File name:

DocuFlex.exe

Full analysis: https://app.any.run/tasks/ad52c033-25a5-4d8d-8f92-58689d0c3958
Verdict: Malicious activity
Analysis date: February 26, 2025, 18:44:43
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

B01BA3AF32818974CBB66CA9216A0854

SHA1:

2BD06FDA121D3EFBF6F45E21E766812C84CF0D07

SHA256:

5DF0AF866ADB9C67B427A71001AE27A236AF62BA37023F8091F37B55F34C5D81

SSDEEP:

393216:rwS5T5laRuSO6gSIZJDbNOOu5DtvtQxYZCWsN:rwS5T5quagSMo5DtE

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • DocuFlex.exe (PID: 7548)

    • Uses Task Scheduler to run other applications

      • cmd.exe (PID: 7276)

  • SUSPICIOUS

    • Uses TASKKILL.EXE to kill process

      • DocuFlex.exe (PID: 7548)

    • Executable content was dropped or overwritten

      • DocuFlex.exe (PID: 7548)

    • Reads security settings of Internet Explorer

      • DocuFlex.exe (PID: 7548)

    • Starts CMD.EXE for commands execution

      • DocuFlex.exe (PID: 7548)
      • node.exe (PID: 7948)

    • The executable file from the user directory is run by the CMD process

      • node.exe (PID: 7948)
      • clipboard.exe (PID: 8040)
      • clipboard.exe (PID: 8080)
      • clipboard.exe (PID: 8120)

  • INFO

    • Checks proxy server information

      • DocuFlex.exe (PID: 7548)

    • Reads the computer name

      • DocuFlex.exe (PID: 7548)
      • node.exe (PID: 7948)

    • Checks supported languages

      • DocuFlex.exe (PID: 7548)
      • node.exe (PID: 7948)
      • clipboard.exe (PID: 8040)
      • clipboard.exe (PID: 8120)
      • clipboard.exe (PID: 8080)

    • Reads the machine GUID from the registry

      • DocuFlex.exe (PID: 7548)

    • Disables trace logs

      • DocuFlex.exe (PID: 7548)

    • Reads the software policy settings

      • DocuFlex.exe (PID: 7548)

    • Creates files or folders in the user directory

      • DocuFlex.exe (PID: 7548)
      • node.exe (PID: 7948)

    • Process checks computer location settings

      • DocuFlex.exe (PID: 7548)
      • node.exe (PID: 7948)

    • Application launched itself

      • chrmstp.exe (PID: 5232)
      • chrmstp.exe (PID: 7808)
      • chrome.exe (PID: 8148)
      • chrome.exe (PID: 5868)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 EXE PECompact compressed (generic) (83)
.exe | Win32 Executable (generic) (9)
.exe | Generic Win/DOS Executable (3.9)
.exe | DOS Executable Generic (3.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2071:09:29 16:54:04+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32
LinkerVersion: 48
CodeSize: 89382912
InitializedDataSize: 114688
UninitializedDataSize: -
EntryPoint: 0x553ff26
OSVersion: 4
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: DocuFlex.com
FileDescription: DocuFlex
FileVersion: 1.0.0.0
InternalName: DocuFlex.exe
LegalCopyright: Copyright © DocuFlex.com 2025
LegalTrademarks: -
OriginalFileName: DocuFlex.exe
ProductName: DocuFlex
ProductVersion: 1.0.0.0
AssemblyVersion: 1.0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
206
Monitored processes
86
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start docuflex.exe taskkill.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs node.exe cmd.exe no specs clipboard.exe no specs cmd.exe no specs clipboard.exe no specs cmd.exe no specs clipboard.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs cmd.exe no specs conhost.exe no specs schtasks.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrmstp.exe no specs chrome.exe no specs chrome.exe no specs chrmstp.exe no specs chrmstp.exe no specs chrmstp.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs slui.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
632"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\admin\AppData\Local\PDFInstaller\chrome-profile" --no-appcompat-clear --mojo-platform-channel-handle=6484 --field-trial-handle=1984,i,1884169682871883509,7806586042076241511,262144 --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
668"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Local\PDFInstaller\chrome-profile" --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5880 --field-trial-handle=1984,i,1884169682871883509,7806586042076241511,262144 --variations-seed-version /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
684"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\admin\AppData\Local\PDFInstaller\chrome-profile" --no-appcompat-clear --mojo-platform-channel-handle=5768 --field-trial-handle=1984,i,1884169682871883509,7806586042076241511,262144 --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
684"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=5160 --field-trial-handle=1956,i,13680176912602528220,7568299363639835902,262144 --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
856"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\admin\AppData\Local\PDFInstaller\chrome-profile" --no-appcompat-clear --mojo-platform-channel-handle=4584 --field-trial-handle=1984,i,1884169682871883509,7806586042076241511,262144 --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
976"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Local\PDFInstaller\chrome-profile" --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5716 --field-trial-handle=1984,i,1884169682871883509,7806586042076241511,262144 --variations-seed-version /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1128"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\admin\AppData\Local\PDFInstaller\chrome-profile" --no-appcompat-clear --mojo-platform-channel-handle=5464 --field-trial-handle=1984,i,1884169682871883509,7806586042076241511,262144 --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1244"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\admin\AppData\Local\PDFInstaller\chrome-profile" --no-appcompat-clear --mojo-platform-channel-handle=6360 --field-trial-handle=1984,i,1884169682871883509,7806586042076241511,262144 --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1760"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Local\PDFInstaller\chrome-profile" --no-appcompat-clear --mojo-platform-channel-handle=4964 --field-trial-handle=1984,i,1884169682871883509,7806586042076241511,262144 --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1912"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Local\PDFInstaller\chrome-profile" --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1956 --field-trial-handle=1984,i,1884169682871883509,7806586042076241511,262144 --variations-seed-version /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
Total events
24 959
Read events
24 906
Write events
49
Delete events
4

Modification events

(PID) Process:(7548) DocuFlex.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DocuFlex_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(7548) DocuFlex.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DocuFlex_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(7548) DocuFlex.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DocuFlex_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(7548) DocuFlex.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DocuFlex_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(7548) DocuFlex.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DocuFlex_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(7548) DocuFlex.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DocuFlex_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(7548) DocuFlex.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DocuFlex_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(7548) DocuFlex.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DocuFlex_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(7548) DocuFlex.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DocuFlex_RASMANCS
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(7548) DocuFlex.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\DocuFlex_RASMANCS
Operation:writeName:EnableConsoleTracing
Value:
0
Executable files
6
Suspicious files
802
Text files
354
Unknown types
0

Dropped files

PID
Process
Filename
Type
7548DocuFlex.exeC:\Users\admin\AppData\Local\PDFInstaller\data\build\pdf\worker\mjs.map
MD5:
SHA256:
7548DocuFlex.exeC:\Users\admin\AppData\Local\PDFInstaller\node_modules\is_inside_container.licensetext
MD5:B862AEB7E1D01452E0F07403591E5A55
SHA256:FCF1A18BE2E25BA82ACF2C59821B030D8EE764E4E201DB6EF3C51900D385515F
7548DocuFlex.exeC:\Users\admin\AppData\Local\PDFInstaller\node_modules\is64bit.licensetext
MD5:B862AEB7E1D01452E0F07403591E5A55
SHA256:FCF1A18BE2E25BA82ACF2C59821B030D8EE764E4E201DB6EF3C51900D385515F
7548DocuFlex.exeC:\Users\admin\AppData\Local\PDFInstaller\node_modules\signal_exit\dist\cjs\browser\js.mapbinary
MD5:3DF2C8B910412B3D8C890DED7FDA9FDC
SHA256:CC48AA8C7132663B411F2BB14199E3E5CA7270399917F2640E1983614919D0AB
7548DocuFlex.exeC:\Users\admin\AppData\Local\PDFInstaller\node_modules\is_stream.licensetext
MD5:B862AEB7E1D01452E0F07403591E5A55
SHA256:FCF1A18BE2E25BA82ACF2C59821B030D8EE764E4E201DB6EF3C51900D385515F
7548DocuFlex.exeC:\Users\admin\AppData\Local\PDFInstaller\node_modules\signal_exit\dist\mjs\index\js.mapbinary
MD5:8BC3B169BC31CE53F68D230BE728D786
SHA256:FBAADC2CB63860EA1AA06746CAA01490E4FA2D0458A94416503E77001C5F164B
7548DocuFlex.exeC:\Users\admin\AppData\Local\PDFInstaller\node_modules\is_docker.licensetext
MD5:B862AEB7E1D01452E0F07403591E5A55
SHA256:FCF1A18BE2E25BA82ACF2C59821B030D8EE764E4E201DB6EF3C51900D385515F
7548DocuFlex.exeC:\Users\admin\AppData\Local\PDFInstaller\node_modules\signal_exit\dist\mjs\signals\js.mapbinary
MD5:62F1389AFBD07D8813F1927CF29D4085
SHA256:9AC7CDE2118302BFCE1FB14E0F0C04112A7F0AD6FA8A18D5D950EC530AA2654F
7548DocuFlex.exeC:\Users\admin\AppData\Local\PDFInstaller\data\build\pdf\mjs.mapbinary
MD5:9A2EF0CE324EE13B1CCF45000C1F2758
SHA256:DB6DBACF82CE7A65184D7261DB8E468D9B50469D8689A89C522F15B6CE28BA04
7548DocuFlex.exeC:\Users\admin\AppData\Local\PDFInstaller\node_modules\execa.licensetext
MD5:B862AEB7E1D01452E0F07403591E5A55
SHA256:FCF1A18BE2E25BA82ACF2C59821B030D8EE764E4E201DB6EF3C51900D385515F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
53
DNS requests
55
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7612
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7612
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7084
chrome.exe
GET
200
95.168.222.19:80
http://r8---sn-n02xgoxufvg3-2gbz.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx?cms_redirect=yes&met=1740595552,&mh=e_&mip=84.17.48.188&mm=28&mn=sn-n02xgoxufvg3-2gbz&ms=nvh&mt=1740594968&mv=u&mvi=8&pl=23&rmhost=r3---sn-n02xgoxufvg3-2gbz.gvt1.com&rms=nvh,nvh&shardbypass=sd&smhost=r2---sn-n02xgoxufvg3-2gb6.gvt1.com
unknown
whitelisted
7084
chrome.exe
GET
302
142.250.184.206:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
192.168.100.255:138
whitelisted
40.126.31.128:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.113.110.67:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2040
backgroundTaskHost.exe
20.31.169.57:443
fd.api.iris.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3008
backgroundTaskHost.exe
184.86.251.7:443
www.bing.com
Akamai International B.V.
DE
whitelisted
7548
DocuFlex.exe
188.114.96.3:443
docu-flex.com
CLOUDFLARENET
NL
unknown
7612
SIHClient.exe
172.202.163.200:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
GB
whitelisted
7612
SIHClient.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
7612
SIHClient.exe
52.165.164.15:443
fe3cr.delivery.mp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
google.com
  • 142.250.181.238
whitelisted
login.live.com
  • 40.126.31.128
  • 20.190.159.4
  • 20.190.159.73
  • 20.190.159.130
  • 40.126.31.2
  • 20.190.159.0
  • 20.190.159.23
  • 20.190.159.131
whitelisted
client.wns.windows.com
  • 40.113.110.67
whitelisted
fd.api.iris.microsoft.com
  • 20.31.169.57
whitelisted
www.bing.com
  • 184.86.251.7
  • 184.86.251.10
  • 184.86.251.15
  • 184.86.251.5
  • 184.86.251.17
  • 184.86.251.22
  • 184.86.251.12
  • 184.86.251.20
  • 184.86.251.14
whitelisted
docu-flex.com
  • 188.114.96.3
  • 188.114.97.3
unknown
slscr.update.microsoft.com
  • 172.202.163.200
whitelisted
www.microsoft.com
  • 2.23.246.101
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 52.165.164.15
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
DocuFlex.exe