File name:

InternationalPrimoPDF_5.1.0.2.exe

Full analysis: https://app.any.run/tasks/d760e47a-29ed-4732-a7bc-ffa278e7eeab
Verdict: Malicious activity
Analysis date: May 22, 2024, 13:09:11
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

F923FF5D2B1E5866F7306606A82D3ABB

SHA1:

CD682FBB04A4FDCB96D23D946CCC2DC7E9D9937E

SHA256:

815EB0C2591FFA6D6DE7E8AE52EBDCCCFC0D88D45571B376C3D75425E1E719D5

SSDEEP:

196608:ITmMGl2Yx+GKK9OvDifW8KtVnQPVL2nIWU4Icz4uA/:ITt9NC9aifBKt1qMfU494uA/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • InternationalPrimoPDF_5.1.0.2.exe (PID: 820)
      • PrimInst.exe (PID: 116)

    • Creates a writable file in the system directory

      • PrimInst.exe (PID: 116)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • InternationalPrimoPDF_5.1.0.2.exe (PID: 820)
      • PrimInst.exe (PID: 116)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • InternationalPrimoPDF_5.1.0.2.exe (PID: 820)

    • Process drops legitimate windows executable

      • InternationalPrimoPDF_5.1.0.2.exe (PID: 820)
      • PrimInst.exe (PID: 116)

    • The process creates files with name similar to system file names

      • InternationalPrimoPDF_5.1.0.2.exe (PID: 820)

    • Reads security settings of Internet Explorer

      • PrimoPDF.exe (PID: 972)

    • Checks Windows Trust Settings

      • PrimoPDF.exe (PID: 972)

    • Creates a software uninstall entry

      • InternationalPrimoPDF_5.1.0.2.exe (PID: 820)

    • Reads the Internet Settings

      • InternationalPrimoPDF_5.1.0.2.exe (PID: 820)
      • PrimoPDF.exe (PID: 972)

    • Reads Internet Explorer settings

      • PrimoPDF.exe (PID: 972)

    • Reads settings of System Certificates

      • PrimoPDF.exe (PID: 972)

    • Reads Microsoft Outlook installation path

      • PrimoPDF.exe (PID: 972)

  • INFO

    • Checks supported languages

      • InternationalPrimoPDF_5.1.0.2.exe (PID: 820)
      • PrimDel.exe (PID: 2040)
      • PrimInst.exe (PID: 116)
      • wmpnscfg.exe (PID: 1296)
      • PrimoPDF.exe (PID: 972)

    • Reads the computer name

      • InternationalPrimoPDF_5.1.0.2.exe (PID: 820)
      • PrimDel.exe (PID: 2040)
      • PrimInst.exe (PID: 116)
      • wmpnscfg.exe (PID: 1296)
      • PrimoPDF.exe (PID: 972)

    • Create files in a temporary directory

      • InternationalPrimoPDF_5.1.0.2.exe (PID: 820)

    • Creates files in the program directory

      • InternationalPrimoPDF_5.1.0.2.exe (PID: 820)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 1296)
      • PrimoPDF.exe (PID: 972)
      • msedge.exe (PID: 1816)

    • Application launched itself

      • msedge.exe (PID: 1816)
      • msedge.exe (PID: 2312)
      • msedge.exe (PID: 2788)

    • Reads the machine GUID from the registry

      • PrimoPDF.exe (PID: 972)

    • Reads the software policy settings

      • PrimoPDF.exe (PID: 972)

    • Creates files or folders in the user directory

      • PrimoPDF.exe (PID: 972)

    • Checks proxy server information

      • PrimoPDF.exe (PID: 972)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | NSIS - Nullsoft Scriptable Install System (94.8)
.exe | Win32 Executable MS Visual C++ (generic) (3.4)
.dll | Win32 Dynamic Link Library (generic) (0.7)
.exe | Win32 Executable (generic) (0.5)
.exe | Generic Win/DOS Executable (0.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:12:05 22:50:46+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 23552
InitializedDataSize: 119808
UninitializedDataSize: 1024
EntryPoint: 0x323c
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
64
Monitored processes
27
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start internationalprimopdf_5.1.0.2.exe primdel.exe no specs priminst.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wmpnscfg.exe no specs primopdf.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs internationalprimopdf_5.1.0.2.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
116"C:\Program Files\Nitro PDF\PrimoPDF\PrimInst.exe"C:\Program Files\Nitro PDF\PrimoPDF\PrimInst.exe
InternationalPrimoPDF_5.1.0.2.exe
User:
admin
Company:
Nitro PDF
Integrity Level:
HIGH
Description:
PrimInst
Exit code:
0
Version:
1.0
Modules
Images
c:\program files\nitro pdf\primopdf\priminst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winspool.drv
188"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1204 --field-trial-handle=1284,i,17238777248531062891,13176258209909172561,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
820"C:\Users\admin\Desktop\InternationalPrimoPDF_5.1.0.2.exe" C:\Users\admin\Desktop\InternationalPrimoPDF_5.1.0.2.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\internationalprimopdf_5.1.0.2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
972"C:\Program Files\Nitro PDF\PrimoPDF\PrimoPDF.exe" C:\Program Files\Nitro PDF\PrimoPDF\PrimoPDF.exeexplorer.exe
User:
admin
Company:
Nitro PDF
Integrity Level:
MEDIUM
Description:
PrimoPDF
Exit code:
0
Version:
5.1.0.2
Modules
Images
c:\program files\nitro pdf\primopdf\primopdf.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1296"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1468"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2224 --field-trial-handle=1284,i,17238777248531062891,13176258209909172561,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1756"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6e05f598,0x6e05f5a8,0x6e05f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1816"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate http://www.nitropdf.com/services/LinkRedirector.aspx?lr_prod=Primo&lr_name=welcome&lr_loc=en-US&lr_src=primo&name=&email=&company=&language=1033C:\Program Files\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1824"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6e05f598,0x6e05f5a8,0x6e05f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1948"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1412 --field-trial-handle=1316,i,17078217209399652766,15258539189502583962,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
19 676
Read events
19 500
Write events
154
Delete events
22

Modification events

(PID) Process:(820) InternationalPrimoPDF_5.1.0.2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrimoPDF
Operation:writeName:DisplayName
Value:
PrimoPDF -- brought to you by Nitro PDF Software
(PID) Process:(820) InternationalPrimoPDF_5.1.0.2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrimoPDF
Operation:writeName:UninstallString
Value:
"C:\Program Files\Nitro PDF\PrimoPDF\uninstaller.exe"
(PID) Process:(820) InternationalPrimoPDF_5.1.0.2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrimoPDF
Operation:writeName:QuietUninstallString
Value:
"C:\Program Files\Nitro PDF\PrimoPDF\uninstaller.exe" /S
(PID) Process:(820) InternationalPrimoPDF_5.1.0.2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrimoPDF
Operation:writeName:InstallLocation
Value:
"C:\Program Files\Nitro PDF\PrimoPDF"
(PID) Process:(820) InternationalPrimoPDF_5.1.0.2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrimoPDF
Operation:writeName:Publisher
Value:
Nitro PDF Software
(PID) Process:(820) InternationalPrimoPDF_5.1.0.2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrimoPDF
Operation:writeName:HelpLink
Value:
http://www.primopdf.com
(PID) Process:(820) InternationalPrimoPDF_5.1.0.2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrimoPDF
Operation:writeName:URLUpdateInfo
Value:
http://www.primopdf.com
(PID) Process:(820) InternationalPrimoPDF_5.1.0.2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrimoPDF
Operation:writeName:URLInfoAbout
Value:
http://www.primopdf.com
(PID) Process:(820) InternationalPrimoPDF_5.1.0.2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrimoPDF
Operation:writeName:DisplayVersion
Value:
5
(PID) Process:(820) InternationalPrimoPDF_5.1.0.2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PrimoPDF
Operation:writeName:NoModify
Value:
1
Executable files
35
Suspicious files
97
Text files
88
Unknown types
12

Dropped files

PID
Process
Filename
Type
820InternationalPrimoPDF_5.1.0.2.exeC:\Program Files\Nitro PDF\PrimoPDF\PrimDel.exeexecutable
MD5:A3F0ED0E4B114BA6F1D5D7242DAD1DFE
SHA256:264BB299BAD6CD608E1F074BC187A32D5EE84BA29252FFF409809AF6C84A6AF1
820InternationalPrimoPDF_5.1.0.2.exeC:\Program Files\Nitro PDF\PrimoPDF\Configuration\_Default.iniini
MD5:D6DA9D17C4C2405052AD018B7908BA85
SHA256:1019524F2B7A84BD5BFEC2593F0B2FFF4AC5E631396CF94A9E3F8234A7900B59
820InternationalPrimoPDF_5.1.0.2.exeC:\Users\admin\AppData\Local\Temp\nsm2FCE.tmp\modern-wizard.bmpimage
MD5:58181A0F0411F37429FDD3AE3199D681
SHA256:BCCA0774FC648A9A9B1D5361322450725EB580E892026F0D7322E755EF653051
820InternationalPrimoPDF_5.1.0.2.exeC:\Program Files\Nitro PDF\PrimoPDF\Online_UG.urlurl
MD5:206E6506F2137D6B3DBA8E7660F939AA
SHA256:29593810A8D7BAE1A9CF011029B0482F53D5352DA6B9C2B415923FBAD88E23DF
820InternationalPrimoPDF_5.1.0.2.exeC:\Users\admin\AppData\Local\Temp\nsm2FCE.tmp\nsDialogs.dllexecutable
MD5:C10E04DD4AD4277D5ADC951BB331C777
SHA256:E31AD6C6E82E603378CB6B80E67D0E0DCD9CF384E1199AC5A65CB4935680021A
820InternationalPrimoPDF_5.1.0.2.exeC:\Users\admin\AppData\Local\Temp\nsm2FCE.tmp\System.dllexecutable
MD5:C17103AE9072A06DA581DEC998343FC1
SHA256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
820InternationalPrimoPDF_5.1.0.2.exeC:\Program Files\Nitro PDF\PrimoPDF\Drivers\FONTS.MFMbinary
MD5:0429BC080C0571EB67C958DF9B46932D
SHA256:4E8FA2D66ECA983F0E14C9338E6F81A06998A490C865D96ABE6616F12FE68296
820InternationalPrimoPDF_5.1.0.2.exeC:\Program Files\Nitro PDF\PrimoPDF\gsdll32.dllexecutable
MD5:3A86E1D03C0B93AA146A411D15E9DFFF
SHA256:3A052455D3DCA872B9046F6AC97747955556BA2D117F815C7028D3C3363C5F2B
820InternationalPrimoPDF_5.1.0.2.exeC:\Program Files\Nitro PDF\PrimoPDF\PrimInst.exeexecutable
MD5:ABD4334C7222B8C73892548E8B9BB751
SHA256:F849FC38EB898B50458734DA36C7EFB9FB9A0AC5C82E4C86D8F14B933210FC43
820InternationalPrimoPDF_5.1.0.2.exeC:\Program Files\Nitro PDF\PrimoPDF\Configuration\_Prepress.iniini
MD5:D6DA9D17C4C2405052AD018B7908BA85
SHA256:1019524F2B7A84BD5BFEC2593F0B2FFF4AC5E631396CF94A9E3F8234A7900B59
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
35
DNS requests
43
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2788
msedge.exe
GET
200
199.232.210.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d378a0fc7f9209bb
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
1816
msedge.exe
239.255.255.250:1900
unknown
2332
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2332
msedge.exe
13.107.21.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2332
msedge.exe
104.16.216.66:443
www.nitropdf.com
CLOUDFLARENET
unknown
2332
msedge.exe
104.16.123.109:443
www.gonitro.com
CLOUDFLARENET
unknown
2788
msedge.exe
239.255.255.250:1900
unknown

DNS requests

Domain
IP
Reputation
config.edge.skype.com
  • 13.107.42.16
whitelisted
www.nitropdf.com
  • 104.16.217.66
  • 104.16.216.66
unknown
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
www.gonitro.com
  • 104.16.123.109
  • 104.16.122.109
unknown
www.primopdf.com
  • 104.17.216.14
  • 104.16.142.64
unknown
ctldl.windowsupdate.com
  • 199.232.210.172
  • 199.232.214.172
whitelisted
resources.gonitro.com
  • 104.16.122.109
  • 104.16.123.109
unknown
dev.visualwebsiteoptimizer.com
  • 34.96.102.137
whitelisted
fonts.googleapis.com
  • 216.58.206.74
whitelisted
maxcdn.bootstrapcdn.com
  • 104.18.11.207
  • 104.18.10.207
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
InternationalPrimoPDF_5.1.0.2.exe