File name:

Setup.exe

Full analysis: https://app.any.run/tasks/b6b0d809-7af2-44c6-9b90-d2a1af4afb06
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: December 04, 2025, 04:32:37
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto
generic
pcappstore
adware
stealer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

3E4DA9EB438BD599E487EE868BF0DEF8

SHA1:

F7FFAD6EB686356E8E9B43E13C0F9E14BB3F9D57

SHA256:

CBA34BD29A65A1DDFC1D9FBB838942EC1017E381C2BA2B25DD6D85762B6639BB

SSDEEP:

98304:yNNfxJHOEMd5e2Ed1RH8nh30YpPqOl8kLNRTx3lD4cEvuTIkr94Vjn+NrBPvllsw:jFE6

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • GENERIC has been found (auto)

      • Setup.exe (PID: 7392)
      • Setup.exe (PID: 7392)

    • Changes the autorun value in the registry

      • Setup.exe (PID: 7392)

    • PCAPPSTORE mutex has been found

      • PcAppStore.exe (PID: 8028)
      • PcAppStore.exe (PID: 8396)
      • PcAppStore.exe (PID: 6344)
      • PcAppStore.exe (PID: 8152)

    • Actions looks like stealing of personal data

      • PcAppStore.exe (PID: 8028)

    • Executing a file with an untrusted certificate

      • diskspd.exe (PID: 5932)

    • Application was injected by another process

      • Uninstaller.exe (PID: 8928)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Setup.exe (PID: 7392)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6360)
      • PcAppStore.exe (PID: 8028)
      • MicrosoftEdge_X64_142.0.3595.94.exe (PID: 3200)
      • setup.exe (PID: 1172)
      • SetupEngine.exe (PID: 804)
      • uninstaller.exe (PID: 1940)
      • msedgewebview2.exe (PID: 4320)
      • Un_A.exe (PID: 6380)
      • Uninstaller.exe (PID: 8928)
      • Un_A.exe (PID: 9536)

    • Searches for installed software

      • Setup.exe (PID: 7392)
      • setup.exe (PID: 1172)
      • fast!.exe (PID: 2012)
      • msedgewebview2.exe (PID: 5968)
      • SystemSettings.exe (PID: 5048)

    • The process creates files with name similar to system file names

      • Setup.exe (PID: 7392)
      • SetupEngine.exe (PID: 804)
      • Un_A.exe (PID: 6380)
      • Un_A.exe (PID: 9536)

    • Reads security settings of Internet Explorer

      • Setup.exe (PID: 7392)
      • Watchdog.exe (PID: 8056)
      • PcAppStore.exe (PID: 8028)
      • MicrosoftEdgeUpdate.exe (PID: 8228)
      • msedgewebview2.exe (PID: 5968)
      • SetupEngine.exe (PID: 804)
      • fast!.exe (PID: 2012)
      • Un_A.exe (PID: 6380)
      • Un_A.exe (PID: 9536)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Setup.exe (PID: 7392)
      • SetupEngine.exe (PID: 804)
      • Un_A.exe (PID: 6380)
      • Un_A.exe (PID: 9536)

    • Reads the date of Windows installation

      • PcAppStore.exe (PID: 8028)
      • SystemSettings.exe (PID: 5048)

    • Process drops legitimate windows executable

      • PcAppStore.exe (PID: 8028)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6360)
      • MicrosoftEdgeUpdate.exe (PID: 8228)
      • MicrosoftEdge_X64_142.0.3595.94.exe (PID: 3200)
      • setup.exe (PID: 1172)
      • SetupEngine.exe (PID: 804)
      • msedgewebview2.exe (PID: 4320)

    • Disables SEHOP

      • MicrosoftEdgeUpdate.exe (PID: 8228)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 8228)
      • uninstaller.exe (PID: 1940)
      • Uninstaller.exe (PID: 8928)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8344)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8372)
      • MicrosoftEdgeUpdate.exe (PID: 8316)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8400)

    • Executes as Windows Service

      • MicrosoftEdgeUpdate.exe (PID: 8552)

    • Application launched itself

      • MicrosoftEdgeUpdate.exe (PID: 8552)
      • setup.exe (PID: 1172)
      • msedgewebview2.exe (PID: 5968)
      • nw.exe (PID: 1632)

    • Non windows owned service launched

      • MicrosoftEdgeUpdate.exe (PID: 8552)

    • There is functionality for taking screenshot (YARA)

      • PcAppStore.exe (PID: 8028)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeUpdate.exe (PID: 8228)

    • Manipulates environment variables

      • powershell.exe (PID: 2028)

    • Starts POWERSHELL.EXE for commands execution

      • SetupEngine.exe (PID: 804)

    • Starts CMD.EXE for commands execution

      • SetupEngine.exe (PID: 804)

    • The executable file from the user directory is run by the CMD process

      • diskspd.exe (PID: 5932)

    • Deletes scheduled task without confirmation

      • schtasks.exe (PID: 5184)
      • schtasks.exe (PID: 10108)

  • INFO

    • The sample compiled with english language support

      • Setup.exe (PID: 7392)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6360)
      • PcAppStore.exe (PID: 8028)
      • MicrosoftEdgeUpdate.exe (PID: 8228)
      • MicrosoftEdge_X64_142.0.3595.94.exe (PID: 3200)
      • setup.exe (PID: 1172)
      • SetupEngine.exe (PID: 804)
      • msedgewebview2.exe (PID: 4320)
      • uninstaller.exe (PID: 1940)
      • Un_A.exe (PID: 6380)
      • Uninstaller.exe (PID: 8928)
      • Un_A.exe (PID: 9536)

    • Creates files or folders in the user directory

      • Setup.exe (PID: 7392)
      • Watchdog.exe (PID: 8056)
      • PcAppStore.exe (PID: 8028)
      • SetupEngine.exe (PID: 804)
      • diskspd.exe (PID: 5932)
      • nw.exe (PID: 8036)
      • nw.exe (PID: 1632)
      • nw.exe (PID: 2972)
      • msedgewebview2.exe (PID: 9364)
      • SystemSettings.exe (PID: 5048)

    • Checks supported languages

      • Setup.exe (PID: 7392)
      • Watchdog.exe (PID: 8056)
      • PcAppStore.exe (PID: 8028)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6360)
      • MicrosoftEdgeUpdate.exe (PID: 8284)
      • MicrosoftEdgeUpdate.exe (PID: 8316)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8344)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8400)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8372)
      • MicrosoftEdgeUpdate.exe (PID: 8456)
      • MicrosoftEdgeUpdate.exe (PID: 8496)
      • MicrosoftEdgeUpdate.exe (PID: 8552)
      • PcAppStore.exe (PID: 8396)
      • MicrosoftEdgeUpdate.exe (PID: 8792)
      • MicrosoftEdge_X64_142.0.3595.94.exe (PID: 3200)
      • PcAppStore.exe (PID: 6344)
      • setup.exe (PID: 1172)
      • MicrosoftEdgeUpdate.exe (PID: 8228)
      • setup.exe (PID: 6172)
      • msedgewebview2.exe (PID: 5968)
      • msedgewebview2.exe (PID: 8044)
      • msedgewebview2.exe (PID: 7996)
      • PcAppStore.exe (PID: 8152)
      • msedgewebview2.exe (PID: 7192)
      • msedgewebview2.exe (PID: 8076)
      • msedgewebview2.exe (PID: 8344)
      • msedgewebview2.exe (PID: 4064)
      • MicrosoftEdgeUpdate.exe (PID: 5284)
      • msedgewebview2.exe (PID: 8836)
      • msedgewebview2.exe (PID: 5912)
      • SetupEngine.exe (PID: 804)
      • msedgewebview2.exe (PID: 4140)
      • diskspd.exe (PID: 5932)
      • fast!.exe (PID: 2012)
      • nw.exe (PID: 8036)
      • nw.exe (PID: 1632)
      • nw.exe (PID: 2972)
      • nw.exe (PID: 8668)
      • nw.exe (PID: 9164)
      • nw.exe (PID: 3464)
      • nw.exe (PID: 936)
      • msedgewebview2.exe (PID: 8660)
      • nw.exe (PID: 2436)
      • msedgewebview2.exe (PID: 6300)
      • nw.exe (PID: 6464)
      • msedgewebview2.exe (PID: 480)
      • msedgewebview2.exe (PID: 2928)
      • msedgewebview2.exe (PID: 744)
      • msedgewebview2.exe (PID: 9320)
      • msedgewebview2.exe (PID: 9364)
      • identity_helper.exe (PID: 9612)
      • identity_helper.exe (PID: 9580)
      • SystemSettings.exe (PID: 5048)
      • msedgewebview2.exe (PID: 4320)
      • uninstaller.exe (PID: 1940)
      • Un_A.exe (PID: 6380)
      • identity_helper.exe (PID: 9000)
      • Uninstaller.exe (PID: 8928)
      • Un_A.exe (PID: 9536)

    • Launching a file from a Registry key

      • Setup.exe (PID: 7392)

    • Application launched itself

      • msedge.exe (PID: 7744)
      • msedge.exe (PID: 7720)
      • msedge.exe (PID: 1576)
      • msedge.exe (PID: 9880)
      • msedge.exe (PID: 9444)
      • msedge.exe (PID: 3000)

    • Create files in a temporary directory

      • Setup.exe (PID: 7392)
      • MicrosoftEdgeUpdate.exe (PID: 8228)
      • msedgewebview2.exe (PID: 5968)
      • SetupEngine.exe (PID: 804)
      • nw.exe (PID: 1632)
      • fast!.exe (PID: 2012)
      • uninstaller.exe (PID: 1940)
      • Un_A.exe (PID: 6380)
      • Uninstaller.exe (PID: 8928)
      • Un_A.exe (PID: 9536)

    • Creates a software uninstall entry

      • Setup.exe (PID: 7392)
      • setup.exe (PID: 1172)
      • SetupEngine.exe (PID: 804)
      • fast!.exe (PID: 2012)

    • Reads the computer name

      • Watchdog.exe (PID: 8056)
      • Setup.exe (PID: 7392)
      • PcAppStore.exe (PID: 8028)
      • MicrosoftEdgeUpdate.exe (PID: 8284)
      • MicrosoftEdgeUpdate.exe (PID: 8316)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8372)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8400)
      • MicrosoftEdgeUpdate.exe (PID: 8496)
      • MicrosoftEdgeUpdate.exe (PID: 8456)
      • MicrosoftEdgeUpdate.exe (PID: 8552)
      • MicrosoftEdgeUpdate.exe (PID: 8792)
      • MicrosoftEdge_X64_142.0.3595.94.exe (PID: 3200)
      • MicrosoftEdgeUpdate.exe (PID: 8228)
      • msedgewebview2.exe (PID: 5968)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8344)
      • msedgewebview2.exe (PID: 8044)
      • msedgewebview2.exe (PID: 8076)
      • MicrosoftEdgeUpdate.exe (PID: 5284)
      • SetupEngine.exe (PID: 804)
      • diskspd.exe (PID: 5932)
      • msedgewebview2.exe (PID: 4140)
      • fast!.exe (PID: 2012)
      • setup.exe (PID: 1172)
      • nw.exe (PID: 1632)
      • nw.exe (PID: 2972)
      • nw.exe (PID: 8668)
      • nw.exe (PID: 9164)
      • nw.exe (PID: 936)
      • nw.exe (PID: 2436)
      • nw.exe (PID: 6464)
      • msedgewebview2.exe (PID: 9364)
      • identity_helper.exe (PID: 9580)
      • identity_helper.exe (PID: 9612)
      • SystemSettings.exe (PID: 5048)
      • Un_A.exe (PID: 6380)
      • identity_helper.exe (PID: 9000)
      • Un_A.exe (PID: 9536)

    • Checks proxy server information

      • Setup.exe (PID: 7392)
      • Watchdog.exe (PID: 8056)
      • PcAppStore.exe (PID: 8028)
      • MicrosoftEdgeUpdate.exe (PID: 8456)
      • msedgewebview2.exe (PID: 5968)
      • SetupEngine.exe (PID: 804)
      • nw.exe (PID: 1632)
      • slui.exe (PID: 8728)
      • Un_A.exe (PID: 6380)
      • Un_A.exe (PID: 9536)
      • fast!.exe (PID: 2012)

    • Reads the machine GUID from the registry

      • Setup.exe (PID: 7392)
      • PcAppStore.exe (PID: 8028)
      • Watchdog.exe (PID: 8056)
      • msedgewebview2.exe (PID: 5968)
      • SetupEngine.exe (PID: 804)
      • nw.exe (PID: 1632)
      • nw.exe (PID: 2972)
      • msedgewebview2.exe (PID: 9364)
      • SystemSettings.exe (PID: 5048)
      • Un_A.exe (PID: 6380)
      • Un_A.exe (PID: 9536)
      • fast!.exe (PID: 2012)

    • Process checks computer location settings

      • PcAppStore.exe (PID: 8028)
      • MicrosoftEdgeUpdate.exe (PID: 8228)
      • msedgewebview2.exe (PID: 5968)
      • setup.exe (PID: 1172)
      • msedgewebview2.exe (PID: 8836)
      • msedgewebview2.exe (PID: 8344)
      • msedgewebview2.exe (PID: 4064)
      • msedgewebview2.exe (PID: 5912)
      • fast!.exe (PID: 2012)
      • nw.exe (PID: 9164)
      • nw.exe (PID: 1632)
      • nw.exe (PID: 3464)
      • msedgewebview2.exe (PID: 8660)
      • msedgewebview2.exe (PID: 2928)
      • Un_A.exe (PID: 9536)

    • Creates files in the program directory

      • MicrosoftEdgeWebview2Setup.exe (PID: 6360)
      • MicrosoftEdge_X64_142.0.3595.94.exe (PID: 3200)
      • setup.exe (PID: 1172)
      • SetupEngine.exe (PID: 804)
      • fast!.exe (PID: 2012)

    • Reads Environment values

      • PcAppStore.exe (PID: 8028)
      • MicrosoftEdgeUpdate.exe (PID: 8456)
      • MicrosoftEdgeUpdate.exe (PID: 8792)
      • PcAppStore.exe (PID: 8396)
      • PcAppStore.exe (PID: 6344)
      • PcAppStore.exe (PID: 8152)
      • msedgewebview2.exe (PID: 5968)
      • MicrosoftEdgeUpdate.exe (PID: 5284)
      • nw.exe (PID: 8036)
      • identity_helper.exe (PID: 9612)
      • identity_helper.exe (PID: 9580)
      • identity_helper.exe (PID: 9000)

    • Manual execution by a user

      • PcAppStore.exe (PID: 8396)
      • PcAppStore.exe (PID: 6344)
      • PcAppStore.exe (PID: 8152)
      • msedge.exe (PID: 1576)

    • Reads CPU info

      • msedgewebview2.exe (PID: 5968)

    • The sample compiled with slovak language support

      • SetupEngine.exe (PID: 804)
      • Un_A.exe (PID: 6380)

    • Checks if a key exists in the options dictionary (POWERSHELL)

      • powershell.exe (PID: 2028)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:09:25 21:57:46+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 27136
InitializedDataSize: 186880
UninitializedDataSize: 2048
EntryPoint: 0x352d
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.2010
ProductVersionNumber: 1.0.0.2010
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Fast Corporation LTD
FileDescription: PC App Store Setup
LegalCopyright: Fast Corporation LTD
ProductName: PC App Store
ProductVersion: 1.0.0.2010
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
297
Monitored processes
127
Malicious processes
9
Suspicious processes
5

Behavior graph

Click at the process to see the details
start #GENERIC setup.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs THREAT pcappstore.exe msedge.exe no specs watchdog.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs microsoftedgewebview2setup.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe msedge.exe no specs msedge.exe no specs microsoftedgeupdate.exe THREAT pcappstore.exe no specs THREAT pcappstore.exe no specs microsoftedge_x64_142.0.3595.94.exe setup.exe setup.exe no specs THREAT pcappstore.exe no specs msedgewebview2.exe msedgewebview2.exe no specs slui.exe msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs setupengine.exe no specs microsoftedgeupdate.exe setupengine.exe powershell.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs diskspd.exe no specs msedgewebview2.exe no specs fast!.exe nw.exe nw.exe nw.exe no specs nw.exe nw.exe no specs nw.exe nw.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs nw.exe no specs nw.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs systemsettings.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedgewebview2.exe msedge.exe no specs uninstaller.exe un_a.exe msedge.exe no specs schtasks.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs uninstaller.exe un_a.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs schtasks.exe no specs conhost.exe no specs explorer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
480"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\142.0.3595.94\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\admin\PCAppStore\UserData\admin\EBWebView" --webview-exe-name=PcAppStore.exe --webview-exe-version=1.0.0.2010 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --force-high-res-timeticks=disabled --skip-read-main-dll --metrics-shmem-handle=5488,i,6032301993744943029,18305195135947497685,524288 --field-trial-handle=1872,i,4198547807048760628,4650154644055762964,262144 --enable-features=ForceSWDCompWhenDCompFallbackRequired,LocalNetworkAccessForFencedFrameNavigationsWarningOnly,LocalNetworkAccessForNavigationsWarningOnly,LocalNetworkAccessForSubframeNavigationsWarningOnly,LocalNetworkAccessForWorkersWarningOnly,msAggressiveCacheTrimming,msCustomDataPartition,msWebView2NoTabForScreenShare,msWindowsTaskManager --disable-features=BackForwardCache,BackgroundTabLoadingFromPerformanceManager,CloseOmniboxPopupOnInactiveAreaClick,CollectAVProductsInfo,CollectCodeIntegrityInfo,DeferSpeculativeRFHCreation,EnableHangWatcher,FilterAdsOnAbusiveSites,GetWifiProtocol,LoginDetection,MediaFoundationCameraUsageMonitoring,PreconnectToSearch,PreloadingEagerHeuristics,SafetyHub,SegmentationPlatform,ServiceWorkerAutoPreload,SpareRendererForSitePerProcess,Ukm,WebPayments,msAITrackerClassification,msAbydosForWindowlessWV2,msAffirmVirtualCard,msAllowChromeWebstore,msAllowMSAPrtSSOForNonMSAProfile,msApplicationGuard,msAskBeforeClosingMultipleTabs,msAutoToggleAADPrtSSOForNonAADProfile,msAutofillEdgeServiceRequest,msAutofillEnableEdgeSuggestions,msAutomaticTabFreeze,msBrowserSettingsSupported,msCoarseGeolocationService,msDataProtection,msDesktopMode,msDesktopRewards,msDisableVariationsSeedFetchThrottling,msEEProactiveHistory,msETFOffstoreExtensionFileDataCollection,msETFPasswordTheftDNRActionSignals,msEdgeAdPlatformUI,msEdgeAddWebCapturetoCollections,msEdgeAutofillShowDeployedPassword,msEdgeCaptureSelectionInPDF,msEdgeCloudConfigService,msEdgeCloudConfigServiceV2,msEdgeCohorts,msEdgeCollectionsPrismExperiment1,msEdgeCollectionsPrismOverallMigration,msEdgeComposeNext,msEdgeEnableNurturingFramework,msEdgeEnclavePrefsBasic,msEdgeEnclavePrefsNotification,msEdgeFaviconService,msEdgeHJTelemetry,msEdgeHubAppSkype,msEdgeImageEditorUI,msEdgeLinkDoctor,msEdgeMouseGestureDefaultEnabled,msEdgeMouseGestureSupported,msEdgeNewDeviceFre,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgePDFCMHighlightUX,msEdgePasswordIris,msEdgePasswordIrisSaveBubble,msEdgePasswordStrengthCheck,msEdgePinpointFramework,msEdgeProngPersonalization,msEdgeReadingView,msEdgeRose,msEdgeScreenshotUI,msEdgeSendTabToSelf,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingPersistentStorage,msEdgeShoppingUI,msEdgeSmartFind,msEdgeSuperDragDefaultEnabled,msEdgeSuperDragDropSupported,msEdgeTranslate,msEdgeUpdatesMoreMenuPill,msEdgeWebCapture,msEdgeWebCaptureUniformExperience,msEdgeWebContentFilteringFeedback,msEdgeWorkSearchBanner,msEnableCustomJobMemoryLimitsOnXbox,msEnableMIPForPDF,msEnablePdfUpsell,msEnableThirdPartyScanning,msEnableWebSignInCta,msEnableWebToBrowserSignIn,msEndpointDlp,msEntityExtraction,msExtensionTelemetryFramework,msExternalTaskManager,msFileSystemAccessDirectoryIterationBlocklistCheck,msForceBrowserSignIn,msForeignSessionsPage,msGeolocationAccessService,msGeolocationOSLocationPermissionFallback,msGeolocationSQMService,msGeolocationService,msGrowthInfraLaunchSourceLogging,msGuidedSwitchAllowed,msHubPinPersist,msImplicitSignin,msIrm,msIrmv2,msKlarnaVirtualCard,msLlmConsumerDlpPurview,msLoadStatistics,msLogIsEdgePinnedToTaskbarOnLaunch,msMIPCrossTenantPdfViewSupport,msMdatpWebSiteDlp,msNotificationPermissionForPWA,msNumberOfSitesToPin,msNurturingGlobalSitePinningOnCloseModal,msNurturingSitePinningCITopSites,msNurturingSitePinningWithWindowsConsent,msOnHoverSearchInSidebar,msOpenOfficeDocumentsInWebViewer,msPageInteractionRestrictionRevoke,msPasswordBreachDetection,msPdfAnnotationsVisibility,msPdfDataRecovery,msPdfDigitalSignatureRead,msPdfFreeText,msPdfFreeTextForCJK,msPdfHighlightMode,msPdfInking,msPdfKeyphraseSupport,msPdfOOUI,msPdfPopupMarkerRenderer,msPdfShare,msPdfSharedLibrary,msPdfTextNote,msPdfTextNoteMoreMenu,msPdfThumbnailCache,msPdfUnderside,msPdfViewRestore,msPersonalizationUMA,msPriceComparison,msPromptDefaultHandlerForPDF,msReactiveSearch,msReadAloud,msReadAloudPdf,msRedirectToShoreline,msRevokeExtensions,msSaasDlp,msShoppingTrigger,msShorelineSearch,msShorelineSearchFindOnPageWebUI,msShowOfflineGameEntrance,msShowReadAloudIconInAddressBar,msShowUXForAADPrtSSOForNonAADProfile,msSitePinningWithoutUi,msSuspendMessageForNewSessionWhenHavingPendingNavigation,msSyncEdgeCollections,msTabResourceStats,msTokenizationAutofillInlineEnabled,msTouchMode,msTriggeringSignalGenerator,msUserUnderstanding,msVideoSuperResolutionUI,msWalletBuyNow,msWalletCheckout,msWalletDiagnosticDataLogger,msWalletHubEntry,msWalletHubIntlP3,msWalletPartialCard,msWalletPasswordCategorization,msWalletPasswordCategorizationPlatformExpansion,msWalletTokenizationCardMetadata,msWalletTokenizedAutofill,msWebAssist,msWebAssistHistorySearchService,msWebOOUI,msWindowsUserActivities,msZipPayVirtualCard --variations-seed-version --trace-process-track-uuid=3190708997556373682 --mojo-platform-channel-handle=5580 /prefetch:8C:\Program Files (x86)\Microsoft\EdgeWebView\Application\142.0.3595.94\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
142.0.3595.94
Modules
Images
c:\program files (x86)\microsoft\edgewebview\application\142.0.3595.94\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edgewebview\application\142.0.3595.94\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
744"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\142.0.3595.94\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\admin\PCAppStore\UserData\admin\EBWebView" --webview-exe-name=PcAppStore.exe --webview-exe-version=1.0.0.2010 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --force-high-res-timeticks=disabled --skip-read-main-dll --metrics-shmem-handle=4492,i,13306569496801050317,9685714015607951686,524288 --field-trial-handle=1872,i,4198547807048760628,4650154644055762964,262144 --enable-features=ForceSWDCompWhenDCompFallbackRequired,LocalNetworkAccessForFencedFrameNavigationsWarningOnly,LocalNetworkAccessForNavigationsWarningOnly,LocalNetworkAccessForSubframeNavigationsWarningOnly,LocalNetworkAccessForWorkersWarningOnly,msAggressiveCacheTrimming,msCustomDataPartition,msWebView2NoTabForScreenShare,msWindowsTaskManager --disable-features=BackForwardCache,BackgroundTabLoadingFromPerformanceManager,CloseOmniboxPopupOnInactiveAreaClick,CollectAVProductsInfo,CollectCodeIntegrityInfo,DeferSpeculativeRFHCreation,EnableHangWatcher,FilterAdsOnAbusiveSites,GetWifiProtocol,LoginDetection,MediaFoundationCameraUsageMonitoring,PreconnectToSearch,PreloadingEagerHeuristics,SafetyHub,SegmentationPlatform,ServiceWorkerAutoPreload,SpareRendererForSitePerProcess,Ukm,WebPayments,msAITrackerClassification,msAbydosForWindowlessWV2,msAffirmVirtualCard,msAllowChromeWebstore,msAllowMSAPrtSSOForNonMSAProfile,msApplicationGuard,msAskBeforeClosingMultipleTabs,msAutoToggleAADPrtSSOForNonAADProfile,msAutofillEdgeServiceRequest,msAutofillEnableEdgeSuggestions,msAutomaticTabFreeze,msBrowserSettingsSupported,msCoarseGeolocationService,msDataProtection,msDesktopMode,msDesktopRewards,msDisableVariationsSeedFetchThrottling,msEEProactiveHistory,msETFOffstoreExtensionFileDataCollection,msETFPasswordTheftDNRActionSignals,msEdgeAdPlatformUI,msEdgeAddWebCapturetoCollections,msEdgeAutofillShowDeployedPassword,msEdgeCaptureSelectionInPDF,msEdgeCloudConfigService,msEdgeCloudConfigServiceV2,msEdgeCohorts,msEdgeCollectionsPrismExperiment1,msEdgeCollectionsPrismOverallMigration,msEdgeComposeNext,msEdgeEnableNurturingFramework,msEdgeEnclavePrefsBasic,msEdgeEnclavePrefsNotification,msEdgeFaviconService,msEdgeHJTelemetry,msEdgeHubAppSkype,msEdgeImageEditorUI,msEdgeLinkDoctor,msEdgeMouseGestureDefaultEnabled,msEdgeMouseGestureSupported,msEdgeNewDeviceFre,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgePDFCMHighlightUX,msEdgePasswordIris,msEdgePasswordIrisSaveBubble,msEdgePasswordStrengthCheck,msEdgePinpointFramework,msEdgeProngPersonalization,msEdgeReadingView,msEdgeRose,msEdgeScreenshotUI,msEdgeSendTabToSelf,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingPersistentStorage,msEdgeShoppingUI,msEdgeSmartFind,msEdgeSuperDragDefaultEnabled,msEdgeSuperDragDropSupported,msEdgeTranslate,msEdgeUpdatesMoreMenuPill,msEdgeWebCapture,msEdgeWebCaptureUniformExperience,msEdgeWebContentFilteringFeedback,msEdgeWorkSearchBanner,msEnableCustomJobMemoryLimitsOnXbox,msEnableMIPForPDF,msEnablePdfUpsell,msEnableThirdPartyScanning,msEnableWebSignInCta,msEnableWebToBrowserSignIn,msEndpointDlp,msEntityExtraction,msExtensionTelemetryFramework,msExternalTaskManager,msFileSystemAccessDirectoryIterationBlocklistCheck,msForceBrowserSignIn,msForeignSessionsPage,msGeolocationAccessService,msGeolocationOSLocationPermissionFallback,msGeolocationSQMService,msGeolocationService,msGrowthInfraLaunchSourceLogging,msGuidedSwitchAllowed,msHubPinPersist,msImplicitSignin,msIrm,msIrmv2,msKlarnaVirtualCard,msLlmConsumerDlpPurview,msLoadStatistics,msLogIsEdgePinnedToTaskbarOnLaunch,msMIPCrossTenantPdfViewSupport,msMdatpWebSiteDlp,msNotificationPermissionForPWA,msNumberOfSitesToPin,msNurturingGlobalSitePinningOnCloseModal,msNurturingSitePinningCITopSites,msNurturingSitePinningWithWindowsConsent,msOnHoverSearchInSidebar,msOpenOfficeDocumentsInWebViewer,msPageInteractionRestrictionRevoke,msPasswordBreachDetection,msPdfAnnotationsVisibility,msPdfDataRecovery,msPdfDigitalSignatureRead,msPdfFreeText,msPdfFreeTextForCJK,msPdfHighlightMode,msPdfInking,msPdfKeyphraseSupport,msPdfOOUI,msPdfPopupMarkerRenderer,msPdfShare,msPdfSharedLibrary,msPdfTextNote,msPdfTextNoteMoreMenu,msPdfThumbnailCache,msPdfUnderside,msPdfViewRestore,msPersonalizationUMA,msPriceComparison,msPromptDefaultHandlerForPDF,msReactiveSearch,msReadAloud,msReadAloudPdf,msRedirectToShoreline,msRevokeExtensions,msSaasDlp,msShoppingTrigger,msShorelineSearch,msShorelineSearchFindOnPageWebUI,msShowOfflineGameEntrance,msShowReadAloudIconInAddressBar,msShowUXForAADPrtSSOForNonAADProfile,msSitePinningWithoutUi,msSuspendMessageForNewSessionWhenHavingPendingNavigation,msSyncEdgeCollections,msTabResourceStats,msTokenizationAutofillInlineEnabled,msTouchMode,msTriggeringSignalGenerator,msUserUnderstanding,msVideoSuperResolutionUI,msWalletBuyNow,msWalletCheckout,msWalletDiagnosticDataLogger,msWalletHubEntry,msWalletHubIntlP3,msWalletPartialCard,msWalletPasswordCategorization,msWalletPasswordCategorizationPlatformExpansion,msWalletTokenizationCardMetadata,msWalletTokenizedAutofill,msWebAssist,msWebAssistHistorySearchService,msWebOOUI,msWindowsUserActivities,msZipPayVirtualCard --variations-seed-version --trace-process-track-uuid=3190708999430457380 --mojo-platform-channel-handle=5412 /prefetch:8C:\Program Files (x86)\Microsoft\EdgeWebView\Application\142.0.3595.94\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
142.0.3595.94
Modules
Images
c:\program files (x86)\microsoft\edgewebview\application\142.0.3595.94\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edgewebview\application\142.0.3595.94\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
804"C:\Users\admin\PCAppStore\download\SetupEngine.exe" /HLC:\Users\admin\PCAppStore\download\SetupEngine.exe
PcAppStore.exe
User:
admin
Company:
Fast Corporation LTD
Integrity Level:
HIGH
Description:
Fast! Setup
Exit code:
0
Version:
2.3.5.8
Modules
Images
c:\users\admin\pcappstore\download\setupengine.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
936"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=4008 --field-trial-handle=1964,i,15785521752295383850,12367560432293601103,262144 /prefetch:8C:\Program Files (x86)\Fast!\nwjs\nw.exenw.exe
User:
admin
Company:
The NW.js Community
Integrity Level:
HIGH
Description:
Fast!
Exit code:
0
Version:
0.82.0
Modules
Images
c:\program files (x86)\fast!\nwjs\nw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\fast!\nwjs\nw_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
988\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1172"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2A3DA3B4-DEF8-407A-B872-BCDE724CD75A}\EDGEMITMP_5EBC0.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2A3DA3B4-DEF8-407A-B872-BCDE724CD75A}\MicrosoftEdge_X64_142.0.3595.94.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-levelC:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2A3DA3B4-DEF8-407A-B872-BCDE724CD75A}\EDGEMITMP_5EBC0.tmp\setup.exe
MicrosoftEdge_X64_142.0.3595.94.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Installer
Exit code:
0
Version:
142.0.3595.94
Modules
Images
c:\program files (x86)\microsoft\edgeupdate\install\{2a3da3b4-def8-407a-b872-bcde724cd75a}\edgemitmp_5ebc0.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1252\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeschtasks.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1576"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=DefaultC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1632"C:\Program Files (x86)\Fast!\nwjs\nw.exe" ui\.C:\Program Files (x86)\Fast!\nwjs\nw.exe
fast!.exe
User:
admin
Company:
The NW.js Community
Integrity Level:
HIGH
Description:
Fast!
Exit code:
0
Version:
0.82.0
Modules
Images
c:\program files (x86)\fast!\nwjs\nw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\program files (x86)\fast!\nwjs\nw_elf.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1936"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2364,i,15886380139510894732,13574582147541386105,262144 --variations-seed-version --mojo-platform-channel-handle=2372 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
109 925
Read events
108 036
Write events
1 750
Delete events
139

Modification events

(PID) Process:(7392) Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7392) Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7392) Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7392) Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\PCAppStore
Operation:writeName:Version
Value:
fa.2010
(PID) Process:(7392) Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\PCAppStore
Operation:writeName:InstallPath
Value:
C:\Users\admin\PCAppStore
(PID) Process:(7392) Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(7392) Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCAppStore
Operation:writeName:DisplayName
Value:
PC App Store
(PID) Process:(7392) Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCAppStore
Operation:writeName:UninstallString
Value:
"C:\Users\admin\PCAppStore\Uninstaller.exe"
(PID) Process:(7392) Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCAppStore
Operation:writeName:DisplayIcon
Value:
"C:\Users\admin\PCAppStore\Uninstaller.exe"
(PID) Process:(7392) Setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCAppStore
Operation:writeName:Publisher
Value:
Fast Corporation LTD
Executable files
312
Suspicious files
1 340
Text files
442
Unknown types
7

Dropped files

PID
Process
Filename
Type
7392Setup.exeC:\Users\admin\AppData\Local\Temp\nsa1E6B.tmp\image.gifimage
MD5:1636218C14C357455B5C872982E2A047
SHA256:9B8B6285BF65F086E08701EEE04E57F2586E973A49C5A38660C9C6502A807045
7392Setup.exeC:\Users\admin\PCAppStore\Watchdog.exeexecutable
MD5:52B95B5BE353A73E530FAC5F9090FF25
SHA256:0C03C1F992938B5F0BC73941769FAB6E40FE41D0A96992AE3C6AD9E5FC5D6049
7392Setup.exeC:\Users\admin\PCAppStore\AutoUpdater.exeexecutable
MD5:7A1083F1846DB5B4D452FDFFCC82C667
SHA256:93DD12D17ACA3B4BB8C4884119496529405BC0050A982520B42FBEBD06956462
7744msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Variationsbinary
MD5:CDDDC745A8C954DC438C931889999BDB
SHA256:3DC9043838386F5363AC96A01477CF3163B5118B80191576A11B32CE9894314C
7392Setup.exeC:\Users\admin\AppData\Local\Temp\nsa1E6B.tmp\System.dllexecutable
MD5:CFF85C549D536F651D4FB8387F1976F2
SHA256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
7392Setup.exeC:\Users\admin\AppData\Local\Temp\nsa1E6B.tmp\nsJSON.dllexecutable
MD5:F4D89D9A2A3E2F164AEA3E93864905C9
SHA256:64B3EFDF3DE54E338D4DB96B549A7BDB7237BB88A82A0A63AEF570327A78A6FB
7744msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF163a7d.TMP
MD5:
SHA256:
7744msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
7392Setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\773CFF2C7835D48C4E76FE153DBA9F81_F232D15B306B87EF7D89BDECABC88676binary
MD5:29B853A6053F2117E1CF3326E40A8713
SHA256:1216E720015BD1670EFB6E7C15D6C89657BB2C7FF38F67F06B71603F4135072B
7392Setup.exeC:\Users\admin\AppData\Local\Temp\nsa1E6B.tmp\modern-wizard.bmpimage
MD5:CBE40FD2B1EC96DAEDC65DA172D90022
SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
35
TCP/UDP connections
310
DNS requests
265
Threats
22

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7392
Setup.exe
GET
200
184.30.131.245:80
http://status.rapidssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJiUKgT2m88fZ4nxc1Lu6M%2FjvkagQUDNtsgkkPSmcKuBTuesRIUojrVjgCEAs3%2BNNJvfdja5VCZfjkXmo%3D
unknown
whitelisted
8056
Watchdog.exe
GET
200
18.245.38.235:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEjgLnWaIozse2b%2BczaaODg8%3D
unknown
whitelisted
8028
PcAppStore.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
8912
svchost.exe
GET
199.232.210.172:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/003922a9-6846-48e1-b864-200ee31fda79?P1=1765427576&P2=404&P3=2&P4=XbRN5jekTyNwqsiC%2bVKU77gitaXjs2LcJOmnv3dnQysnVrFPJ4zGMEE5ao%2bSvNJewn%2fjGFLYCAOvg8qjs%2fUUbg%3d%3d
unknown
whitelisted
8912
svchost.exe
HEAD
200
199.232.210.172:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/003922a9-6846-48e1-b864-200ee31fda79?P1=1765427576&P2=404&P3=2&P4=XbRN5jekTyNwqsiC%2bVKU77gitaXjs2LcJOmnv3dnQysnVrFPJ4zGMEE5ao%2bSvNJewn%2fjGFLYCAOvg8qjs%2fUUbg%3d%3d
unknown
whitelisted
2456
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
2456
SIHClient.exe
GET
200
23.55.110.193:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
2456
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.3.crl
unknown
whitelisted
7392
Setup.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAsllCLO2YEqFaBOmVKKDvo%3D
unknown
whitelisted
2456
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
5596
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4592
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2308
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7088
SearchApp.exe
2.16.241.201:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
7392
Setup.exe
159.223.126.41:443
pcapp.store
DIGITALOCEAN-ASN
US
suspicious
7392
Setup.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
8012
msedge.exe
150.171.28.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
8012
msedge.exe
104.18.22.222:443
copilot.microsoft.com
CLOUDFLARENET
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.104.136.2
whitelisted
www.bing.com
  • 2.16.241.201
  • 2.16.241.218
  • 23.3.88.226
  • 23.3.88.162
  • 23.3.88.147
  • 23.3.88.185
  • 92.123.104.33
  • 92.123.104.19
  • 92.123.104.59
  • 92.123.104.60
  • 92.123.104.67
  • 92.123.104.52
  • 92.123.104.31
  • 92.123.104.32
  • 92.123.104.34
  • 92.123.104.49
  • 92.123.104.47
whitelisted
google.com
  • 142.250.185.238
whitelisted
pcapp.store
  • 159.223.126.41
  • 104.248.126.225
  • 167.99.235.203
  • 45.32.1.23
  • 207.246.91.177
  • 64.176.203.93
  • 159.203.177.96
  • 209.222.21.115
  • 159.223.101.159
unknown
ocsp.digicert.com
  • 184.30.131.245
whitelisted
status.rapidssl.com
  • 184.30.131.245
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
copilot.microsoft.com
  • 104.18.22.222
  • 104.18.23.222
whitelisted
d74queuslupub.cloudfront.net
  • 18.239.105.57
  • 18.239.105.89
  • 18.239.105.113
  • 18.239.105.112
unknown

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
Misc activity
ET INFO Observed UA-CPU Header
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
Process
Message
PcAppStore.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
PcAppStore.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
PcAppStore.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
PcAppStore.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
PcAppStore.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
PcAppStore.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
PcAppStore.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
PcAppStore.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
PcAppStore.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
PcAppStore.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Setup.exe