File name:

PDFizer.exe

Full analysis: https://app.any.run/tasks/b4799840-def8-4ba4-a115-ff029a16d90f
Verdict: Malicious activity
Analysis date: April 07, 2026, 16:57:58
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto-reg
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 7 sections
MD5:

E0F168337A74DAE57F2594864EBDBB9E

SHA1:

451EEC9176DFB5C1902A7C97B0C3FC4C13DA8AFD

SHA256:

24DDF303DFD5FDB33E17CBAF6FD52B497AD674886D4FD3FC2BCE65A729E7903C

SSDEEP:

98304:gLycx2D4PrRvvSu41QiUiTBn9BTJzu7x0ys2OOO/Mt0Zwp9kGMvaUtoVvbCzP9ok:aK/ao5L1xsPKoLdiA5c

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • PDFizer.exe (PID: 8020)
      • PDFizer.exe (PID: 1296)
      • PDFizer.exe (PID: 2268)
      • PDFizer.exe (PID: 4704)

    • Changes the autorun value in the registry

      • PDFizer.exe (PID: 1296)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • PDFizer.exe (PID: 1296)
      • PDFizer.exe (PID: 4704)

    • Searches for installed software

      • PDFizer.exe (PID: 1296)
      • PDFizer.exe (PID: 2268)
      • PDFizer.exe (PID: 4704)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 4336)

    • Uses RUNDLL32.EXE to run a file without a DLL extension

      • rundll32.exe (PID: 7508)
      • rundll32.exe (PID: 7896)
      • rundll32.exe (PID: 5768)

    • Application launched itself

      • PDFizer.exe (PID: 2268)

  • INFO

    • The sample compiled with english language support

      • PDFizer.exe (PID: 8020)

    • Checks supported languages

      • PDFizer.exe (PID: 1296)
      • PDFizer.exe (PID: 8020)
      • msiexec.exe (PID: 4336)
      • msiexec.exe (PID: 2792)
      • PDFizer.exe (PID: 2268)
      • PDFizer.exe (PID: 4704)
      • identity_helper.exe (PID: 5660)

    • Create files in a temporary directory

      • PDFizer.exe (PID: 1296)
      • PDFizer.exe (PID: 8020)
      • rundll32.exe (PID: 7508)
      • rundll32.exe (PID: 7364)
      • PDFizer.exe (PID: 2268)
      • PDFizer.exe (PID: 4704)
      • rundll32.exe (PID: 5768)
      • rundll32.exe (PID: 7896)

    • Reads the computer name

      • PDFizer.exe (PID: 1296)
      • msiexec.exe (PID: 4336)
      • msiexec.exe (PID: 2792)
      • identity_helper.exe (PID: 5660)
      • PDFizer.exe (PID: 4704)

    • Reads the machine GUID from the registry

      • PDFizer.exe (PID: 1296)
      • PDFizer.exe (PID: 4704)

    • Reads security settings of Internet Explorer

      • PDFizer.exe (PID: 1296)
      • rundll32.exe (PID: 5768)
      • PDFizer.exe (PID: 4704)

    • Creates files or folders in the user directory

      • PDFizer.exe (PID: 1296)
      • msiexec.exe (PID: 4336)

    • Launching a file from a Registry key

      • PDFizer.exe (PID: 1296)

    • Creates a software uninstall entry

      • PDFizer.exe (PID: 1296)
      • msiexec.exe (PID: 4336)

    • Manual execution by a user

      • PDFizer.exe (PID: 2268)

    • Disables trace logs

      • rundll32.exe (PID: 7508)

    • Application launched itself

      • msedge.exe (PID: 7776)

    • Reads Environment values

      • identity_helper.exe (PID: 5660)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:03:22 22:06:13+00:00
ImageFileCharacteristics: Executable, 32-bit, Removable run from swap, Net run from swap
PEType: PE32
LinkerVersion: 14.38
CodeSize: 443392
InitializedDataSize: 240640
UninitializedDataSize: -
EntryPoint: 0x48650
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.1.0.0
ProductVersionNumber: 1.1.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: ASCII
CompanyName: PDFizer
FileDescription: PDFizer
FileVersion: 1.1.0
InternalName: burn
OriginalFileName: PDFizer.exe
ProductName: PDFizer
ProductVersion: 1.1.0
LegalCopyright: Copyright (c) PDFizer. All rights reserved.
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
173
Monitored processes
35
Malicious processes
4
Suspicious processes
1

Behavior graph

Click at the process to see the details
start pdfizer.exe no specs pdfizer.exe msiexec.exe no specs msiexec.exe no specs rundll32.exe pdfizer.exe no specs pdfizer.exe no specs rundll32.exe no specs rundll32.exe rundll32.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1296"C:\Users\admin\AppData\Local\Temp\{3DB4CC79-2A69-4755-AB01-F21A48683233}\.cr\PDFizer.exe" -burn.clean.room="C:\Users\admin\Desktop\PDFizer.exe" -burn.filehandle.attached=708 -burn.filehandle.self=720C:\Users\admin\AppData\Local\Temp\{3DB4CC79-2A69-4755-AB01-F21A48683233}\.cr\PDFizer.exe
PDFizer.exe
User:
admin
Company:
PDFizer
Integrity Level:
MEDIUM
Description:
PDFizer
Version:
1.1.0
Modules
Images
c:\users\admin\appdata\local\temp\{3db4cc79-2a69-4755-ab01-f21a48683233}\.cr\pdfizer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2268"C:\Users\admin\AppData\Local\Package Cache\{20DD91E6-052B-4225-B2E1-9CD95F18D26B}\PDFizer.exe" /burn.clean.room /burn.runonceC:\Users\admin\AppData\Local\Package Cache\{20DD91E6-052B-4225-B2E1-9CD95F18D26B}\PDFizer.exeexplorer.exe
User:
admin
Company:
PDFizer
Integrity Level:
MEDIUM
Description:
PDFizer
Exit code:
0
Version:
1.1.0
Modules
Images
c:\users\admin\appdata\local\package cache\{20dd91e6-052b-4225-b2e1-9cd95f18d26b}\pdfizer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
2312"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6012,i,4671991419872850264,16077080777490859924,262144 --variations-seed-version --mojo-platform-channel-handle=6040 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\identity_helper.exe
c:\windows\system32\ntdll.dll
2316"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.92 --initial-client-data=0x304,0x308,0x30c,0x2fc,0x314,0x7ffe2256f208,0x7ffe2256f214,0x7ffe2256f220C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2428"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5488,i,4671991419872850264,16077080777490859924,262144 --variations-seed-version --mojo-platform-channel-handle=5044 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2792C:\Windows\syswow64\MsiExec.exe -Embedding 6ACE68F9E9BB7BD802AA8C843C9AB72CC:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
4104"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2324,i,4671991419872850264,16077080777490859924,262144 --variations-seed-version --mojo-platform-channel-handle=2216 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4324"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2728,i,4671991419872850264,16077080777490859924,262144 --variations-seed-version --mojo-platform-channel-handle=2500 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4336C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
4704"C:\Users\admin\AppData\Local\Package Cache\{20DD91E6-052B-4225-B2E1-9CD95F18D26B}\PDFizer.exe" /burn.clean.room /burn.log.append "C:\Users\admin\AppData\Local\Temp\.\PDFizer_1.1.0_20260407125808.log"C:\Users\admin\AppData\Local\Package Cache\{20DD91E6-052B-4225-B2E1-9CD95F18D26B}\PDFizer.exePDFizer.exe
User:
admin
Company:
PDFizer
Integrity Level:
MEDIUM
Description:
PDFizer
Version:
1.1.0
Modules
Images
c:\users\admin\appdata\local\package cache\{20dd91e6-052b-4225-b2e1-9cd95f18d26b}\pdfizer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
Total events
17 716
Read events
17 540
Write events
160
Delete events
16

Modification events

(PID) Process:(1296) PDFizer.exeKey:HKEY_CLASSES_ROOT\Installer\Dependencies\{5639B06E-CAC2-4CF0-8C58-F4C628AA74F7}_v1.1.0
Operation:writeName:Version
Value:
1.1.0
(PID) Process:(1296) PDFizer.exeKey:HKEY_CLASSES_ROOT\Installer\Dependencies\{5639B06E-CAC2-4CF0-8C58-F4C628AA74F7}_v1.1.0
Operation:writeName:DisplayName
Value:
PDFizer
(PID) Process:(1296) PDFizer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{20DD91E6-052B-4225-B2E1-9CD95F18D26B}
Operation:writeName:BundleCachePath
Value:
C:\Users\admin\AppData\Local\Package Cache\{20DD91E6-052B-4225-B2E1-9CD95F18D26B}\PDFizer.exe
(PID) Process:(1296) PDFizer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{20DD91E6-052B-4225-B2E1-9CD95F18D26B}
Operation:writeName:BundleUpgradeCode
Value:
{6058CE0B-7401-4D92-8091-5F2CAB389EE4}
(PID) Process:(1296) PDFizer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{20DD91E6-052B-4225-B2E1-9CD95F18D26B}
Operation:writeName:BundleAddonCode
Value:
(PID) Process:(1296) PDFizer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{20DD91E6-052B-4225-B2E1-9CD95F18D26B}
Operation:writeName:BundleDetectCode
Value:
(PID) Process:(1296) PDFizer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{20DD91E6-052B-4225-B2E1-9CD95F18D26B}
Operation:writeName:BundlePatchCode
Value:
(PID) Process:(1296) PDFizer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{20DD91E6-052B-4225-B2E1-9CD95F18D26B}
Operation:writeName:BundleVersion
Value:
1.1.0
(PID) Process:(1296) PDFizer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{20DD91E6-052B-4225-B2E1-9CD95F18D26B}
Operation:writeName:VersionMajor
Value:
1
(PID) Process:(1296) PDFizer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{20DD91E6-052B-4225-B2E1-9CD95F18D26B}
Operation:writeName:VersionMinor
Value:
1
Executable files
1
Suspicious files
31
Text files
230
Unknown types
222

Dropped files

PID
Process
Filename
Type
1296PDFizer.exeC:\Users\admin\AppData\Local\Temp\{BC2503C2-2021-43FB-8427-07F470DC3871}\.ba\1040\mbapreq.wxlbinary
MD5:D7B2C65CDE5162303B615134281C9655
SHA256:7AB561AA2C07CD2BDA60DAB419846CCBB656E8B46573F83FF0BBB987D63863FC
1296PDFizer.exeC:\Users\admin\AppData\Local\Temp\{BC2503C2-2021-43FB-8427-07F470DC3871}\.ba\Assets\logoInst.pngbinary
MD5:53BDCCB590420385831B796BE62BAF64
SHA256:645BE96E9144F6FD1DFBB09A7FDC89DA918703F08F11A7B72064B7FB808C194D
1296PDFizer.exeC:\Users\admin\AppData\Local\Temp\{BC2503C2-2021-43FB-8427-07F470DC3871}\.ba\1031\mbapreq.wxlbinary
MD5:7A83E4D962F45F7DD4B7F415EBB3E678
SHA256:E269EB427C20D0795C63B0ACAF99BA7D5AA66040B0423DBA014E2DA4A95696D4
1296PDFizer.exeC:\Users\admin\AppData\Local\Temp\{BC2503C2-2021-43FB-8427-07F470DC3871}\.ba\EulaBootstrapper.dllbinary
MD5:DDB422962066CBCB451535724A7BED76
SHA256:6554F46C56EFA9E54B5C0297D26C2276372E70C3284CE1285E8274132FC3FB83
1296PDFizer.exeC:\Users\admin\AppData\Local\Temp\{BC2503C2-2021-43FB-8427-07F470DC3871}\.ba\WixToolset.Mba.Core.dllbinary
MD5:EC393B51456EE6AE6C3FA9BD840EC783
SHA256:2FDFD86CA4BA705AAE263E59CEF29A0FA8D251E4B288E5713EADD2E1D2681812
1296PDFizer.exeC:\Users\admin\AppData\Local\Temp\{BC2503C2-2021-43FB-8427-07F470DC3871}\.ba\mbapreq.pngbinary
MD5:A356956FD269567B8F4612A33802637B
SHA256:A401A225ADDAF89110B4B0F6E8CF94779E7C0640BCDD2D670FFCF05AAB0DAD03
8020PDFizer.exeC:\Users\admin\AppData\Local\Temp\{3DB4CC79-2A69-4755-AB01-F21A48683233}\.cr\PDFizer.exebinary
MD5:5497D81DAAB3EB29FD4E4EE3B50DB1F4
SHA256:853F51BE5008D0D7021C3EAD8A857949336ACDD676BC2D8263A0F21F0CAC9C11
1296PDFizer.exeC:\Users\admin\AppData\Local\Temp\{BC2503C2-2021-43FB-8427-07F470DC3871}\.ba\WixToolset.Mba.Host.configbinary
MD5:5C123871BAF4323DCE00224F1E7F93BC
SHA256:5050464968C731E3B0E30D1A55D3DDBD232F08ACC288DD857EC5949B08C4C834
1296PDFizer.exeC:\Users\admin\AppData\Local\Temp\{BC2503C2-2021-43FB-8427-07F470DC3871}\.ba\mbanative.dllbinary
MD5:5441EC98C2136783BB902259B6CDD647
SHA256:659FF12D11D77A18962D25292FED64CDC94A1BD99470F7E17111CE57EFCCA83E
1296PDFizer.exeC:\Users\admin\AppData\Local\Temp\{BC2503C2-2021-43FB-8427-07F470DC3871}\.ba\1035\mbapreq.wxlbinary
MD5:6A4F5B0316A2290E5BBE4ADAF53D19F3
SHA256:78DB48FB9835E4557D47915D7AF57A56F6CA62074612867A2BA8DD7BC7834331
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
136
TCP/UDP connections
86
DNS requests
64
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5276
MoUsoCoreWorker.exe
GET
304
20.73.194.208:443
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3094&FlightIds=&UpdateOfferedDays=4294967295&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&sku=48&ActivationChannel=Retail&AttrDataVer=186&IsMDMEnrolled=0&ProcessorCores=6&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&TotalPhysicalRAM=6144&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260281&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&UpdateServiceUrl=http%3A%2F%2Fneverupdatewindows10.com&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30
US
whitelisted
6632
SIHClient.exe
GET
304
135.232.92.137:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
6260
svchost.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
6260
svchost.exe
GET
200
184.30.158.70:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
5276
MoUsoCoreWorker.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
5316
svchost.exe
POST
200
20.190.160.14:443
https://login.live.com/RST2.srf
US
binary
1.24 Kb
whitelisted
5316
svchost.exe
POST
200
20.190.160.20:443
https://login.live.com/RST2.srf
US
binary
1.24 Kb
whitelisted
6632
SIHClient.exe
GET
200
20.165.94.54:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
US
whitelisted
5316
svchost.exe
POST
400
20.190.160.14:443
https://login.live.com/ppsecure/deviceaddcredential.srf
US
binary
203 b
whitelisted
6632
SIHClient.exe
GET
200
135.232.92.137:443
https://slscr.update.microsoft.com/sls/ping
US
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
6260
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5276
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
128.24.231.65:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2.16.204.144:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
6260
svchost.exe
2.16.164.49:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5276
MoUsoCoreWorker.exe
2.16.164.49:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
6260
svchost.exe
184.30.158.70:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
5276
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 4.231.128.59
whitelisted
activation-v2.sls.microsoft.com
  • 128.24.231.65
whitelisted
www.bing.com
  • 2.16.204.144
  • 2.16.204.151
  • 2.16.204.135
  • 2.16.204.145
  • 2.16.204.136
  • 104.126.37.136
  • 104.126.37.152
  • 104.126.37.154
  • 104.126.37.160
  • 104.126.37.146
  • 104.126.37.137
  • 104.126.37.128
  • 104.126.37.131
  • 104.126.37.153
  • 2.16.204.161
  • 2.16.204.152
  • 2.16.204.148
  • 2.16.204.160
  • 2.16.204.158
  • 2.16.204.150
  • 2.16.204.134
  • 2.16.204.141
whitelisted
google.com
  • 142.251.110.100
  • 142.251.110.102
  • 142.251.110.113
  • 142.251.110.101
  • 142.251.110.138
  • 142.251.110.139
whitelisted
crl.microsoft.com
  • 2.16.164.49
  • 2.16.164.120
whitelisted
www.microsoft.com
  • 184.30.158.70
  • 23.220.113.225
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
login.live.com
  • 20.190.160.14
  • 40.126.32.68
  • 40.126.32.134
  • 40.126.32.138
  • 20.190.160.67
  • 20.190.160.20
  • 40.126.32.140
  • 20.190.160.2
whitelisted
slscr.update.microsoft.com
  • 135.232.92.137
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.165.94.54
whitelisted

Threats

PID
Process
Class
Message
5276
MoUsoCoreWorker.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
PDFizer.exe