File name:

AppSuites-PDF-1.0.25.exe

Full analysis: https://app.any.run/tasks/d3e020fa-8cea-4581-a952-ce24bc3a11da
Verdict: Malicious activity
Analysis date: August 21, 2025, 07:18:03
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto-reg
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

EA4E4113B16411A9D2A5CC1E61586609

SHA1:

1D034802E126B9999C62D2BEB27328F50498DD51

SHA256:

6E8B48972FAB5610363CF4063C289E1670A252FDD40C020DE0E3CFCD33C819F4

SSDEEP:

786432:Oa7wDaHAgZZspLEW45BmDuXvnu7ZliYqB51zc80a3ck9SS4:bTgEW4pvnUziY0Nc80askgb

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • AppSuites-PDF-1.0.25.exe (PID: 2492)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • AppSuites-PDF-1.0.25.exe (PID: 2492)

    • Drops 7-zip archiver for unpacking

      • AppSuites-PDF-1.0.25.exe (PID: 2492)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • AppSuites-PDF-1.0.25.exe (PID: 2492)

    • Reads security settings of Internet Explorer

      • AppSuites-PDF-1.0.25.exe (PID: 2492)
      • PDF Editor.exe (PID: 3556)

    • Process drops legitimate windows executable

      • AppSuites-PDF-1.0.25.exe (PID: 2492)

    • Creates a software uninstall entry

      • AppSuites-PDF-1.0.25.exe (PID: 2492)

    • There is functionality for taking screenshot (YARA)

      • AppSuites-PDF-1.0.25.exe (PID: 2492)

    • Application launched itself

      • PDF Editor.exe (PID: 760)
      • PDF Editor.exe (PID: 3556)

  • INFO

    • The sample compiled with english language support

      • AppSuites-PDF-1.0.25.exe (PID: 2492)

    • Checks supported languages

      • AppSuites-PDF-1.0.25.exe (PID: 2492)
      • PDF Editor.exe (PID: 3556)
      • PDF Editor.exe (PID: 760)
      • PDF Editor.exe (PID: 2716)
      • PDF Editor.exe (PID: 4200)
      • PDF Editor.exe (PID: 7084)
      • PDF Editor.exe (PID: 3572)
      • PDF Editor.exe (PID: 5248)

    • Reads the computer name

      • AppSuites-PDF-1.0.25.exe (PID: 2492)
      • PDF Editor.exe (PID: 3556)
      • PDF Editor.exe (PID: 760)
      • PDF Editor.exe (PID: 3572)
      • PDF Editor.exe (PID: 7084)

    • Creates files or folders in the user directory

      • AppSuites-PDF-1.0.25.exe (PID: 2492)
      • PDF Editor.exe (PID: 760)
      • PDF Editor.exe (PID: 3572)
      • PDF Editor.exe (PID: 3556)

    • Create files in a temporary directory

      • AppSuites-PDF-1.0.25.exe (PID: 2492)
      • PDF Editor.exe (PID: 3556)

    • Launching a file from a Registry key

      • AppSuites-PDF-1.0.25.exe (PID: 2492)

    • Manual execution by a user

      • PDF Editor.exe (PID: 3556)
      • PDF Editor.exe (PID: 760)

    • Reads the machine GUID from the registry

      • PDF Editor.exe (PID: 3556)
      • PDF Editor.exe (PID: 760)

    • Checks proxy server information

      • PDF Editor.exe (PID: 760)
      • PDF Editor.exe (PID: 3556)
      • slui.exe (PID: 5032)

    • Process checks computer location settings

      • PDF Editor.exe (PID: 3556)
      • PDF Editor.exe (PID: 5248)

    • Reads the software policy settings

      • slui.exe (PID: 5032)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:12:15 22:26:14+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 473088
UninitializedDataSize: 16384
EntryPoint: 0x338f
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.25.0
ProductVersionNumber: 1.0.25.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: AppSuite
FileDescription: PDF EDITOR BY APPSUITE
FileVersion: 1.0.25
LegalCopyright: Copyright © 2025 AppSuite
ProductName: PDF Editor
ProductVersion: 1.0.25
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
147
Monitored processes
9
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start appsuites-pdf-1.0.25.exe pdf editor.exe pdf editor.exe no specs pdf editor.exe no specs pdf editor.exe no specs pdf editor.exe no specs pdf editor.exe pdf editor.exe no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
760"C:\Users\admin\AppData\Local\Programs\PDFEditor\PDF Editor.exe" --cm=--fullupdateC:\Users\admin\AppData\Local\Programs\PDFEditor\PDF Editor.exeexplorer.exe
User:
admin
Company:
AppSuite
Integrity Level:
MEDIUM
Description:
PDF Editor
Exit code:
0
Version:
1.0.25
Modules
Images
c:\users\admin\appdata\local\programs\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\users\admin\appdata\local\programs\pdfeditor\ffmpeg.dll
2492"C:\Users\admin\AppData\Local\Temp\AppSuites-PDF-1.0.25.exe" C:\Users\admin\AppData\Local\Temp\AppSuites-PDF-1.0.25.exe
explorer.exe
User:
admin
Company:
AppSuite
Integrity Level:
MEDIUM
Description:
PDF EDITOR BY APPSUITE
Exit code:
0
Version:
1.0.25
Modules
Images
c:\users\admin\appdata\local\temp\appsuites-pdf-1.0.25.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2716"C:\Users\admin\AppData\Local\Programs\PDFEditor\PDF Editor.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Roaming\PDF Editor" --mojo-platform-channel-handle=1916 --field-trial-handle=1872,i,18195413826286268354,7885532467048156954,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8C:\Users\admin\AppData\Local\Programs\PDFEditor\PDF Editor.exePDF Editor.exe
User:
admin
Company:
AppSuite
Integrity Level:
MEDIUM
Description:
PDF Editor
Exit code:
0
Version:
1.0.25
Modules
Images
c:\users\admin\appdata\local\programs\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
3556"C:\Users\admin\AppData\Local\Programs\PDFEditor\PDF Editor.exe" C:\Users\admin\AppData\Local\Programs\PDFEditor\PDF Editor.exe
explorer.exe
User:
admin
Company:
AppSuite
Integrity Level:
MEDIUM
Description:
PDF Editor
Version:
1.0.25
Modules
Images
c:\users\admin\appdata\local\programs\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3572"C:\Users\admin\AppData\Local\Programs\PDFEditor\PDF Editor.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Roaming\PDF Editor" --mojo-platform-channel-handle=2020 --field-trial-handle=1876,i,6811579039630216755,4468341958621838745,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8C:\Users\admin\AppData\Local\Programs\PDFEditor\PDF Editor.exe
PDF Editor.exe
User:
admin
Company:
AppSuite
Integrity Level:
MEDIUM
Description:
PDF Editor
Version:
1.0.25
Modules
Images
c:\users\admin\appdata\local\programs\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4200"C:\Users\admin\AppData\Local\Programs\PDFEditor\PDF Editor.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Roaming\PDF Editor" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1868 --field-trial-handle=1872,i,18195413826286268354,7885532467048156954,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2C:\Users\admin\AppData\Local\Programs\PDFEditor\PDF Editor.exePDF Editor.exe
User:
admin
Company:
AppSuite
Integrity Level:
LOW
Description:
PDF Editor
Exit code:
0
Version:
1.0.25
Modules
Images
c:\users\admin\appdata\local\programs\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
5032C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5248"C:\Users\admin\AppData\Local\Programs\PDFEditor\PDF Editor.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\PDF Editor" --app-path="C:\Users\admin\AppData\Local\Programs\PDFEditor\resources\app" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2920 --field-trial-handle=1876,i,6811579039630216755,4468341958621838745,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1C:\Users\admin\AppData\Local\Programs\PDFEditor\PDF Editor.exePDF Editor.exe
User:
admin
Company:
AppSuite
Integrity Level:
LOW
Description:
PDF Editor
Version:
1.0.25
Modules
Images
c:\users\admin\appdata\local\programs\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
7084"C:\Users\admin\AppData\Local\Programs\PDFEditor\PDF Editor.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Roaming\PDF Editor" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1908 --field-trial-handle=1876,i,6811579039630216755,4468341958621838745,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2C:\Users\admin\AppData\Local\Programs\PDFEditor\PDF Editor.exePDF Editor.exe
User:
admin
Company:
AppSuite
Integrity Level:
LOW
Description:
PDF Editor
Version:
1.0.25
Modules
Images
c:\users\admin\appdata\local\programs\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
9 646
Read events
9 527
Write events
97
Delete events
22

Modification events

(PID) Process:(2492) AppSuites-PDF-1.0.25.exeKey:HKEY_CURRENT_USER\SOFTWARE\PDFEditor
Operation:writeName:InstallVersion
Value:
1.0.25
(PID) Process:(2492) AppSuites-PDF-1.0.25.exeKey:HKEY_CURRENT_USER\SOFTWARE\e0b05d7f-6bca-50e8-b129-1157af44ea69
Operation:writeName:InstallLocation
Value:
C:\Users\admin\AppData\Local\Programs\PDFEditor
(PID) Process:(2492) AppSuites-PDF-1.0.25.exeKey:HKEY_CURRENT_USER\SOFTWARE\e0b05d7f-6bca-50e8-b129-1157af44ea69
Operation:writeName:KeepShortcuts
Value:
true
(PID) Process:(2492) AppSuites-PDF-1.0.25.exeKey:HKEY_CURRENT_USER\SOFTWARE\e0b05d7f-6bca-50e8-b129-1157af44ea69
Operation:writeName:ShortcutName
Value:
PDF Editor
(PID) Process:(2492) AppSuites-PDF-1.0.25.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e0b05d7f-6bca-50e8-b129-1157af44ea69
Operation:writeName:DisplayName
Value:
PDF Editor 1.0.25
(PID) Process:(2492) AppSuites-PDF-1.0.25.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e0b05d7f-6bca-50e8-b129-1157af44ea69
Operation:writeName:UninstallString
Value:
"C:\Users\admin\AppData\Local\Programs\PDFEditor\Uninstall PDF Editor.exe" /currentuser
(PID) Process:(2492) AppSuites-PDF-1.0.25.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e0b05d7f-6bca-50e8-b129-1157af44ea69
Operation:writeName:QuietUninstallString
Value:
"C:\Users\admin\AppData\Local\Programs\PDFEditor\Uninstall PDF Editor.exe" /currentuser /S
(PID) Process:(2492) AppSuites-PDF-1.0.25.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e0b05d7f-6bca-50e8-b129-1157af44ea69
Operation:writeName:DisplayVersion
Value:
1.0.25
(PID) Process:(2492) AppSuites-PDF-1.0.25.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e0b05d7f-6bca-50e8-b129-1157af44ea69
Operation:writeName:DisplayIcon
Value:
C:\Users\admin\AppData\Local\Programs\PDFEditor\uninstallerIcon.ico
(PID) Process:(2492) AppSuites-PDF-1.0.25.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e0b05d7f-6bca-50e8-b129-1157af44ea69
Operation:writeName:Publisher
Value:
AppSuite
Executable files
32
Suspicious files
583
Text files
154
Unknown types
0

Dropped files

PID
Process
Filename
Type
2492AppSuites-PDF-1.0.25.exeC:\Users\admin\AppData\Local\Temp\nshDEE2.tmp\app-64.7z
MD5:
SHA256:
2492AppSuites-PDF-1.0.25.exeC:\Users\admin\AppData\Local\Temp\nshDEE2.tmp\7z-out\icudtl.dat
MD5:
SHA256:
2492AppSuites-PDF-1.0.25.exeC:\Users\admin\AppData\Local\Temp\nshDEE2.tmp\7z-out\LICENSES.chromium.html
MD5:
SHA256:
2492AppSuites-PDF-1.0.25.exeC:\Users\admin\AppData\Local\Temp\nshDEE2.tmp\StdUtils.dllexecutable
MD5:C6A6E03F77C313B267498515488C5740
SHA256:B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E
2492AppSuites-PDF-1.0.25.exeC:\Users\admin\AppData\Local\Programs\PDFEditor\uninstallerIcon.icoimage
MD5:EABBAFF75F3E97495CD15A7839CE6D1E
SHA256:1CBCD1ACCDAFF2F0EA2A690E38B435A2F422412A1210FA8E90B2D3685791C7E5
2492AppSuites-PDF-1.0.25.exeC:\Users\admin\AppData\Local\Temp\nshDEE2.tmp\nsis7z.dllexecutable
MD5:80E44CE4895304C6A3A831310FBF8CD0
SHA256:B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592
2492AppSuites-PDF-1.0.25.exeC:\Users\admin\AppData\Local\Temp\nshDEE2.tmp\SpiderBanner.dllexecutable
MD5:17309E33B596BA3A5693B4D3E85CF8D7
SHA256:996A259E53CA18B89EC36D038C40148957C978C0FD600A268497D4C92F882A93
2492AppSuites-PDF-1.0.25.exeC:\Users\admin\AppData\Local\Temp\nshDEE2.tmp\nsExec.dllexecutable
MD5:EC0504E6B8A11D5AAD43B296BEEB84B2
SHA256:5D9CEB1CE5F35AEA5F9E5A0C0EDEEEC04DFEFE0C77890C80C70E98209B58B962
2492AppSuites-PDF-1.0.25.exeC:\Users\admin\AppData\Local\Temp\nshDEE2.tmp\System.dllexecutable
MD5:0D7AD4F45DC6F5AA87F606D0331C6901
SHA256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
2492AppSuites-PDF-1.0.25.exeC:\Users\admin\AppData\Local\Temp\nshDEE2.tmp\7z-out\locales\da.pakbinary
MD5:0E4207E2CF5741A8968617DF9174A681
SHA256:438D2B1FD396C2108CA3902F69EEB372219EDD5D95FE70970D8EE9E64556C9A4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
41
DNS requests
34
Threats
6

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
592
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1268
svchost.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6240
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6240
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
1268
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2940
svchost.exe
GET
200
104.76.201.34:80
http://x1.c.lencr.org/
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6388
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
592
svchost.exe
20.190.160.14:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
592
svchost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
1268
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
23.216.77.28:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.110
whitelisted
login.live.com
  • 20.190.160.14
  • 40.126.32.76
  • 20.190.160.5
  • 40.126.32.72
  • 20.190.160.67
  • 20.190.160.64
  • 20.190.160.2
  • 20.190.160.65
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 23.216.77.28
  • 23.216.77.8
  • 23.216.77.25
  • 23.216.77.36
  • 23.216.77.20
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
appsuites.ai
  • 13.32.99.70
  • 13.32.99.25
  • 13.32.99.9
  • 13.32.99.44
unknown
slscr.update.microsoft.com
  • 74.179.77.204
whitelisted
pdf-tool.appsuites.ai
  • 18.66.102.108
  • 18.66.102.11
  • 18.66.102.50
  • 18.66.102.18
malicious
code.jquery.com
  • 151.101.66.137
  • 151.101.130.137
  • 151.101.194.137
  • 151.101.2.137
whitelisted

Threats

PID
Process
Class
Message
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
AppSuites-PDF-1.0.25.exe