process
Class
Message
628
svchost.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Process
Message
msedgewebview2.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Local\com.tonymushah.dev directory exists )
Mangadex-Desktop.exe
Warning: AddWebResourceRequestedFilter without SourceKind parameter is deprecated! It does not behave as expected for iframes.Please use AddWebResourceRequestedFilterWithRequestSourceKinds instead. For more information, please see https://go.microsoft.com/fwlink/?linkid=2286319
Mangadex-Desktop.exe
Warning: AddWebResourceRequestedFilter without SourceKind parameter is deprecated! It does not behave as expected for iframes.Please use AddWebResourceRequestedFilterWithRequestSourceKinds instead. For more information, please see https://go.microsoft.com/fwlink/?linkid=2286319
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Mangadex-Desktop_0.1.3_x64_en-US.msi