A modinfo event can be generated in two ways:
- Executing a binary of any kind.
and
- If a binary executes and loads another sys, exe, dll or other binary file.
For example, if you rename powershell.exe to something else, and then execute it, it will store a modinfo event for that (based on #1 above). If that powershell execution also loads another exe, dll, etc, then it will generate a second modinfo event (based on #2 above).