URL:

https://pcapp.store

Full analysis: https://app.any.run/tasks/2db799b6-c657-4eb7-8dd4-42ba45a16d3c
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: July 07, 2025, 16:41:55
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
websocket
pcappstore
adware
auto
generic
Indicators:
MD5:

5A5168775F13A01E7BE3A3FB66947E5E

SHA1:

46A2800F8BA234549D4FB96806D0D12A77C786FE

SHA256:

028CB26033FADECA687E6A65F6BEB4BDFD88D8E9F86010C426E4F487297533F9

SSDEEP:

3:N8C8AsXA:2CuQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • Setup.exe (PID: 7396)

    • GENERIC has been found (auto)

      • Setup.exe (PID: 7396)

    • PCAPPSTORE mutex has been found

      • PcAppStore.exe (PID: 7544)
      • PcAppStore.exe (PID: 7812)
      • PcAppStore.exe (PID: 8056)
      • PcAppStore.exe (PID: 504)
      • PcAppStore.exe (PID: 7236)

  • SUSPICIOUS

    • Creates file in the systems drive root

      • msedge.exe (PID: 6808)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Setup.exe (PID: 7396)

    • The process creates files with name similar to system file names

      • Setup.exe (PID: 7396)

    • Reads security settings of Internet Explorer

      • Setup.exe (PID: 7396)
      • Watchdog.exe (PID: 6536)
      • PcAppStore.exe (PID: 7544)
      • MicrosoftEdgeUpdate.exe (PID: 1948)
      • PcAppStore.exe (PID: 8056)
      • MicrosoftEdgeUpdate.exe (PID: 868)
      • PcAppStore.exe (PID: 7236)
      • MicrosoftEdgeUpdate.exe (PID: 2368)

    • Executable content was dropped or overwritten

      • Setup.exe (PID: 7396)
      • PcAppStore.exe (PID: 7544)
      • MicrosoftEdgeWebview2Setup.exe (PID: 304)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5456)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6900)

    • Searches for installed software

      • Setup.exe (PID: 7396)

    • Creates a software uninstall entry

      • Setup.exe (PID: 7396)

    • There is functionality for taking screenshot (YARA)

      • Setup.exe (PID: 7396)
      • PcAppStore.exe (PID: 8056)

    • Process drops legitimate windows executable

      • PcAppStore.exe (PID: 7544)
      • MicrosoftEdgeWebview2Setup.exe (PID: 304)
      • MicrosoftEdgeUpdate.exe (PID: 1948)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5456)
      • MicrosoftEdgeUpdate.exe (PID: 868)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6900)
      • MicrosoftEdgeUpdate.exe (PID: 2368)

    • Reads the date of Windows installation

      • PcAppStore.exe (PID: 7544)
      • PcAppStore.exe (PID: 8056)
      • PcAppStore.exe (PID: 7236)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeUpdate.exe (PID: 1948)
      • MicrosoftEdgeUpdate.exe (PID: 868)
      • MicrosoftEdgeUpdate.exe (PID: 2368)

    • Disables SEHOP

      • MicrosoftEdgeUpdate.exe (PID: 1948)
      • MicrosoftEdgeUpdate.exe (PID: 2368)
      • MicrosoftEdgeUpdate.exe (PID: 868)

    • Application launched itself

      • PcAppStore.exe (PID: 7544)
      • PcAppStore.exe (PID: 8056)

  • INFO

    • Reads the computer name

      • identity_helper.exe (PID: 7848)
      • Setup.exe (PID: 7396)
      • Watchdog.exe (PID: 6536)
      • PcAppStore.exe (PID: 7544)
      • MicrosoftEdgeUpdate.exe (PID: 1948)
      • MicrosoftEdgeUpdate.exe (PID: 868)
      • identity_helper.exe (PID: 7440)
      • PcAppStore.exe (PID: 7236)
      • MicrosoftEdgeUpdate.exe (PID: 2368)
      • PcAppStore.exe (PID: 8056)

    • Checks supported languages

      • identity_helper.exe (PID: 7848)
      • Setup.exe (PID: 7396)
      • PcAppStore.exe (PID: 7544)
      • Watchdog.exe (PID: 6536)
      • MicrosoftEdgeWebview2Setup.exe (PID: 304)
      • MicrosoftEdgeUpdate.exe (PID: 1948)
      • PcAppStore.exe (PID: 7812)
      • PcAppStore.exe (PID: 8056)
      • SearchApp.exe (PID: 5328)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5456)
      • MicrosoftEdgeUpdate.exe (PID: 868)
      • identity_helper.exe (PID: 7440)
      • PcAppStore.exe (PID: 504)
      • PcAppStore.exe (PID: 7236)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6900)
      • PcAppStore.exe (PID: 1028)
      • MicrosoftEdgeUpdate.exe (PID: 2368)

    • Application launched itself

      • msedge.exe (PID: 6808)
      • msedge.exe (PID: 6268)

    • The sample compiled with english language support

      • msedge.exe (PID: 6808)
      • Setup.exe (PID: 7396)
      • PcAppStore.exe (PID: 7544)
      • MicrosoftEdgeWebview2Setup.exe (PID: 304)
      • MicrosoftEdgeUpdate.exe (PID: 1948)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5456)
      • MicrosoftEdgeUpdate.exe (PID: 868)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6900)
      • MicrosoftEdgeUpdate.exe (PID: 2368)

    • Reads Environment values

      • identity_helper.exe (PID: 7848)
      • PcAppStore.exe (PID: 7544)
      • MicrosoftEdgeUpdate.exe (PID: 1948)
      • PcAppStore.exe (PID: 7812)
      • PcAppStore.exe (PID: 8056)
      • MicrosoftEdgeUpdate.exe (PID: 868)
      • identity_helper.exe (PID: 7440)
      • PcAppStore.exe (PID: 504)
      • PcAppStore.exe (PID: 7236)
      • MicrosoftEdgeUpdate.exe (PID: 2368)
      • PcAppStore.exe (PID: 1028)

    • Create files in a temporary directory

      • Setup.exe (PID: 7396)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 6808)

    • Reads the machine GUID from the registry

      • Setup.exe (PID: 7396)
      • Watchdog.exe (PID: 6536)
      • PcAppStore.exe (PID: 7544)
      • SearchApp.exe (PID: 5328)
      • PcAppStore.exe (PID: 8056)
      • PcAppStore.exe (PID: 7236)

    • Reads the software policy settings

      • Setup.exe (PID: 7396)
      • Watchdog.exe (PID: 6536)
      • PcAppStore.exe (PID: 7544)
      • MicrosoftEdgeUpdate.exe (PID: 1948)
      • wermgr.exe (PID: 4400)
      • SearchApp.exe (PID: 5328)
      • PcAppStore.exe (PID: 8056)
      • MicrosoftEdgeUpdate.exe (PID: 868)
      • wermgr.exe (PID: 7196)
      • slui.exe (PID: 7268)
      • PcAppStore.exe (PID: 7236)
      • MicrosoftEdgeUpdate.exe (PID: 2368)
      • wermgr.exe (PID: 7376)

    • Creates files or folders in the user directory

      • Setup.exe (PID: 7396)
      • Watchdog.exe (PID: 6536)
      • PcAppStore.exe (PID: 7544)
      • wermgr.exe (PID: 4400)
      • PcAppStore.exe (PID: 8056)
      • PcAppStore.exe (PID: 7236)

    • Checks proxy server information

      • Setup.exe (PID: 7396)
      • Watchdog.exe (PID: 6536)
      • PcAppStore.exe (PID: 7544)
      • MicrosoftEdgeUpdate.exe (PID: 1948)
      • wermgr.exe (PID: 4400)
      • PcAppStore.exe (PID: 8056)
      • MicrosoftEdgeUpdate.exe (PID: 868)
      • wermgr.exe (PID: 7196)
      • slui.exe (PID: 7268)
      • PcAppStore.exe (PID: 7236)
      • MicrosoftEdgeUpdate.exe (PID: 2368)
      • wermgr.exe (PID: 7376)

    • Process checks computer location settings

      • Setup.exe (PID: 7396)
      • PcAppStore.exe (PID: 7544)
      • SearchApp.exe (PID: 5328)
      • MicrosoftEdgeUpdate.exe (PID: 1948)
      • PcAppStore.exe (PID: 8056)
      • MicrosoftEdgeUpdate.exe (PID: 868)
      • PcAppStore.exe (PID: 7236)
      • MicrosoftEdgeUpdate.exe (PID: 2368)

    • Launching a file from a Registry key

      • Setup.exe (PID: 7396)

    • Creates files in the program directory

      • MicrosoftEdgeWebview2Setup.exe (PID: 304)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5456)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6900)

    • Gets the hash of the file via CERTUTIL.EXE

      • certutil.exe (PID: 6900)
      • certutil.exe (PID: 4888)

    • Manual execution by a user

      • cmd.exe (PID: 3952)
      • PcAppStore.exe (PID: 7812)
      • PcAppStore.exe (PID: 504)
      • cmd.exe (PID: 7504)
      • PcAppStore.exe (PID: 1028)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
229
Monitored processes
78
Malicious processes
11
Suspicious processes
2

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs #GENERIC setup.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs THREAT pcappstore.exe watchdog.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe wermgr.exe rundll32.exe no specs cmd.exe no specs conhost.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs certutil.exe no specs msedge.exe no specs THREAT pcappstore.exe no specs msedge.exe no specs THREAT pcappstore.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe wermgr.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs THREAT pcappstore.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs conhost.exe no specs THREAT pcappstore.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe wermgr.exe certutil.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs pcappstore.exe msedge.exe no specs msedge.exe no specs searchapp.exe

Process information

PID
CMD
Path
Indicators
Parent process
304"C:\Users\admin\PCAppStore\download\MicrosoftEdgeWebview2Setup.exe" /silent /installC:\Users\admin\PCAppStore\download\MicrosoftEdgeWebview2Setup.exe
PcAppStore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update Setup
Exit code:
2147747592
Version:
1.3.195.61
Modules
Images
c:\users\admin\pcappstore\download\microsoftedgewebview2setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
504"C:\Users\admin\PCAppStore\PcAppStore.exe" /init default showMC:\Users\admin\PCAppStore\PcAppStore.exe
explorer.exe
User:
admin
Company:
Fast Corporation LTD
Integrity Level:
MEDIUM
Description:
PC App Store Runtime
Exit code:
0
Version:
1.0.0.2010
Modules
Images
c:\users\admin\pcappstore\pcappstore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32full.dll
868"C:\Program Files (x86)\Microsoft\Temp\EUFDF3.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"C:\Program Files (x86)\Microsoft\Temp\EUFDF3.tmp\MicrosoftEdgeUpdate.exe
MicrosoftEdgeWebview2Setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update
Exit code:
2147747592
Version:
1.3.195.61
Modules
Images
c:\program files (x86)\microsoft\temp\eufdf3.tmp\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
1028"C:\Users\admin\PCAppStore\PcAppStore.exe" C:\Users\admin\PCAppStore\PcAppStore.exe
explorer.exe
User:
admin
Company:
Fast Corporation LTD
Integrity Level:
HIGH
Description:
PC App Store Runtime
Exit code:
4294967295
Version:
1.0.0.2010
Modules
Images
c:\users\admin\pcappstore\pcappstore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1164"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=4544,i,13694548175564630343,7798057053717199031,262144 --variations-seed-version --mojo-platform-channel-handle=5156 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1216"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6980,i,4125935298002997249,15774816467088765558,262144 --variations-seed-version --mojo-platform-channel-handle=6596 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1232"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=8476,i,4125935298002997249,15774816467088765558,262144 --variations-seed-version --mojo-platform-channel-handle=8520 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1268"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=7132,i,4125935298002997249,15774816467088765558,262144 --variations-seed-version --mojo-platform-channel-handle=4268 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1296"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2428,i,4125935298002997249,15774816467088765558,262144 --variations-seed-version --mojo-platform-channel-handle=2424 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1352"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-quic --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=4912,i,13694548175564630343,7798057053717199031,262144 --variations-seed-version --mojo-platform-channel-handle=5180 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
34 453
Read events
34 198
Write events
240
Delete events
15

Modification events

(PID) Process:(6808) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(6808) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(6808) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(6808) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(6808) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(6808) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(6808) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
1D3388CEEF972F00
(PID) Process:(6808) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\393796
Operation:writeName:WindowTabManagerFileMappingId
Value:
{3D57E6B7-1C9C-4007-BB00-4A5A1B5E2683}
(PID) Process:(6808) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\393796
Operation:writeName:WindowTabManagerFileMappingId
Value:
{4FBD0913-5B06-459D-9AE7-60B67B59F6C9}
(PID) Process:(6808) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\393796
Operation:writeName:WindowTabManagerFileMappingId
Value:
{6904E563-2F14-48A0-A5D1-12D2772A3C98}
Executable files
421
Suspicious files
379
Text files
154
Unknown types
95

Dropped files

PID
Process
Filename
Type
6808msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF175a74.TMP
MD5:
SHA256:
6808msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
6808msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF175a74.TMP
MD5:
SHA256:
6808msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
6808msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF175a74.TMP
MD5:
SHA256:
6808msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
6808msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF175aa3.TMP
MD5:
SHA256:
6808msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF175a74.TMP
MD5:
SHA256:
6808msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
6808msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
42
TCP/UDP connections
168
DNS requests
137
Threats
27

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2076
msedge.exe
GET
200
150.171.27.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:C3P3u5nabRSgDJpYcEQ_Jr-rt3xzow7A_lQzrt-SBG4&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
1268
svchost.exe
GET
200
2.16.168.114:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2612
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1268
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7396
Setup.exe
GET
200
2.23.77.188:80
http://status.rapidssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJiUKgT2m88fZ4nxc1Lu6M%2FjvkagQUDNtsgkkPSmcKuBTuesRIUojrVjgCEAs3%2BNNJvfdja5VCZfjkXmo%3D
unknown
whitelisted
7696
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7544
PcAppStore.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
4400
wermgr.exe
GET
200
2.16.168.114:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2324
svchost.exe
HEAD
200
208.89.74.27:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bf8090eb-6e5c-4c51-9250-5bf9b46cf160?P1=1752341713&P2=404&P3=2&P4=II48KOzb9yS%2blZD8dDncjgbIUR%2fxvk5jH52p6Ke7vSjDwqlgoqU2W2H3BXbiBj9s59kN6Ji2%2bngemCeppaBiQA%3d%3d
unknown
whitelisted
6536
Watchdog.exe
GET
200
18.66.145.213:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEjgLnWaIozse2b%2BczaaODg8%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5944
MoUsoCoreWorker.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:137
whitelisted
4700
RUXIMICS.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
1268
svchost.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:138
whitelisted
2076
msedge.exe
150.171.27.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2076
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2076
msedge.exe
159.223.126.41:443
pcapp.store
DIGITALOCEAN-ASN
US
suspicious
2076
msedge.exe
150.171.27.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2076
msedge.exe
2.16.241.220:443
copilot.microsoft.com
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.18.14
whitelisted
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
pcapp.store
  • 159.223.126.41
  • 167.99.235.203
  • 64.176.203.93
  • 45.32.1.23
  • 159.203.177.96
  • 104.248.126.225
  • 209.222.21.115
  • 207.246.91.177
  • 159.223.101.159
unknown
copilot.microsoft.com
  • 2.16.241.220
  • 2.16.241.224
whitelisted
www.bing.com
  • 2.16.241.225
  • 2.16.241.205
  • 2.16.241.201
  • 2.16.241.222
  • 2.16.241.218
  • 2.16.241.207
  • 2.16.241.216
  • 92.123.104.19
  • 92.123.104.47
  • 92.123.104.59
  • 92.123.104.63
  • 92.123.104.49
  • 92.123.104.28
  • 92.123.104.67
  • 92.123.104.8
  • 92.123.104.52
whitelisted
www.googletagmanager.com
  • 142.250.185.136
whitelisted
repository.pcapp.store
  • 207.211.211.26
  • 195.181.170.19
  • 169.150.255.180
  • 212.102.56.178
  • 37.19.194.80
  • 169.150.255.184
  • 195.181.175.41
unknown
fonts.googleapis.com
  • 142.250.186.138
whitelisted
www.google.com
  • 142.250.185.100
whitelisted

Threats

PID
Process
Class
Message
2076
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2076
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2076
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2076
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2076
msedge.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
2076
msedge.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
2076
msedge.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
2076
msedge.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
2076
msedge.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
2076
msedge.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
Process
Message
PcAppStore.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
PcAppStore.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
PcAppStore.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
PcAppStore.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
PcAppStore.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
PcAppStore.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
PcAppStore.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
PcAppStore.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
PcAppStore.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
PcAppStore.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://pcapp.store