File name:

Mangadex-Desktop_0.1.3_x64_en-US.msi

Full analysis: https://app.any.run/tasks/e2e16f35-2c35-4895-9f81-45edf0fef056
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: December 21, 2024, 08:49:06
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
generated-doc
loader
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Mangadex-Desktop, Author: tonymushah, Keywords: Installer, Comments: This installer database contains the logic and data required to install Mangadex-Desktop., Template: x64;0, Revision Number: {3FC796D9-1061-4D6D-A583-6E000F036CE3}, Create Time/Date: Thu Feb 23 17:38:34 2023, Last Saved Time/Date: Thu Feb 23 17:38:34 2023, Number of Pages: 450, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
MD5:

FB270041F97D8D8B917663FB2F2BCCB5

SHA1:

0279C11608EBFB0E053575C2351B860E2C0AC313

SHA256:

5840230F7E939239E6508973B5EC22329AB3105B7C8A8C4BBF4B9C10B32035F9

SSDEEP:

98304:8EMtYVfc2Uv4P2RmhE14DCF6qFq5FnSrE/pKdH/ADA3y81brJRfX6Mte7i8DjwZ2:PrJLWyyBmsXNlP5iIQFV4zkRmn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Run PowerShell with an invisible window

      • powershell.exe (PID: 6364)

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 5712)

    • Scans artifacts that could help determine the target

      • msedgewebview2.exe (PID: 2956)

    • The DLL Hijacking

      • msedgewebview2.exe (PID: 5256)

  • SUSPICIOUS

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 6556)

    • Executes as Windows Service

      • VSSVC.exe (PID: 6668)

    • Executable content was dropped or overwritten

      • powershell.exe (PID: 6364)
      • MicrosoftEdgeUpdate.exe (PID: 5712)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5112)
      • setup.exe (PID: 6852)
      • MicrosoftEdge_X64_131.0.2903.112.exe (PID: 6944)

    • Process drops legitimate windows executable

      • powershell.exe (PID: 6364)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5112)
      • MicrosoftEdgeUpdate.exe (PID: 5712)
      • setup.exe (PID: 6852)
      • MicrosoftEdge_X64_131.0.2903.112.exe (PID: 6944)

    • The process bypasses the loading of PowerShell profile settings

      • msiexec.exe (PID: 6556)

    • Downloads file from URI via Powershell

      • powershell.exe (PID: 6364)

    • Manipulates environment variables

      • powershell.exe (PID: 6364)

    • Starts process via Powershell

      • powershell.exe (PID: 6364)

    • Starts POWERSHELL.EXE for commands execution

      • msiexec.exe (PID: 6556)

    • Gets or sets the security protocol (POWERSHELL)

      • powershell.exe (PID: 6364)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeUpdate.exe (PID: 5712)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5112)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 5712)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6924)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6864)
      • MicrosoftEdgeUpdate.exe (PID: 4120)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6988)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 5712)
      • MicrosoftEdgeUpdate.exe (PID: 6972)
      • msiexec.exe (PID: 6612)
      • msedgewebview2.exe (PID: 2956)

    • Potential Corporate Privacy Violation

      • svchost.exe (PID: 628)

    • Checks Windows Trust Settings

      • MicrosoftEdgeUpdate.exe (PID: 6972)

    • Searches for installed software

      • setup.exe (PID: 6852)

    • Creates a software uninstall entry

      • setup.exe (PID: 6852)

    • Application launched itself

      • MicrosoftEdgeUpdate.exe (PID: 6972)
      • setup.exe (PID: 6852)
      • msedgewebview2.exe (PID: 2956)

  • INFO

    • Checks supported languages

      • msiexec.exe (PID: 6556)
      • msiexec.exe (PID: 6612)
      • MicrosoftEdgeUpdate.exe (PID: 5712)
      • MicrosoftEdgeUpdate.exe (PID: 4120)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6924)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5112)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6864)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6988)
      • MicrosoftEdgeUpdate.exe (PID: 7044)
      • MicrosoftEdgeUpdate.exe (PID: 7016)
      • MicrosoftEdgeUpdate.exe (PID: 6972)
      • MicrosoftEdge_X64_131.0.2903.112.exe (PID: 6944)
      • setup.exe (PID: 2744)
      • MicrosoftEdgeUpdate.exe (PID: 1572)
      • setup.exe (PID: 6852)
      • Mangadex-Desktop.exe (PID: 2976)
      • msedgewebview2.exe (PID: 3436)
      • msedgewebview2.exe (PID: 2956)
      • msedgewebview2.exe (PID: 5256)
      • msedgewebview2.exe (PID: 5880)
      • msedgewebview2.exe (PID: 2120)
      • msedgewebview2.exe (PID: 1080)
      • msedgewebview2.exe (PID: 3172)

    • Reads the computer name

      • msiexec.exe (PID: 6556)
      • msiexec.exe (PID: 6612)
      • MicrosoftEdgeUpdate.exe (PID: 5712)
      • MicrosoftEdgeUpdate.exe (PID: 4120)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6924)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6864)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6988)
      • MicrosoftEdgeUpdate.exe (PID: 7044)
      • MicrosoftEdgeUpdate.exe (PID: 7016)
      • MicrosoftEdge_X64_131.0.2903.112.exe (PID: 6944)
      • MicrosoftEdgeUpdate.exe (PID: 6972)
      • setup.exe (PID: 6852)
      • MicrosoftEdgeUpdate.exe (PID: 1572)
      • msedgewebview2.exe (PID: 2956)
      • Mangadex-Desktop.exe (PID: 2976)
      • msedgewebview2.exe (PID: 5880)
      • msedgewebview2.exe (PID: 5256)

    • An automatically generated document

      • msiexec.exe (PID: 6440)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 6556)
      • msiexec.exe (PID: 6440)

    • Manages system restore points

      • SrTasks.exe (PID: 5460)

    • The sample compiled with english language support

      • powershell.exe (PID: 6364)
      • MicrosoftEdgeUpdate.exe (PID: 5712)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5112)
      • svchost.exe (PID: 628)
      • MicrosoftEdge_X64_131.0.2903.112.exe (PID: 6944)
      • setup.exe (PID: 6852)

    • The process uses the downloaded file

      • powershell.exe (PID: 6364)
      • msiexec.exe (PID: 6612)

    • The executable file from the user directory is run by the Powershell process

      • MicrosoftEdgeWebview2Setup.exe (PID: 5112)

    • Disables trace logs

      • powershell.exe (PID: 6364)

    • Checks proxy server information

      • powershell.exe (PID: 6364)
      • MicrosoftEdgeUpdate.exe (PID: 7044)
      • MicrosoftEdgeUpdate.exe (PID: 6972)
      • MicrosoftEdgeUpdate.exe (PID: 1572)
      • msedgewebview2.exe (PID: 2956)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 6556)

    • Create files in a temporary directory

      • MicrosoftEdgeUpdate.exe (PID: 5712)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5112)
      • svchost.exe (PID: 628)
      • msedgewebview2.exe (PID: 2956)

    • Creates files or folders in the user directory

      • MicrosoftEdgeUpdate.exe (PID: 5712)
      • MicrosoftEdgeUpdate.exe (PID: 6972)
      • MicrosoftEdge_X64_131.0.2903.112.exe (PID: 6944)
      • setup.exe (PID: 2744)
      • setup.exe (PID: 6852)
      • msedgewebview2.exe (PID: 3436)
      • msedgewebview2.exe (PID: 2956)
      • msedgewebview2.exe (PID: 5880)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 7044)
      • MicrosoftEdgeUpdate.exe (PID: 1572)
      • msedgewebview2.exe (PID: 2956)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 5712)
      • setup.exe (PID: 6852)
      • msiexec.exe (PID: 6612)
      • msedgewebview2.exe (PID: 2956)
      • msedgewebview2.exe (PID: 1080)
      • msedgewebview2.exe (PID: 3172)

    • Reads the software policy settings

      • MicrosoftEdgeUpdate.exe (PID: 6972)
      • MicrosoftEdgeUpdate.exe (PID: 7044)
      • MicrosoftEdgeUpdate.exe (PID: 1572)

    • Reads the machine GUID from the registry

      • MicrosoftEdgeUpdate.exe (PID: 6972)
      • msedgewebview2.exe (PID: 2956)

    • Sends debugging messages

      • msedgewebview2.exe (PID: 2956)
      • Mangadex-Desktop.exe (PID: 2976)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Windows Installer (98.5)
.msi | Microsoft Installer (100)

EXIF

FlashPix

CodePage: Windows Latin 1 (Western European)
Title: Installation Database
Subject: Mangadex-Desktop
Author: tonymushah
Keywords: Installer
Comments: This installer database contains the logic and data required to install Mangadex-Desktop.
Template: x64;0
RevisionNumber: {3FC796D9-1061-4D6D-A583-6E000F036CE3}
CreateDate: 2023:02:23 17:38:34
ModifyDate: 2023:02:23 17:38:34
Pages: 450
Words: 2
Software: Windows Installer XML Toolset (3.11.2.4516)
Security: Read-only recommended
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
161
Monitored processes
30
Malicious processes
10
Suspicious processes
1

Behavior graph

Click at the process to see the details
start msiexec.exe msiexec.exe msiexec.exe no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs powershell.exe conhost.exe no specs microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe svchost.exe microsoftedge_x64_131.0.2903.112.exe setup.exe setup.exe no specs microsoftedgeupdate.exe mangadex-desktop.exe msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
628C:\WINDOWS\System32\svchost.exe -k netsvcs -p -s BITSC:\Windows\System32\svchost.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
1080"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\com.tonymushah.dev\EBWebView" --webview-exe-name=Mangadex-Desktop.exe --webview-exe-version=0.1.3 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3420,i,16030260819549573408,14013515134336469439,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3496 /prefetch:1C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
131.0.2903.112
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\131.0.2903.112\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\131.0.2903.112\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1572"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMzkiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7QTJFQTQ2RjktMkJDMy00OEVBLThCODUtRTE3NjVDODQ5QzZCfSIgdXNlcmlkPSJ7MUZCNzJEREYtMEE4Mi00MDQxLTgyMjEtQkM0RDAwQUM5MTUyfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins2RDZEMTMyMC1EMTI4LTRDMEMtOTc5MC1CNjkwMjU3QTdEQUJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSImcXVvdDtzemxOQkp1OXlEc3pmazlCUWdobWhFMmJCN00yekcvQzFCWjh5QS9rWWI0PSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzEuMC4yOTAzLjExMiIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzExNDA1OTE4MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzMTE0MzcyMjc2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM1Mjc2NTExNjciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzdkOWNkOTNjLTFkNWUtNDQ5Yi05YWQ3LWYxZThkNmI5MDUwOT9QMT0xNzM1Mzc1ODAxJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVFwZlRycWhWODNnb0tQNDFVelduUHh5YXRtSUdJUzlOVFFZTzJ4MXoyMFB0d3ZJT3ZNJTJiZXVPa25HdkI0JTJiVzh1MHpveE1MM3NkT3YlMmJYeXgxN3RQVnRBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTc2ODcwOTc2IiB0b3RhbD0iMTc2ODcwOTc2IiBkb3dubG9hZF90aW1lX21zPSIzNjQwNiIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzNTI3ODA3Nzg1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM1NTAxNTM3MzQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzOTQ3NDk3OTg5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNzk3IiBkb3dubG9hZF90aW1lX21zPSI0MTM0MyIgZG93bmxvYWRlZD0iMTc2ODcwOTc2IiB0b3RhbD0iMTc2ODcwOTc2IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSIzOTczNCIvPjwvYXBwPjwvcmVxdWVzdD4C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.39
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
1868\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2120"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\com.tonymushah.dev\EBWebView" --webview-exe-name=Mangadex-Desktop.exe --webview-exe-version=0.1.3 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2408,i,16030260819549573408,14013515134336469439,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2424 /prefetch:8C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
131.0.2903.112
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\131.0.2903.112\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\131.0.2903.112\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2744C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{FBE0436C-B2DD-41E9-AD50-280F677D7ED5}\EDGEMITMP_5BD29.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.205 --annotation=exe=C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{FBE0436C-B2DD-41E9-AD50-280F677D7ED5}\EDGEMITMP_5BD29.tmp\setup.exe --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=131.0.2903.112 --initial-client-data=0x240,0x244,0x248,0x21c,0x24c,0x7ff6b9de2918,0x7ff6b9de2924,0x7ff6b9de2930C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{FBE0436C-B2DD-41E9-AD50-280F677D7ED5}\EDGEMITMP_5BD29.tmp\setup.exesetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
131.0.2903.112
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{fbe0436c-b2dd-41e9-ad50-280f677d7ed5}\edgemitmp_5bd29.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
2956"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Mangadex-Desktop.exe --webview-exe-version=0.1.3 --user-data-dir="C:\Users\admin\AppData\Local\com.tonymushah.dev\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --lang=en-US --mojo-named-platform-channel-pipe=2976.5592.15938385797921786567C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe
Mangadex-Desktop.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
131.0.2903.112
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\131.0.2903.112\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\131.0.2903.112\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2976"C:\Program Files\Mangadex-Desktop\Mangadex-Desktop.exe" C:\Program Files\Mangadex-Desktop\Mangadex-Desktop.exe
msiexec.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Mangadex-Desktop
Version:
0.1.3
Modules
Images
c:\program files\mangadex-desktop\mangadex-desktop.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
3172"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe" --type=renderer --string-annotations=is-enterprise-managed=no --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\com.tonymushah.dev\EBWebView" --webview-exe-name=Mangadex-Desktop.exe --webview-exe-version=0.1.3 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=4144,i,16030260819549573408,14013515134336469439,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4156 /prefetch:1C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
131.0.2903.112
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\131.0.2903.112\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\131.0.2903.112\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3436C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe --type=crashpad-handler --user-data-dir=C:\Users\admin\AppData\Local\com.tonymushah.dev\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\admin\AppData\Local\com.tonymushah.dev\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=131.0.6778.205 --annotation=exe=C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exe --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=131.0.2903.112 --initial-client-data=0x184,0x188,0x18c,0x160,0x194,0x7ff820216070,0x7ff82021607c,0x7ff820216088C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\131.0.2903.112\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
131.0.2903.112
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\131.0.2903.112\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\131.0.2903.112\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
21 345
Read events
18 494
Write events
2 766
Delete events
85

Modification events

(PID) Process:(6556) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
48000000000000008C0A0A428553DB019C190000FC190000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6556) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
48000000000000008C0A0A428553DB019C190000FC190000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6556) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
4800000000000000DBC54C428553DB019C190000FC190000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6556) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
4800000000000000DBC54C428553DB019C190000FC190000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6556) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
480000000000000064294F428553DB019C190000FC190000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6556) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
480000000000000095F253428553DB019C190000FC190000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6556) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:writeName:LastIndex
Value:
11
(PID) Process:(6668) VSSVC.exeKey:HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\11000001
Operation:delete keyName:(default)
Value:
(PID) Process:(6556) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Enter)
Value:
48000000000000004769C6428553DB019C190000FC190000D30700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(6556) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\VssapiPublisher
Operation:writeName:IDENTIFY (Enter)
Value:
48000000000000004769C6428553DB019C190000681A0000E8030000010000000000000000000000EB93831B4C86574AA95740FF970543B300000000000000000000000000000000
Executable files
209
Suspicious files
163
Text files
35
Unknown types
16

Dropped files

PID
Process
Filename
Type
6556msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
6556msiexec.exeC:\Windows\Installer\13d739.msi
MD5:
SHA256:
6556msiexec.exeC:\Windows\Installer\13d73b.msi
MD5:
SHA256:
6440msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI905C.tmpexecutable
MD5:4FDD16752561CF585FED1506914D73E0
SHA256:AECD2D2FE766F6D439ACC2BBF1346930ECC535012CF5AD7B3273D2875237B7E7
6556msiexec.exeC:\System Volume Information\SPP\OnlineMetadataCache\{1b8393eb-864c-4a57-a957-40ff970543b3}_OnDiskSnapshotPropbinary
MD5:0DE9E9A26870B80E409DB5C50E74B0F2
SHA256:45522533974F12702CA9C97CCBD29022AACCA01D2579A4E30FF2EE687E3DDE32
6556msiexec.exeC:\System Volume Information\SPP\snapshot-2binary
MD5:0DE9E9A26870B80E409DB5C50E74B0F2
SHA256:45522533974F12702CA9C97CCBD29022AACCA01D2579A4E30FF2EE687E3DDE32
6556msiexec.exeC:\Windows\Temp\~DFC3EB492B0032A2AC.TMPbinary
MD5:6D64DCF3CDAFCFDFCDB79E0777F3540A
SHA256:D2E8050ABBF76E7DC8EEAB6C529E2CF93EB0A5EE1BBB1E95C55EB7E5A6978788
6556msiexec.exeC:\Windows\Temp\~DF75F11C9DCB1854EF.TMPbinary
MD5:BF619EAC0CDF3F68D496EA9344137E8B
SHA256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
6556msiexec.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mangadex-Desktop\Mangadex-Desktop.lnkbinary
MD5:D9957CF6D7CC4736CBB27A8CF04C38F6
SHA256:F176CF1CF80695801FE676328A60181CAC0046DB7E2916E36EC5A79E7D9B08B5
6556msiexec.exeC:\Windows\Installer\inprogressinstallinfo.ipibinary
MD5:6D64DCF3CDAFCFDFCDB79E0777F3540A
SHA256:D2E8050ABBF76E7DC8EEAB6C529E2CF93EB0A5EE1BBB1E95C55EB7E5A6978788
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
41
DNS requests
27
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5968
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
7128
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7128
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
628
svchost.exe
HEAD
200
199.232.214.172:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/7d9cd93c-1d5e-449b-9ad7-f1e8d6b90509?P1=1735375801&P2=404&P3=2&P4=QpfTrqhV83goKP41UzWnPxyatmIGIS9NTQYO2x1z20PtwvIOvM%2beuOknGvB4%2bW8u0zoxML3sdOv%2bXyx17tPVtA%3d%3d
unknown
whitelisted
628
svchost.exe
GET
200
199.232.214.172:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/7d9cd93c-1d5e-449b-9ad7-f1e8d6b90509?P1=1735375801&P2=404&P3=2&P4=QpfTrqhV83goKP41UzWnPxyatmIGIS9NTQYO2x1z20PtwvIOvM%2beuOknGvB4%2bW8u0zoxML3sdOv%2bXyx17tPVtA%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4712
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
4652
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
2.21.110.139:443
www.bing.com
AKAMAI-AS
DE
whitelisted
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2.23.181.156:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
1176
svchost.exe
40.126.31.69:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 20.73.194.208
  • 51.124.78.146
whitelisted
www.bing.com
  • 2.21.110.139
  • 2.21.110.146
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
www.microsoft.com
  • 2.23.181.156
whitelisted
google.com
  • 142.250.184.238
whitelisted
login.live.com
  • 40.126.31.69
  • 20.190.159.68
  • 40.126.31.73
  • 20.190.159.71
  • 20.190.159.4
  • 20.190.159.75
  • 20.190.159.73
  • 40.126.31.67
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted
fd.api.iris.microsoft.com
  • 20.223.35.26
whitelisted

Threats

PID
Process
Class
Message
628
svchost.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Process
Message
msedgewebview2.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Local\com.tonymushah.dev directory exists )
Mangadex-Desktop.exe
Warning: AddWebResourceRequestedFilter without SourceKind parameter is deprecated! It does not behave as expected for iframes.Please use AddWebResourceRequestedFilterWithRequestSourceKinds instead. For more information, please see https://go.microsoft.com/fwlink/?linkid=2286319
Mangadex-Desktop.exe
Warning: AddWebResourceRequestedFilter without SourceKind parameter is deprecated! It does not behave as expected for iframes.Please use AddWebResourceRequestedFilterWithRequestSourceKinds instead. For more information, please see https://go.microsoft.com/fwlink/?linkid=2286319
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Mangadex-Desktop_0.1.3_x64_en-US.msi