File name:

PDFPdq.exe

Full analysis: https://app.any.run/tasks/042fac92-668e-457d-a5db-b426d27700cd
Verdict: Malicious activity
Analysis date: February 27, 2026, 18:55:15
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 7 sections
MD5:

761FC3F5F44FE8E76749EB5A077D0C51

SHA1:

A8F75C022CCFDC5EF0B826F260005993F63A4649

SHA256:

349B076871225038696D6DDAA30E7F672BE1A92B03256487F1C4CBBAF04131B3

SSDEEP:

98304:HLycx2D4P+dOTfw9XxdyvU5tqdFMNxU4HcczIYAD0bQ3uvnrs5Nh+9avuPlKCzr3:M22vyLtVKBCz6HTHOSYyKki8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • PDFPdq.exe (PID: 1732)
      • PDFPdq.exe (PID: 8060)

    • Changes the autorun value in the registry

      • PDFPdq.exe (PID: 1732)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • PDFPdq.exe (PID: 8060)
      • PDFPdq.exe (PID: 1732)
      • rundll32.exe (PID: 2336)
      • rundll32.exe (PID: 5608)
      • rundll32.exe (PID: 4624)
      • rundll32.exe (PID: 5536)

    • The process creates files with name similar to system file names

      • PDFPdq.exe (PID: 1732)

    • Searches for installed software

      • PDFPdq.exe (PID: 1732)

    • Uses RUNDLL32.EXE to run a file without a DLL extension

      • rundll32.exe (PID: 2336)
      • rundll32.exe (PID: 4624)
      • rundll32.exe (PID: 5608)
      • rundll32.exe (PID: 5536)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 5752)

  • INFO

    • The sample compiled with english language support

      • PDFPdq.exe (PID: 8060)
      • PDFPdq.exe (PID: 1732)

    • Checks supported languages

      • PDFPdq.exe (PID: 8060)
      • PDFPdq.exe (PID: 1732)
      • msiexec.exe (PID: 5752)
      • msiexec.exe (PID: 8732)
      • PDFPdq.exe (PID: 6068)

    • Reads the computer name

      • PDFPdq.exe (PID: 1732)
      • msiexec.exe (PID: 5752)
      • msiexec.exe (PID: 8732)
      • PDFPdq.exe (PID: 6068)

    • Create files in a temporary directory

      • PDFPdq.exe (PID: 1732)
      • PDFPdq.exe (PID: 8060)
      • rundll32.exe (PID: 2336)
      • rundll32.exe (PID: 4624)
      • rundll32.exe (PID: 5608)
      • rundll32.exe (PID: 5536)

    • Reads the machine GUID from the registry

      • PDFPdq.exe (PID: 1732)
      • PDFPdq.exe (PID: 6068)

    • Reads security settings of Internet Explorer

      • PDFPdq.exe (PID: 1732)
      • PDFPdq.exe (PID: 6068)

    • Creates files or folders in the user directory

      • PDFPdq.exe (PID: 1732)
      • msiexec.exe (PID: 5752)
      • PDFPdq.exe (PID: 6068)

    • Launching a file from a Registry key

      • PDFPdq.exe (PID: 1732)

    • Creates a software uninstall entry

      • PDFPdq.exe (PID: 1732)
      • msiexec.exe (PID: 5752)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 5752)

    • Disables trace logs

      • rundll32.exe (PID: 2336)
      • rundll32.exe (PID: 5608)

    • Checks proxy server information

      • rundll32.exe (PID: 2336)
      • rundll32.exe (PID: 5608)
      • slui.exe (PID: 6200)

    • Creates files in the program directory

      • PDFPdq.exe (PID: 6068)

    • Manual execution by a user

      • PDFPdq.exe (PID: 6068)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:03:22 22:06:13+00:00
ImageFileCharacteristics: Executable, 32-bit, Removable run from swap, Net run from swap
PEType: PE32
LinkerVersion: 14.38
CodeSize: 443392
InitializedDataSize: 252928
UninitializedDataSize: -
EntryPoint: 0x48650
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 2.0.0.0
ProductVersionNumber: 2.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: ASCII
CompanyName: PDFPdq
FileDescription: PDFPdq
FileVersion: 2.0.0
InternalName: burn
OriginalFileName: PDFPdq.exe
ProductName: PDFPdq
ProductVersion: 2.0.0
LegalCopyright: Copyright (c) PDFPdq. All rights reserved.
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
159
Monitored processes
10
Malicious processes
2
Suspicious processes
4

Behavior graph

Click at the process to see the details
start pdfpdq.exe pdfpdq.exe msiexec.exe msiexec.exe no specs rundll32.exe rundll32.exe rundll32.exe rundll32.exe pdfpdq.exe no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
1732"C:\Users\admin\AppData\Local\Temp\{A36F5A29-3B0F-4F26-A46A-B5FAE258F7FB}\.cr\PDFPdq.exe" -burn.clean.room="C:\Users\admin\Downloads\PDFPdq.exe" -burn.filehandle.attached=656 -burn.filehandle.self=684C:\Users\admin\AppData\Local\Temp\{A36F5A29-3B0F-4F26-A46A-B5FAE258F7FB}\.cr\PDFPdq.exe
PDFPdq.exe
User:
admin
Company:
PDFPdq
Integrity Level:
MEDIUM
Description:
PDFPdq
Exit code:
0
Version:
2.0.0
Modules
Images
c:\users\admin\appdata\local\temp\{a36f5a29-3b0f-4f26-a46a-b5fae258f7fb}\.cr\pdfpdq.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2336rundll32.exe "C:\WINDOWS\Installer\MSI5F06.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1990484 2 RequestSender!RequestSender.CustomActions.StartC:\Windows\SysWOW64\rundll32.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
4624rundll32.exe "C:\WINDOWS\Installer\MSI62EF.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1991437 6 RequestSender!RequestSender.CustomActions.CreateScheduledTaskC:\Windows\SysWOW64\rundll32.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
5536rundll32.exe "C:\WINDOWS\Installer\MSI694B.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1993062 14 RequestSender!RequestSender.CustomActions.OpenUrlC:\Windows\SysWOW64\rundll32.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
5608rundll32.exe "C:\WINDOWS\Installer\MSI6487.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_1991828 10 RequestSender!RequestSender.CustomActions.FinishC:\Windows\SysWOW64\rundll32.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
5752C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
6068"C:\Users\admin\AppData\Roaming\PDFPdq\PDFPdq.exe" C:\Users\admin\AppData\Roaming\PDFPdq\PDFPdq.exeexplorer.exe
User:
admin
Company:
PDFPdq
Integrity Level:
MEDIUM
Description:
PDFPdq
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\roaming\pdfpdq\pdfpdq.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
6200C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
8060"C:\Users\admin\Downloads\PDFPdq.exe" C:\Users\admin\Downloads\PDFPdq.exe
explorer.exe
User:
admin
Company:
PDFPdq
Integrity Level:
MEDIUM
Description:
PDFPdq
Exit code:
0
Version:
2.0.0
Modules
Images
c:\users\admin\downloads\pdfpdq.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
8732C:\Windows\syswow64\MsiExec.exe -Embedding 28EEA7966910D8D33ECDCA10AD456AB8C:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
Total events
13 522
Read events
13 338
Write events
168
Delete events
16

Modification events

(PID) Process:(5752) msiexec.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
78160000E4A01DA11AA8DC01
(PID) Process:(5752) msiexec.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
7AF1BBA8242BB4454ED7F0917FDC4ED40F2140E77EE5770F7EEA84055D888262
(PID) Process:(5752) msiexec.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(1732) PDFPdq.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{671EE361-7BD3-4D03-9ADC-F5B08C67E7EC}
Operation:writeName:BundleCachePath
Value:
C:\Users\admin\AppData\Local\Package Cache\{671EE361-7BD3-4D03-9ADC-F5B08C67E7EC}\PDFPdq.exe
(PID) Process:(1732) PDFPdq.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{671EE361-7BD3-4D03-9ADC-F5B08C67E7EC}
Operation:writeName:BundleUpgradeCode
Value:
{3E193566-79CA-40D6-B31D-A1DF54C146B6}
(PID) Process:(1732) PDFPdq.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{671EE361-7BD3-4D03-9ADC-F5B08C67E7EC}
Operation:writeName:BundleAddonCode
Value:
(PID) Process:(1732) PDFPdq.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{671EE361-7BD3-4D03-9ADC-F5B08C67E7EC}
Operation:writeName:BundleDetectCode
Value:
(PID) Process:(1732) PDFPdq.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{671EE361-7BD3-4D03-9ADC-F5B08C67E7EC}
Operation:writeName:BundlePatchCode
Value:
(PID) Process:(1732) PDFPdq.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{671EE361-7BD3-4D03-9ADC-F5B08C67E7EC}
Operation:writeName:BundleVersion
Value:
2.0.0
(PID) Process:(1732) PDFPdq.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{671EE361-7BD3-4D03-9ADC-F5B08C67E7EC}
Operation:writeName:VersionMajor
Value:
2
Executable files
51
Suspicious files
20
Text files
40
Unknown types
0

Dropped files

PID
Process
Filename
Type
1732PDFPdq.exeC:\Users\admin\AppData\Local\Temp\{79B03F2E-0193-476D-8679-CC9E63B28F22}\.ba\mbahost.dllexecutable
MD5:013033CFFC1F318DF1D5048BA40A31DF
SHA256:B43F1B674894E2997AAE9DB0C5B5C95D2A14010E9AB95F63E2908E381768A148
1732PDFPdq.exeC:\Users\admin\AppData\Local\Temp\{79B03F2E-0193-476D-8679-CC9E63B28F22}\.ba\mbapreq.thmxml
MD5:CC80C7B334DEE4C354BFC3F1B55206C6
SHA256:6A5201727416260B662F8AEEA2D98EF111AED66C1838A44CE5E0E86334BAAFE0
1732PDFPdq.exeC:\Users\admin\AppData\Local\Temp\{79B03F2E-0193-476D-8679-CC9E63B28F22}\.ba\Bootstrapper.dllexecutable
MD5:7ED402760E9BCCA43A7C00D217824B9E
SHA256:9D19E14E83FAC5D65061E37D4F08A10567C3CE7FD067F065362DC214BD455CBE
1732PDFPdq.exeC:\Users\admin\AppData\Local\Temp\{79B03F2E-0193-476D-8679-CC9E63B28F22}\.ba\WixToolset.Mba.Core.dllexecutable
MD5:EC393B51456EE6AE6C3FA9BD840EC783
SHA256:2FDFD86CA4BA705AAE263E59CEF29A0FA8D251E4B288E5713EADD2E1D2681812
8060PDFPdq.exeC:\Users\admin\AppData\Local\Temp\{A36F5A29-3B0F-4F26-A46A-B5FAE258F7FB}\.cr\PDFPdq.exeexecutable
MD5:B45961E54553910AB1102E78153F33D6
SHA256:9B8CD8E321470C92C71AC98FD6280D9253A2829E7BD9903608E23A0C37A503E4
1732PDFPdq.exeC:\Users\admin\AppData\Local\Temp\{79B03F2E-0193-476D-8679-CC9E63B28F22}\.ba\mbanative.dllexecutable
MD5:5441EC98C2136783BB902259B6CDD647
SHA256:659FF12D11D77A18962D25292FED64CDC94A1BD99470F7E17111CE57EFCCA83E
1732PDFPdq.exeC:\Users\admin\AppData\Local\Temp\{79B03F2E-0193-476D-8679-CC9E63B28F22}\.ba\WixToolset.Mba.Host.configxml
MD5:A6968E2E812933FF17FF3F4B31805572
SHA256:CE8B05A2019456B18778C8FFE2D3E2650971862891B4AD45401AEF63FB8E2DE7
1732PDFPdq.exeC:\Users\admin\AppData\Local\Temp\{79B03F2E-0193-476D-8679-CC9E63B28F22}\.ba\1035\mbapreq.wxltext
MD5:6A4F5B0316A2290E5BBE4ADAF53D19F3
SHA256:78DB48FB9835E4557D47915D7AF57A56F6CA62074612867A2BA8DD7BC7834331
1732PDFPdq.exeC:\Users\admin\AppData\Local\Temp\{79B03F2E-0193-476D-8679-CC9E63B28F22}\.ba\1029\mbapreq.wxltext
MD5:25B731E8A6FF2CAC1E86C19F3EA2DDD3
SHA256:BD90D7CE2749657F7DA0FD7B5743FF850D15DE99E0D9D16C98955DFDFEE235D6
1732PDFPdq.exeC:\Users\admin\AppData\Local\Temp\{79B03F2E-0193-476D-8679-CC9E63B28F22}\.ba\mbapreq.pngimage
MD5:A356956FD269567B8F4612A33802637B
SHA256:A401A225ADDAF89110B4B0F6E8CF94779E7C0640BCDD2D670FFCF05AAB0DAD03
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
33
TCP/UDP connections
34
DNS requests
24
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2336
rundll32.exe
GET
200
185.111.111.158:443
https://c.pdf-pdq.com/start
GB
unknown
5608
rundll32.exe
GET
200
185.111.111.158:443
https://c.pdf-pdq.com/finish
GB
unknown
6768
MoUsoCoreWorker.exe
GET
304
51.104.136.2:443
https://settings-win.data.microsoft.com/settings/v3.0/OneSettings/Client?OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&LocalDeviceID=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&AttrDataVer=186&OSUILocale=en-US&OSSkuId=48&App=WOSC&AppVer=&IsFlightingEnabled=0&TelemetryLevel=1&DeviceFamily=Windows.Desktop
US
whitelisted
6320
svchost.exe
GET
304
51.104.136.2:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/UpdateHealthTools?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3626&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=SedimentPack&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
US
whitelisted
8548
SIHClient.exe
GET
304
135.232.92.137:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
8548
SIHClient.exe
GET
200
74.179.77.164:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
US
whitelisted
8548
SIHClient.exe
GET
200
135.232.92.137:443
https://slscr.update.microsoft.com/sls/ping
US
whitelisted
8548
SIHClient.exe
GET
304
135.232.92.137:443
https://slscr.update.microsoft.com/SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
356
svchost.exe
POST
200
20.190.159.73:443
https://login.live.com/RST2.srf
US
xml
11.1 Kb
whitelisted
356
svchost.exe
POST
200
20.190.159.73:443
https://login.live.com/RST2.srf
US
xml
10.3 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
7304
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
6768
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6320
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
2336
rundll32.exe
185.111.111.158:443
c.pdf-pdq.com
CDNEXT
GB
whitelisted
5608
rundll32.exe
185.111.111.158:443
c.pdf-pdq.com
CDNEXT
GB
whitelisted
356
svchost.exe
20.190.159.73:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
356
svchost.exe
172.66.2.5:80
ocsp.digicert.com
CLOUDFLARENET
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.251.141.14
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
c.pdf-pdq.com
  • 185.111.111.158
whitelisted
login.live.com
  • 20.190.159.73
  • 40.126.31.128
  • 40.126.31.1
  • 20.190.159.68
  • 20.190.159.71
  • 20.190.159.4
  • 20.190.159.128
  • 40.126.31.3
  • 20.190.160.65
  • 40.126.32.138
  • 20.190.160.64
  • 20.190.160.22
  • 40.126.32.140
  • 40.126.32.76
  • 40.126.32.74
  • 20.190.160.4
whitelisted
ocsp.digicert.com
  • 172.66.2.5
  • 162.159.142.9
  • 2.17.190.73
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 23.48.23.58
  • 23.48.23.38
  • 23.48.23.31
  • 23.48.23.7
  • 23.48.23.50
  • 23.48.23.10
  • 23.48.23.35
  • 23.48.23.57
  • 23.48.23.13
  • 23.55.110.193
  • 23.55.110.211
whitelisted
www.microsoft.com
  • 23.52.181.212
  • 88.221.169.152
whitelisted
www.bing.com
  • 92.123.104.10
  • 92.123.104.67
  • 92.123.104.16
  • 92.123.104.17
  • 92.123.104.18
  • 92.123.104.12
  • 92.123.104.13
  • 92.123.104.6
  • 92.123.104.5
whitelisted
oneocsp.microsoft.com
  • 204.79.197.203
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
PDFPdq.exe