File name:

architect-setup.exe

Full analysis: https://app.any.run/tasks/175086c4-26c4-46b5-a313-05d14a87c940
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: June 30, 2025, 06:41:03
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
installer
adware
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

7D9D05347709E6C41741FC818046228A

SHA1:

0E2BA25C5675E7E74487B904D87669F88FE6F038

SHA256:

6C3B82A59855213BB9A91D1CF2513130005FA24340D00C6FE973062BC7589CAF

SSDEEP:

98304:9s0JZskJjqibXDJtvBQoi18PtsT0EMlwJkTVSNqMQFwGrBApLTZEik10+2abo3U6:anNmjquYP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • ADWARE has been detected (SURICATA)

      • pn-offer.exe (PID: 6260)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • architect-setup.exe (PID: 2124)
      • PDF_Architect_9_Installer_9.0.27.2538.exe (PID: 4400)
      • PDF_Architect_9_Installer_0.0.0.0.exe (PID: 2468)
      • PDF_Architect_9_Installer.exe (PID: 1480)
      • architect.exe (PID: 4088)
      • activation-service.exe (PID: 5352)

    • Starts itself from another location

      • architect-setup.exe (PID: 2124)
      • PDF_Architect_9_Installer_0.0.0.0.exe (PID: 2468)

    • Executable content was dropped or overwritten

      • architect-setup.exe (PID: 2124)
      • PDF_Architect_9_Installer_9.0.27.2538.exe (PID: 4400)
      • PDF_Architect_9_Installer_0.0.0.0.exe (PID: 2468)
      • spoolsv.exe (PID: 2324)
      • printer-installer-app.exe (PID: 3976)
      • pn-offer.exe (PID: 6260)

    • Executes as Windows Service

      • VSSVC.exe (PID: 4156)
      • spoolsv.exe (PID: 2324)
      • activation-service.exe (PID: 5352)

    • Process drops legitimate windows executable

      • msiexec.exe (PID: 6528)

    • Creates/Modifies COM task schedule object

      • msiexec.exe (PID: 5284)
      • msiexec.exe (PID: 3688)
      • msiexec.exe (PID: 7152)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 6528)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 6528)

    • Application launched itself

      • msiexec.exe (PID: 6528)
      • architect-launcher.exe (PID: 5712)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 6528)

    • Creates a software uninstall entry

      • PDF_Architect_9_Installer.exe (PID: 1480)

    • Access to an unwanted program domain was detected

      • pn-offer.exe (PID: 6260)

    • Searches for installed software

      • PDF_Architect_9_Installer.exe (PID: 1480)

  • INFO

    • Checks proxy server information

      • architect-setup.exe (PID: 2124)
      • PDF_Architect_9_Installer_9.0.27.2538.exe (PID: 4400)
      • PDF_Architect_9_Installer_0.0.0.0.exe (PID: 2468)
      • PDF_Architect_9_Installer.exe (PID: 1480)
      • architect.exe (PID: 4088)
      • activation-service.exe (PID: 5352)
      • architect-launcher.exe (PID: 7172)
      • slui.exe (PID: 6936)
      • architect-launcher.exe (PID: 5712)

    • The sample compiled with english language support

      • architect-setup.exe (PID: 2124)
      • PDF_Architect_9_Installer_9.0.27.2538.exe (PID: 4400)
      • PDF_Architect_9_Installer_0.0.0.0.exe (PID: 2468)
      • msiexec.exe (PID: 6528)
      • printer-installer-app.exe (PID: 3976)
      • spoolsv.exe (PID: 2324)

    • Reads Microsoft Office registry keys

      • architect-setup.exe (PID: 2124)
      • PDF_Architect_9_Installer_9.0.27.2538.exe (PID: 4400)
      • PDF_Architect_9_Installer_0.0.0.0.exe (PID: 2468)
      • PDF_Architect_9_Installer.exe (PID: 1480)

    • Checks supported languages

      • architect-setup.exe (PID: 2124)
      • PDF_Architect_9_Installer_9.0.27.2538.exe (PID: 4400)
      • PDF_Architect_9_Installer_0.0.0.0.exe (PID: 2468)
      • PDF_Architect_9_Installer.exe (PID: 2996)
      • msiexec.exe (PID: 6528)
      • PDF_Architect_9_Installer.exe (PID: 7124)
      • PDF_Architect_9_Installer.exe (PID: 1480)
      • msiexec.exe (PID: 440)
      • printer-installer-app.exe (PID: 3976)
      • creator-app.exe (PID: 4040)
      • creator-ws.exe (PID: 2680)
      • activation-service.exe (PID: 5480)
      • msiexec.exe (PID: 1044)
      • update-service.exe (PID: 5780)
      • architect.exe (PID: 4692)
      • architect.exe (PID: 760)
      • activation-service.exe (PID: 5352)
      • stats-com.exe (PID: 6760)
      • architect-launcher.exe (PID: 4572)
      • architect.exe (PID: 4088)
      • architect-launcher.exe (PID: 5712)
      • pn-offer.exe (PID: 6260)
      • identity_helper.exe (PID: 4112)
      • architect-launcher.exe (PID: 7172)

    • Reads the software policy settings

      • architect-setup.exe (PID: 2124)
      • PDF_Architect_9_Installer_0.0.0.0.exe (PID: 2468)
      • PDF_Architect_9_Installer_9.0.27.2538.exe (PID: 4400)
      • PDF_Architect_9_Installer.exe (PID: 1480)
      • msiexec.exe (PID: 6528)
      • architect.exe (PID: 4088)
      • activation-service.exe (PID: 5352)
      • slui.exe (PID: 6936)

    • Reads the computer name

      • architect-setup.exe (PID: 2124)
      • PDF_Architect_9_Installer_9.0.27.2538.exe (PID: 4400)
      • PDF_Architect_9_Installer_0.0.0.0.exe (PID: 2468)
      • msiexec.exe (PID: 6528)
      • PDF_Architect_9_Installer.exe (PID: 7124)
      • PDF_Architect_9_Installer.exe (PID: 1480)
      • msiexec.exe (PID: 440)
      • printer-installer-app.exe (PID: 3976)
      • activation-service.exe (PID: 5480)
      • msiexec.exe (PID: 1044)
      • architect.exe (PID: 4692)
      • creator-ws.exe (PID: 2680)
      • architect-launcher.exe (PID: 4572)
      • architect.exe (PID: 760)
      • stats-com.exe (PID: 6760)
      • update-service.exe (PID: 5780)
      • activation-service.exe (PID: 5352)
      • architect.exe (PID: 4088)
      • architect-launcher.exe (PID: 5712)
      • pn-offer.exe (PID: 6260)
      • architect-launcher.exe (PID: 7172)
      • identity_helper.exe (PID: 4112)

    • Creates files or folders in the user directory

      • architect-setup.exe (PID: 2124)
      • PDF_Architect_9_Installer_9.0.27.2538.exe (PID: 4400)
      • architect.exe (PID: 4692)
      • architect-launcher.exe (PID: 4572)
      • architect.exe (PID: 760)
      • activation-service.exe (PID: 5352)
      • architect.exe (PID: 4088)
      • PDF_Architect_9_Installer.exe (PID: 1480)
      • architect-launcher.exe (PID: 5712)
      • architect-launcher.exe (PID: 7172)

    • Reads the machine GUID from the registry

      • architect-setup.exe (PID: 2124)
      • PDF_Architect_9_Installer_9.0.27.2538.exe (PID: 4400)
      • PDF_Architect_9_Installer_0.0.0.0.exe (PID: 2468)
      • PDF_Architect_9_Installer.exe (PID: 1480)
      • msiexec.exe (PID: 6528)
      • architect.exe (PID: 4088)
      • activation-service.exe (PID: 5352)
      • architect-launcher.exe (PID: 5712)
      • architect-launcher.exe (PID: 7172)

    • Creates files in the program directory

      • architect-setup.exe (PID: 2124)
      • PDF_Architect_9_Installer_9.0.27.2538.exe (PID: 4400)
      • PDF_Architect_9_Installer_0.0.0.0.exe (PID: 2468)
      • PDF_Architect_9_Installer.exe (PID: 1480)
      • printer-installer-app.exe (PID: 3976)
      • architect.exe (PID: 4088)

    • Create files in a temporary directory

      • architect-setup.exe (PID: 2124)
      • PDF_Architect_9_Installer_9.0.27.2538.exe (PID: 4400)
      • PDF_Architect_9_Installer.exe (PID: 1480)
      • pn-offer.exe (PID: 6260)

    • Manages system restore points

      • SrTasks.exe (PID: 3564)
      • SrTasks.exe (PID: 7108)
      • SrTasks.exe (PID: 8832)
      • SrTasks.exe (PID: 3864)

    • The sample compiled with russian language support

      • msiexec.exe (PID: 6528)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 6528)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 6528)

    • Manual execution by a user

      • architect.exe (PID: 4088)
      • msedge.exe (PID: 7224)

    • Application launched itself

      • msedge.exe (PID: 188)
      • msedge.exe (PID: 6616)
      • msedge.exe (PID: 7224)

    • The sample compiled with arabic language support

      • pn-offer.exe (PID: 6260)

    • Reads Environment values

      • identity_helper.exe (PID: 4112)

    • The sample compiled with japanese language support

      • msiexec.exe (PID: 6528)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:10:13 11:48:18+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 9576448
InitializedDataSize: 6328832
UninitializedDataSize: -
EntryPoint: 0x7cd57d
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 9.0.27.2538
ProductVersionNumber: 9.0.27.2538
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
FileVersion: 9.0.27.2538
ProductVersion: 9.0.27.2538
CompanyName: pdfforge GmbH.
FileDescription: PDF Architect 9 Installer
InternalName: PDF_Architect_9_Installer.exe
LegalCopyright: © pdfforge GmbH. All rights reserved.
OriginalFileName: PDF_Architect_9_Installer.exe
ProductName: PDF Architect 9 Installer
CommitID: 802c7a197fed6cd8508da9f8613cdbb06704a06c
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
204
Monitored processes
70
Malicious processes
4
Suspicious processes
3

Behavior graph

Click at the process to see the details
start architect-setup.exe pdf_architect_9_installer_9.0.27.2538.exe pdf_architect_9_installer_0.0.0.0.exe pdf_architect_9_installer.exe no specs pdf_architect_9_installer.exe pdf_architect_9_installer.exe no specs msiexec.exe vssvc.exe no specs srtasks.exe no specs conhost.exe no specs slui.exe msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs printer-installer-app.exe spoolsv.exe creator-app.exe no specs creator-ws.exe no specs activation-service.exe no specs msiexec.exe no specs architect.exe no specs update-service.exe no specs stats-com.exe no specs architect-launcher.exe no specs architect.exe no specs activation-service.exe architect.exe msedge.exe no specs msedge.exe no specs #ADWARE pn-offer.exe architect-launcher.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs architect-launcher.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs srtasks.exe no specs conhost.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs srtasks.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs srtasks.exe no specs conhost.exe no specs msedge.exe no specs architect-setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
188"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://paygw.pdfarchitect.org/redirect/install/PDF-Architect-9/?lang=en&uid=1006694&wid=6800&partner=creator_architect&mkey1=creator_seo_no_split_5468&cmp=seo_creator_no_split_5468&mkey2=FD0E2B9D-93F5-4DD7-9763-5DEB6AF0BA76&version=9.1.74.23030&configId=AF3CEDDA-7E46-429B-A312-C8F312C86063&ii=FD0E2B9D-93F5-4DD7-9763-5DEB6AF0BA76&guid=FD0E2B9D-93F5-4DD7-9763-5DEB6AF0BA76C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exePDF_Architect_9_Installer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
440C:\Windows\System32\MsiExec.exe -Embedding 9C881663EAA8DE58271BAB013CA6BE70C:\Windows\System32\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
536"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5384,i,15624328609020118051,7513886210502963269,262144 --variations-seed-version --mojo-platform-channel-handle=4392 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
640"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2008,i,3036108751291914772,7043948868589900995,262144 --variations-seed-version --mojo-platform-channel-handle=1956 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
760"C:\Program Files\PDF Architect 9\architect.exe" --command --associateC:\Program Files\PDF Architect 9\architect.exemsiexec.exe
User:
admin
Company:
Avanquest pdfforge GmbH
Integrity Level:
HIGH
Description:
PDF Architect 9
Exit code:
0
Version:
9.1.74.23030
Modules
Images
c:\program files\pdf architect 9\architect.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
1044C:\Windows\System32\MsiExec.exe -Embedding 02B35E97550A1145EB60DA3EB93F97E8 E Global\MSI0000C:\Windows\System32\msiexec.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1044"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=1800,i,3036108751291914772,7043948868589900995,262144 --variations-seed-version --mojo-platform-channel-handle=2080 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1392"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.92 --initial-client-data=0x288,0x28c,0x290,0x284,0x2bc,0x7ffc3f5bf208,0x7ffc3f5bf214,0x7ffc3f5bf220C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1480"C:\ProgramData\PDF Architect 9\Installation\PDF_Architect_9_Installer.exe" /welcome /no-check-updatesC:\ProgramData\PDF Architect 9\Installation\PDF_Architect_9_Installer.exe
PDF_Architect_9_Installer_0.0.0.0.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\programdata\pdf architect 9\installation\pdf_architect_9_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msi.dll
2124"C:\Users\admin\AppData\Local\Temp\architect-setup.exe" C:\Users\admin\AppData\Local\Temp\architect-setup.exe
explorer.exe
User:
admin
Company:
pdfforge GmbH.
Integrity Level:
HIGH
Description:
PDF Architect 9 Installer
Exit code:
0
Version:
9.0.27.2538
Modules
Images
c:\users\admin\appdata\local\temp\architect-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\userenv.dll
Total events
51 719
Read events
49 783
Write events
1 863
Delete events
73

Modification events

(PID) Process:(2124) architect-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\PDF Architect 9\Installation
Operation:writeName:INSTALL_FOLDER
Value:
C:\Program Files\PDF Architect 9
(PID) Process:(2124) architect-setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2124) architect-setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2124) architect-setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(4400) PDF_Architect_9_Installer_9.0.27.2538.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\PDF Architect 9\Installation
Operation:writeName:INSTALL_FOLDER
Value:
C:\Program Files\PDF Architect 9
(PID) Process:(2124) architect-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\PDF Architect 9
Operation:writeName:Common data
Value:
7B22636D70223A2273656F5F63726561746F725F6E6F5F73706C69745F35343638222C22636F756E7472795F69736F32223A224742222C22444F574E4C4F41445F4C494E4B223A22646F776E6C6F6164392E7064666172636869746563742E6F72672F222C226D6B657931223A2263726561746F725F73656F5F6E6F5F73706C69745F35343638222C22706172616D73223A227569643D31303036363934267769643D3638303026706172746E65723D63726561746F725F617263686974656374266D6B6579313D63726561746F725F73656F5F6E6F5F73706C69745F3534363826636D703D73656F5F63726561746F725F6E6F5F73706C69745F35343638266D6B6579323D34313343464641442D354139422D344133362D414444302D354445423641463035373746222C22706172746E6572223A2263726561746F725F617263686974656374222C2272656469726563746F725F6C696E6B223A2268747470733A2F2F70617967772E7064666172636869746563742E6F72672F72656469726563742F222C22756964223A2231303036363934222C227369676E6174757265223A227848755A795A38694F6A64356F616E6F634A496171793262726532784E785449335064333361714C58616F506C545A416E776866716637564D58776F686D774A435439566B4B4B2B62686C657662743650656871636B4130683668656169506B6C6B754C337032416934642B542F714F6435444D75426449336A30716A7469417156524F58772F637A524278597A676737485335442B30453858754E44444E4A4F32494559494B616E44306652463153527553757A33637441463361615A516172344D372B7A42426D4B6F3054427A44436C4B364A55453258546A777231686249514451647464652F75766163456A6F516F372B474A424D644D466831756A64587756327A586F6331706E4744364C5A73454B5955436B70313241434A48764D30446543432F6D624A696A594339456D42704359754C50316E32384947505863676D6C3643506D4D466645526733545535524E5939513D3D227D
(PID) Process:(4400) PDF_Architect_9_Installer_9.0.27.2538.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D3812FE5-F09C-475F-B0E0-26D4F76DDB80}
Operation:writeName:LaunchPermission
Value:
010014804C0000005C000000140000003000000002001C0001000000110014000400000001010000000000100010000002001C0001000000000014000B0000000101000000000001000000000102000000000005200000002002000001020000000000052000000020020000
(PID) Process:(4400) PDF_Architect_9_Installer_9.0.27.2538.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D3812FE5-F09C-475F-B0E0-26D4F76DDB80}
Operation:writeName:AccessPermission
Value:
010014804C0000005C000000140000003000000002001C0001000000110014000400000001010000000000100010000002001C0001000000000014000B0000000101000000000001000000000102000000000005200000002002000001020000000000052000000020020000
(PID) Process:(4400) PDF_Architect_9_Installer_9.0.27.2538.exeKey:HKEY_CURRENT_USER\SOFTWARE\PDF Architect 9
Operation:writeName:locale
Value:
en
(PID) Process:(4400) PDF_Architect_9_Installer_9.0.27.2538.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
Executable files
226
Suspicious files
687
Text files
174
Unknown types
337

Dropped files

PID
Process
Filename
Type
2124architect-setup.exeC:\ProgramData\PDF Architect 9\Installation\updates-info.jsonbinary
MD5:45F33C9259B0CE0A15E8C704110FC20A
SHA256:9022D9CEBD973AA9CC90631B8283D8C20EF4BF288C2B47BDC25B16A371D950ED
2124architect-setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12binary
MD5:C41E81715809DB58EF0BCC4A6F96152A
SHA256:5DE5895A7CC27F4610FD4057C0025BBF4B65B964D2A79F93137A2ED3C39773F8
1480PDF_Architect_9_Installer.exeC:\ProgramData\PDF Architect 9\Installation\pdf-architect9-startup-9.1.74.23030-x64.msi
MD5:
SHA256:
2124architect-setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12der
MD5:4A90329071AE30B759D279CCA342B0A6
SHA256:4F544379EDA8E2653F71472AB968AEFD6B5D1F4B3CE28A5EDB14196184ED3B60
2124architect-setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8der
MD5:1FBB37F79B317A9A248E7C4CE4F5BAC5
SHA256:9BF639C595FE335B6F694EE35990BEFD2123F5E07FD1973FF619E3FC88F5F49F
4400PDF_Architect_9_Installer_9.0.27.2538.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBder
MD5:C30614BBE8248227D3E3D074B4FE1B47
SHA256:896C962F35CDFEEAD79005AE81C56F246D6685323330DAE971562CD1547BA117
6528msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
6528msiexec.exeC:\Windows\Installer\1819dc.msi
MD5:
SHA256:
2124architect-setup.exeC:\Users\admin\AppData\Local\Temp\368cdce1-bbc5-4cd6-a3a1-29fadae5b5eb\PDF_Architect_9_Installer_9.0.27.2538.exeexecutable
MD5:7D9D05347709E6C41741FC818046228A
SHA256:6C3B82A59855213BB9A91D1CF2513130005FA24340D00C6FE973062BC7589CAF
2124architect-setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8binary
MD5:D0CD46A782EAEF7B0480B465B1EC0649
SHA256:E27C006FF614ED622AB46D10540F3C7A0B59703D74F5FE63B1D7BC56707CF1A7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
30
TCP/UDP connections
175
DNS requests
171
Threats
19

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5444
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1268
svchost.exe
GET
200
23.53.40.178:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2124
architect-setup.exe
GET
200
142.250.185.99:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
2124
architect-setup.exe
GET
200
142.250.185.99:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
4400
PDF_Architect_9_Installer_9.0.27.2538.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEA%2BdD6xRTyThG%2FNPf4PxYxU%3D
unknown
whitelisted
4400
PDF_Architect_9_Installer_9.0.27.2538.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
4400
PDF_Architect_9_Installer_9.0.27.2538.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
2612
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
2612
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
23.53.40.178:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5444
svchost.exe
20.190.160.14:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5444
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2124
architect-setup.exe
104.22.30.211:443
wsgeoip.pdfarchitect.org
CLOUDFLARENET
whitelisted
2124
architect-setup.exe
142.250.185.99:80
c.pki.goog
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 4.231.128.59
whitelisted
google.com
  • 142.250.186.174
whitelisted
crl.microsoft.com
  • 23.53.40.178
  • 23.53.40.176
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
login.live.com
  • 20.190.160.14
  • 40.126.32.136
  • 40.126.32.72
  • 40.126.32.138
  • 40.126.32.140
  • 20.190.160.131
  • 40.126.32.76
  • 20.190.160.132
whitelisted
ocsp.digicert.com
  • 2.17.190.73
  • 2.23.77.188
whitelisted
wsgeoip.pdfarchitect.org
  • 104.22.30.211
  • 104.22.31.211
  • 172.67.14.205
whitelisted
c.pki.goog
  • 142.250.185.99
  • 142.250.186.35
whitelisted
api-updateservice.pdfarchitect.org
  • 104.22.30.211
  • 172.67.14.205
  • 104.22.31.211
whitelisted
cdnbz.pdfarchitect.org
  • 188.240.13.2
  • 188.240.13.1
whitelisted

Threats

PID
Process
Class
Message
Misc activity
INSTALLER [ANY.RUN] VCSoapClient Installer HTTP POST Request (UA)
Misc activity
INSTALLER [ANY.RUN] VCSoapClient Installer HTTP POST Request (UA)
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
Misc activity
INSTALLER [ANY.RUN] VCSoapClient Installer HTTP POST Request (UA)
Misc activity
INSTALLER [ANY.RUN] VCSoapClient Installer HTTP POST Request (UA)
6260
pn-offer.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Driver Updater Setup Process
6260
pn-offer.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Driver Updater Setup Process
6260
pn-offer.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Driver Updater Setup Process
6260
pn-offer.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Driver Updater Setup Process
6260
pn-offer.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] Driver Updater Setup Process
Process
Message
architect.exe
FileMenu.JS: componentDidMount
architect.exe
TABS.JS: CTOR
architect.exe
FileMenu.JS: this()
architect.exe
FileMenu.JS: CTOR
architect.exe
component OfflineMode mount
architect.exe
component ProductTitle mount
architect.exe
component ProductTitle mount
architect.exe
component Delimiter mount
architect.exe
component SysButtonsBar mount
architect.exe
SysButtonsBar state: 1
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
architect-setup.exe