File name:

DocuFlex.exe

Full analysis: https://app.any.run/tasks/6b324f4e-8ea7-44c0-9cfa-3f68f800e25d
Verdict: Malicious activity
Analysis date: February 26, 2025, 18:48:55
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

B01BA3AF32818974CBB66CA9216A0854

SHA1:

2BD06FDA121D3EFBF6F45E21E766812C84CF0D07

SHA256:

5DF0AF866ADB9C67B427A71001AE27A236AF62BA37023F8091F37B55F34C5D81

SSDEEP:

393216:rwS5T5laRuSO6gSIZJDbNOOu5DtvtQxYZCWsN:rwS5T5quagSMo5DtE

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • DocuFlex.exe (PID: 5344)

    • Uses Task Scheduler to run other applications

      • cmd.exe (PID: 8104)

  • SUSPICIOUS

    • Uses TASKKILL.EXE to kill process

      • DocuFlex.exe (PID: 5344)

    • Reads security settings of Internet Explorer

      • DocuFlex.exe (PID: 5344)

    • Executable content was dropped or overwritten

      • DocuFlex.exe (PID: 5344)

    • The executable file from the user directory is run by the CMD process

      • node.exe (PID: 3300)
      • clipboard.exe (PID: 6564)
      • clipboard.exe (PID: 5868)
      • clipboard.exe (PID: 300)

    • Starts CMD.EXE for commands execution

      • DocuFlex.exe (PID: 5344)
      • node.exe (PID: 3300)

  • INFO

    • Checks supported languages

      • DocuFlex.exe (PID: 5344)
      • node.exe (PID: 3300)
      • clipboard.exe (PID: 6564)
      • clipboard.exe (PID: 5868)
      • clipboard.exe (PID: 300)

    • Disables trace logs

      • DocuFlex.exe (PID: 5344)

    • Reads the machine GUID from the registry

      • DocuFlex.exe (PID: 5344)

    • Creates files or folders in the user directory

      • DocuFlex.exe (PID: 5344)
      • node.exe (PID: 3300)

    • Reads the computer name

      • DocuFlex.exe (PID: 5344)
      • node.exe (PID: 3300)

    • Reads the software policy settings

      • DocuFlex.exe (PID: 5344)
      • slui.exe (PID: 8952)

    • Checks proxy server information

      • DocuFlex.exe (PID: 5344)
      • slui.exe (PID: 8952)

    • Process checks computer location settings

      • DocuFlex.exe (PID: 5344)
      • node.exe (PID: 3300)

    • Application launched itself

      • chrmstp.exe (PID: 7968)
      • chrmstp.exe (PID: 8096)
      • chrome.exe (PID: 5960)
      • chrome.exe (PID: 7900)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 7180)
      • chrome.exe (PID: 5400)

    • The sample compiled with english language support

      • chrome.exe (PID: 5400)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 EXE PECompact compressed (generic) (83)
.exe | Win32 Executable (generic) (9)
.exe | Generic Win/DOS Executable (3.9)
.exe | DOS Executable Generic (3.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2071:09:29 16:54:04+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32
LinkerVersion: 48
CodeSize: 89382912
InitializedDataSize: 114688
UninitializedDataSize: -
EntryPoint: 0x553ff26
OSVersion: 4
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: DocuFlex.com
FileDescription: DocuFlex
FileVersion: 1.0.0.0
InternalName: DocuFlex.exe
LegalCopyright: Copyright © DocuFlex.com 2025
LegalTrademarks: -
OriginalFileName: DocuFlex.exe
ProductName: DocuFlex
ProductVersion: 1.0.0.0
AssemblyVersion: 1.0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
221
Monitored processes
96
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start docuflex.exe taskkill.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs node.exe cmd.exe no specs clipboard.exe no specs cmd.exe no specs clipboard.exe no specs cmd.exe no specs clipboard.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrmstp.exe no specs chrmstp.exe no specs chrmstp.exe no specs cmd.exe no specs conhost.exe no specs chrmstp.exe no specs schtasks.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs slui.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe

Process information

PID
CMD
Path
Indicators
Parent process
300clipboard.exe --copyC:\Users\admin\AppData\Local\PDFInstaller\clipboard.execmd.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\pdfinstaller\clipboard.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
536"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Local\PDFInstaller\chrome-profile" --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3176 --field-trial-handle=1972,i,9790626969758058582,16809642853158692156,262144 --variations-seed-version /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
616"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Local\PDFInstaller\chrome-profile" --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3796 --field-trial-handle=1972,i,9790626969758058582,16809642853158692156,262144 --variations-seed-version /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
664"C:\Windows\System32\cmd.exe" /c "node . GUI > "C:\Users\admin\AppData\Local\Temp\node_output_2025-02-26_18-49-43.log" 2>&1 & exit %ERRORLEVEL%"C:\Windows\SysWOW64\cmd.exeDocuFlex.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
960"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Local\PDFInstaller\chrome-profile" --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1968 --field-trial-handle=1972,i,9790626969758058582,16809642853158692156,262144 --variations-seed-version /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1312"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Local\PDFInstaller\chrome-profile" --no-appcompat-clear --mojo-platform-channel-handle=5780 --field-trial-handle=1972,i,9790626969758058582,16809642853158692156,262144 --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1348C:\WINDOWS\system32\cmd.exe /d /s /c "clipboard.exe --copy"C:\Windows\System32\cmd.exenode.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
1660"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Local\PDFInstaller\chrome-profile" --no-appcompat-clear --mojo-platform-channel-handle=2244 --field-trial-handle=1972,i,9790626969758058582,16809642853158692156,262144 --variations-seed-version /prefetch:3C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
3176"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=5860 --field-trial-handle=1880,i,10267958890408157394,17955981744271413203,262144 --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
3300node . GUI C:\Users\admin\AppData\Local\PDFInstaller\node.exe
cmd.exe
User:
admin
Company:
Node.js
Integrity Level:
MEDIUM
Description:
Node.js JavaScript Runtime
Version:
20.12.2
Modules
Images
c:\users\admin\appdata\local\pdfinstaller\node.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\ucrtbase.dll
Total events
32 678
Read events
32 606
Write events
62
Delete events
10

Modification events

(PID) Process:(5344) DocuFlex.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DocuFlex_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(5344) DocuFlex.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DocuFlex_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(5344) DocuFlex.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DocuFlex_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(5344) DocuFlex.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DocuFlex_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(5344) DocuFlex.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DocuFlex_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(5344) DocuFlex.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DocuFlex_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(5344) DocuFlex.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DocuFlex_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(5344) DocuFlex.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DocuFlex_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(5344) DocuFlex.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DocuFlex_RASMANCS
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(5344) DocuFlex.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DocuFlex_RASMANCS
Operation:writeName:EnableConsoleTracing
Value:
0
Executable files
16
Suspicious files
1 135
Text files
369
Unknown types
0

Dropped files

PID
Process
Filename
Type
5344DocuFlex.exeC:\Users\admin\AppData\Local\PDFInstaller\data\build\pdf\worker\mjs.map
MD5:
SHA256:
5344DocuFlex.exeC:\Users\admin\AppData\Local\PDFInstaller\node_modules\signal_exit\dist\mjs\signals\js.mapbinary
MD5:62F1389AFBD07D8813F1927CF29D4085
SHA256:9AC7CDE2118302BFCE1FB14E0F0C04112A7F0AD6FA8A18D5D950EC530AA2654F
5344DocuFlex.exeC:\Users\admin\AppData\Local\PDFInstaller\node_modules\signal_exit\dist\cjs\index\js.mapbinary
MD5:29C9CC8FC2478ED6183B4BABA7BEAC6F
SHA256:5D1A773080F60AD15C0F442FA5D59070910E87C109F7939800B2A4FE6B866F77
5344DocuFlex.exeC:\Users\admin\AppData\Local\PDFInstaller\node_modules\clipboardy.licensetext
MD5:B862AEB7E1D01452E0F07403591E5A55
SHA256:FCF1A18BE2E25BA82ACF2C59821B030D8EE764E4E201DB6EF3C51900D385515F
5344DocuFlex.exeC:\Users\admin\AppData\Local\PDFInstaller\node_modules\signal_exit\dist\mjs\index\js.mapbinary
MD5:8BC3B169BC31CE53F68D230BE728D786
SHA256:FBAADC2CB63860EA1AA06746CAA01490E4FA2D0458A94416503E77001C5F164B
5344DocuFlex.exeC:\Users\admin\AppData\Local\PDFInstaller\node_modules\signal_exit\dist\cjs\signals\js.mapbinary
MD5:7504873CE9721DE165E9BC9785FF8F6A
SHA256:F4B1AAD11F5B1DA3469353C19CE29C9F159EFC878CC2B885AA4977DD8B7E31BB
5344DocuFlex.exeC:\Users\admin\AppData\Local\PDFInstaller\node_modules\signal_exit\dist\mjs\browser\js.mapbinary
MD5:AB801F031180A3F779268F14881A9BFA
SHA256:24FF3C6A566CF59691D542F15D7AA3BA4511909ACD307DB7E8A09A768B83E2B5
5344DocuFlex.exeC:\Users\admin\AppData\Local\PDFInstaller\data\web\viewer\mjs.mapbinary
MD5:FDE4A634B1F3802A46E5BE063D43308C
SHA256:D806A59703DB66DE9A09E0A5510B15460DC1DD9999A20964081A60AB44B7C13B
5344DocuFlex.exeC:\Users\admin\AppData\Local\PDFInstaller\node_modules\signal_exit\dist\cjs\browser\js.mapbinary
MD5:3DF2C8B910412B3D8C890DED7FDA9FDC
SHA256:CC48AA8C7132663B411F2BB14199E3E5CA7270399917F2640E1983614919D0AB
5344DocuFlex.exeC:\Users\admin\AppData\Local\PDFInstaller\node_modules\cross_spawn.LICENSEtext
MD5:AD7B5398EAF6231C0FCFEBEF795A02DF
SHA256:F0155399627A3BEE975BB56CCD3A2AA51D8DDA19B5CE36251682669FFB29A35E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
36
TCP/UDP connections
71
DNS requests
72
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6112
SIHClient.exe
GET
200
2.17.0.227:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
8772
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcjicffkgpmnlppeffabd_1.0.2738.0_win64_kj4dp5kifwxbdodqls7e5nzhtm.crx3
unknown
whitelisted
8772
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcjicffkgpmnlppeffabd_1.0.2738.0_win64_kj4dp5kifwxbdodqls7e5nzhtm.crx3
unknown
whitelisted
8772
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcjicffkgpmnlppeffabd_1.0.2738.0_win64_kj4dp5kifwxbdodqls7e5nzhtm.crx3
unknown
whitelisted
6112
SIHClient.exe
GET
200
2.17.0.227:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1660
chrome.exe
GET
302
142.250.186.142:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
unknown
whitelisted
8772
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcjicffkgpmnlppeffabd_1.0.2738.0_win64_kj4dp5kifwxbdodqls7e5nzhtm.crx3
unknown
whitelisted
8772
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcjicffkgpmnlppeffabd_1.0.2738.0_win64_kj4dp5kifwxbdodqls7e5nzhtm.crx3
unknown
whitelisted
8772
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcjicffkgpmnlppeffabd_1.0.2738.0_win64_kj4dp5kifwxbdodqls7e5nzhtm.crx3
unknown
whitelisted
8772
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcjicffkgpmnlppeffabd_1.0.2738.0_win64_kj4dp5kifwxbdodqls7e5nzhtm.crx3
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
192.168.100.255:137
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
192.168.100.255:138
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.126.31.69:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2040
backgroundTaskHost.exe
20.223.35.26:443
fd.api.iris.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3008
backgroundTaskHost.exe
2.19.122.38:443
www.bing.com
Akamai International B.V.
DE
whitelisted
40.115.3.253:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5344
DocuFlex.exe
188.114.96.3:443
docu-flex.com
CLOUDFLARENET
NL
unknown
6112
SIHClient.exe
52.149.20.212:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
whitelisted
google.com
  • 172.217.23.110
whitelisted
login.live.com
  • 40.126.31.69
  • 40.126.31.129
  • 20.190.159.2
  • 40.126.31.71
  • 20.190.159.129
  • 20.190.159.75
  • 40.126.31.67
  • 20.190.159.68
whitelisted
fd.api.iris.microsoft.com
  • 20.223.35.26
whitelisted
www.bing.com
  • 2.19.122.38
  • 2.19.122.30
  • 2.19.122.26
  • 2.19.122.27
  • 2.19.122.31
  • 2.19.122.42
  • 2.19.122.32
  • 2.19.122.41
  • 2.19.122.34
whitelisted
client.wns.windows.com
  • 40.115.3.253
whitelisted
docu-flex.com
  • 188.114.96.3
  • 188.114.97.3
unknown
slscr.update.microsoft.com
  • 52.149.20.212
whitelisted
www.microsoft.com
  • 2.17.0.227
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 52.165.164.15
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
DocuFlex.exe