File name:

SodaPDFInstaller-MCdrmxtX.exe

Full analysis: https://app.any.run/tasks/1afb423c-1b16-4a9f-8e61-35acc4764942
Verdict: Malicious activity
Analysis date: April 29, 2025, 11:04:08
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

E181F2B3D77CB49A525E96FAD35A9669

SHA1:

4B0185939F8178B2B71560716121F4428524D247

SHA256:

94A6BCFA0E0304211D177449120B69EF16C2A5FCF5A96D8051AA3F70EF76D1D2

SSDEEP:

24576:AahEF044Ozh9qCcZM++81iOJgRTS1a3m4omur2b:AahEF044Ozh0CqB+8PgRT4a5omur2b

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • SodaPDFInstaller-MCdrmxtX.exe (PID: 2140)
      • SodaPDFDesktop14.exe (PID: 6268)
      • printer-installer-app.exe (PID: 924)
      • spoolsv.exe (PID: 5988)

    • Executes as Windows Service

      • VSSVC.exe (PID: 5156)
      • spoolsv.exe (PID: 5988)
      • activation-service.exe (PID: 3940)

    • Adds/modifies Windows certificates

      • SodaPDFDesktop14.exe (PID: 6268)

    • Reads security settings of Internet Explorer

      • SodaPDFDesktop14.exe (PID: 6268)

    • Starts itself from another location

      • SodaPDFDesktop14.exe (PID: 6268)

    • Application launched itself

      • msiexec.exe (PID: 5960)

    • Process drops legitimate windows executable

      • msiexec.exe (PID: 5960)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 5960)

  • INFO

    • The sample compiled with english language support

      • SodaPDFInstaller-MCdrmxtX.exe (PID: 2140)
      • SodaPDFDesktop14.exe (PID: 6268)
      • printer-installer-app.exe (PID: 924)
      • spoolsv.exe (PID: 5988)
      • msiexec.exe (PID: 5960)

    • Checks supported languages

      • SodaPDFInstaller-MCdrmxtX.exe (PID: 2140)
      • SodaPDFDesktop14.exe (PID: 6268)
      • msiexec.exe (PID: 5960)
      • SodaPDFDesktop14.exe (PID: 660)

    • Reads the computer name

      • SodaPDFInstaller-MCdrmxtX.exe (PID: 2140)
      • SodaPDFDesktop14.exe (PID: 6268)
      • SodaPDFDesktop14.exe (PID: 660)
      • msiexec.exe (PID: 5960)

    • Checks proxy server information

      • SodaPDFInstaller-MCdrmxtX.exe (PID: 2140)
      • SodaPDFDesktop14.exe (PID: 6268)

    • Create files in a temporary directory

      • SodaPDFInstaller-MCdrmxtX.exe (PID: 2140)
      • SodaPDFDesktop14.exe (PID: 6268)

    • Reads the machine GUID from the registry

      • SodaPDFDesktop14.exe (PID: 6268)

    • Manages system restore points

      • SrTasks.exe (PID: 4152)
      • SrTasks.exe (PID: 7200)
      • SrTasks.exe (PID: 2040)
      • SrTasks.exe (PID: 5980)

    • Reads Microsoft Office registry keys

      • SodaPDFDesktop14.exe (PID: 6268)

    • Reads the software policy settings

      • SodaPDFDesktop14.exe (PID: 6268)

    • Creates files in the program directory

      • SodaPDFDesktop14.exe (PID: 6268)

    • Creates files or folders in the user directory

      • SodaPDFDesktop14.exe (PID: 6268)

    • The sample compiled with russian language support

      • msiexec.exe (PID: 5960)

    • Application launched itself

      • msedge.exe (PID: 6972)
      • msedge.exe (PID: 4108)

    • Manual execution by a user

      • soda.exe (PID: 4920)
      • msedge.exe (PID: 4108)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 5960)

    • The sample compiled with japanese language support

      • msiexec.exe (PID: 5960)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:03:11 10:16:21+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.37
CodeSize: 660992
InitializedDataSize: 328192
UninitializedDataSize: -
EntryPoint: 0x78b02
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.3.7
ProductVersionNumber: 1.0.3.7
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Avanquest Software
FileDescription: SodaPDFInstaller
FileVersion: 1.0.3.7
InternalName: SodaPDFInstaller.exe
LegalCopyright: © 2010-2024 Avanquest Software. All rights reserved.
OriginalFileName: SodaPDFInstaller.exe
ProductName: SodaPDFInstaller
ProductVersion: 1.0.3.7
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
222
Monitored processes
81
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start sodapdfinstaller-mcdrmxtx.exe sppextcomobj.exe no specs slui.exe sodapdfdesktop14.exe sodapdfdesktop14.exe no specs msiexec.exe vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs slui.exe msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs printer-installer-app.exe spoolsv.exe creator-app.exe no specs creator-ws.exe no specs activation-service.exe no specs msiexec.exe no specs soda.exe no specs update-service.exe no specs stats-com.exe no specs soda-launcher.exe no specs soda.exe no specs activation-service.exe soda.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs soda-launcher.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs srtasks.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs srtasks.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs srtasks.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs sodapdfinstaller-mcdrmxtx.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
208"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7576 --field-trial-handle=2292,i,12755997264449579550,419244660132452678,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
300"C:\Program Files\Soda PDF Desktop 14\creator-ws.exe" -serviceC:\Program Files\Soda PDF Desktop 14\creator-ws.exemsiexec.exe
User:
admin
Company:
Avanquest Software
Integrity Level:
HIGH
Description:
Soda PDF Desktop 14
Exit code:
0
Version:
14.0.506.23016
Modules
Images
c:\program files\soda pdf desktop 14\creator-ws.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
496"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4376 --field-trial-handle=2292,i,12755997264449579550,419244660132452678,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
496"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5972 --field-trial-handle=2292,i,12755997264449579550,419244660132452678,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
660"C:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exe" /RegServerC:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exeSodaPDFDesktop14.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\programdata\soda pdf desktop 14\installation\sodapdfdesktop14.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.3996_none_d954cb49e10154a6\gdiplus.dll
664"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7376 --field-trial-handle=2292,i,12755997264449579550,419244660132452678,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
924"C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe" -i "C:\Program Files\Soda PDF Desktop 14\"C:\Program Files\Soda PDF Desktop 14\printer-installer-app.exe
msiexec.exe
User:
admin
Company:
Avanquest Software
Integrity Level:
HIGH
Description:
Soda PDF Desktop 14
Exit code:
0
Version:
14.0.506.23016
Modules
Images
c:\program files\soda pdf desktop 14\printer-installer-app.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\soda pdf desktop 14\encoding-conversion.dll
c:\program files\soda pdf desktop 14\atom.dll
c:\program files\soda pdf desktop 14\boost_program_options-vc143-mt-x64-1_85.dll
c:\program files\soda pdf desktop 14\vcruntime140_1.dll
1040C:\Windows\System32\MsiExec.exe -Embedding 82B03A8A20AED4F58C84ABC9901CD84DC:\Windows\System32\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1616"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x314,0x318,0x31c,0x30c,0x328,0x7ffc81a95fd8,0x7ffc81a95fe4,0x7ffc81a95ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2040C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:13C:\Windows\System32\SrTasks.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Windows System Protection background tasks.
Exit code:
2147942487
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\srtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
Total events
45 084
Read events
43 145
Write events
1 863
Delete events
76

Modification events

(PID) Process:(2140) SodaPDFInstaller-MCdrmxtX.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Soda PDF Desktop 14
Operation:writeName:XYZID
Value:
MCdrmxtX
(PID) Process:(2140) SodaPDFInstaller-MCdrmxtX.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Soda PDF Desktop 14
Operation:writeName:Common Data
Value:
7B22636F6E6669676964223A2245373944454242352D313433462D344435342D424333352D443546463539314330383132222C22756964223A2231303135323235222C22726566223A22736F64617064662E636F6D222C22776964223A2231343030222C226D6B657931223A2266696C65686F7273652E636F6D222C226D6B657936223A2234323735393531332D623963612D333131632D363836322D3538653465636130303131625F323032352D30342D3239222C22636D70223A22737064665F616C6C5F6469726563745F616C6C5F616C6C5F616C6C5F616C6C222C226B657931223A2264656661756C74222C226B657932223A2264656661756C74222C22636F756E7472795F69736F32223A225253227D
(PID) Process:(6268) SodaPDFDesktop14.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Soda PDF Desktop 14\Installation
Operation:writeName:INSTALL_FOLDER
Value:
C:\Program Files\Soda PDF Desktop 14
(PID) Process:(6268) SodaPDFDesktop14.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3369AF1C-BCC1-4977-89E8-F8B79497C982}
Operation:writeName:LaunchPermission
Value:
010014804C0000005C000000140000003000000002001C0001000000110014000400000001010000000000100010000002001C0001000000000014000B0000000101000000000001000000000102000000000005200000002002000001020000000000052000000020020000
(PID) Process:(6268) SodaPDFDesktop14.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3369AF1C-BCC1-4977-89E8-F8B79497C982}
Operation:writeName:AccessPermission
Value:
010014804C0000005C000000140000003000000002001C0001000000110014000400000001010000000000100010000002001C0001000000000014000B0000000101000000000001000000000102000000000005200000002002000001020000000000052000000020020000
(PID) Process:(6268) SodaPDFDesktop14.exeKey:HKEY_CURRENT_USER\SOFTWARE\Soda PDF Desktop 14
Operation:writeName:locale
Value:
en
(PID) Process:(6268) SodaPDFDesktop14.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6268) SodaPDFDesktop14.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6268) SodaPDFDesktop14.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6268) SodaPDFDesktop14.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
Operation:delete valueName:897424053A4A887AC098380291034D885C8714B9
Value:
Executable files
235
Suspicious files
1 013
Text files
160
Unknown types
26

Dropped files

PID
Process
Filename
Type
6268SodaPDFDesktop14.exeC:\ProgramData\Soda PDF Desktop 14\Installation\soda-desktop14-startup-14.0.506.23016-x64.msi
MD5:
SHA256:
5960msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
5960msiexec.exeC:\Windows\Installer\118e24.msi
MD5:
SHA256:
6268SodaPDFDesktop14.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8binary
MD5:1FBB37F79B317A9A248E7C4CE4F5BAC5
SHA256:9BF639C595FE335B6F694EE35990BEFD2123F5E07FD1973FF619E3FC88F5F49F
6268SodaPDFDesktop14.exeC:\ProgramData\Soda PDF Desktop 14\Installation\SodaPDFDesktop14.exeexecutable
MD5:564B114B68FBB14C351DDE81058860AB
SHA256:7B8D9A5576E10F78D7A4E2031A944AB9A22838E232A6E16289D89C500EB7A85E
6268SodaPDFDesktop14.exeC:\ProgramData\Soda PDF Desktop 14\Installation\app-config.jsonbinary
MD5:E32F14994AD762082C337071EAA10451
SHA256:D1731EA63C647DCB7D66D273970D857495453533C0B3612EEC834B8C7AE84901
5960msiexec.exeC:\Windows\Installer\MSI97E9.tmp
MD5:
SHA256:
6268SodaPDFDesktop14.exeC:\ProgramData\Soda PDF Desktop 14\Installation\installer-cachetext
MD5:CE4F3DF91C0F86788E5BE9814B9B5D08
SHA256:15E888B12A57530ECB158FF5BA3D085BAD79B4BE8FD6F3EE5AF386AF03149F20
5960msiexec.exeC:\System Volume Information\SPP\snapshot-2binary
MD5:63FDF4271C8BE7DDABDB69F7F763EF27
SHA256:2CC25E4FAEF17E94834B6D9F0100BCFCD82340ED3922A56E019FA56C43946003
6268SodaPDFDesktop14.exeC:\Users\admin\AppData\Local\Temp\34a8ad792a2319df\versiontext
MD5:F70F1324519EF13B1B9FA8EF4AFF0582
SHA256:6A65B162BDED1FBE1F255421F5A4213931F2D9635C65D014F96DE940BF260CB4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
32
TCP/UDP connections
132
DNS requests
148
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
23.48.23.177:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6268
SodaPDFDesktop14.exe
GET
200
142.250.186.131:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
6268
SodaPDFDesktop14.exe
GET
200
142.250.186.131:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
6544
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6268
SodaPDFDesktop14.exe
GET
200
69.192.162.201:80
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR1GyNn5ASZqsCEE5A5DdU7eaMAAAAAFHTlH8%3D
unknown
whitelisted
6268
SodaPDFDesktop14.exe
GET
200
69.192.162.201:80
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRr2bwARTxMtEy9aspRAZg5QFhagQQUgrrWPZfOn89x6JI3r%2F2ztWk1V88CEDWvt3udNB9q%2FI%2BERqsxNSs%3D
unknown
whitelisted
6268
SodaPDFDesktop14.exe
GET
200
69.192.162.201:80
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRp%2BmQDKauE4nIg%2FgknZHuBlLkfKgQUzolPglGqFaKEYsoxI2HSYfv4%2FngCEE%2BTYlqiAoAT%2F2vgOJ%2Fnf0E%3D
unknown
whitelisted
3008
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
3008
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2104
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5496
MoUsoCoreWorker.exe
23.48.23.177:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5496
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
2140
SodaPDFInstaller-MCdrmxtX.exe
104.19.145.4:443
api-unifyinstaller.sodapdf.com
CLOUDFLARENET
suspicious
6268
SodaPDFDesktop14.exe
104.19.145.4:443
api-unifyinstaller.sodapdf.com
CLOUDFLARENET
suspicious
6268
SodaPDFDesktop14.exe
142.250.186.131:80
c.pki.goog
GOOGLE
US
whitelisted
6544
svchost.exe
20.190.159.2:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.124.78.146
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 23.48.23.177
  • 23.48.23.155
  • 23.48.23.141
  • 23.48.23.146
  • 23.48.23.139
  • 23.48.23.164
  • 23.48.23.157
  • 23.48.23.173
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
google.com
  • 142.250.186.78
whitelisted
api-unifyinstaller.sodapdf.com
  • 104.19.145.4
  • 104.19.146.4
unknown
cdn-msi.sodapdf.com
  • 104.19.145.4
  • 104.19.146.4
unknown
wsgeoip.sodapdf.com
  • 104.19.145.4
  • 104.19.146.4
unknown
c.pki.goog
  • 142.250.186.131
whitelisted
login.live.com
  • 20.190.159.2
  • 40.126.31.1
  • 40.126.31.128
  • 40.126.31.0
  • 20.190.159.4
  • 40.126.31.71
  • 20.190.159.129
  • 40.126.31.131
  • 20.190.159.130
  • 40.126.31.69
  • 40.126.31.73
  • 20.190.159.23
  • 40.126.31.3
  • 20.190.159.71
whitelisted
client.wns.windows.com
  • 172.211.123.248
  • 172.211.123.250
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SodaPDFInstaller-MCdrmxtX.exe