File name:

AppSuite-PDF (1).msi

Full analysis: https://app.any.run/tasks/02ab7d40-ffb6-4110-aa44-6a7b4d0514c8
Verdict: Malicious activity
Analysis date: July 01, 2025, 16:52:07
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
generated-doc
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: PDF Editor, Author: user, Keywords: Installer, Comments: This installer database contains the logic and data required to install PDF Editor., Template: Intel;1033, Revision Number: {E5D0BE0F-D538-42F3-A1E6-D51C7BBCF7BE}, Create Time/Date: Thu May 29 01:26:22 2025, Last Saved Time/Date: Thu May 29 01:26:22 2025, Number of Pages: 200, Number of Words: 10, Name of Creating Application: WiX Toolset (5.0.2.0), Security: 2
MD5:

08E42764571804AA3E27530B03DD5D99

SHA1:

82CA6C9C8B0CF59F8DCE178352360ABCB99637AC

SHA256:

B66D89EE13A48E9C8D4A7AA2E3E1CB2B79F0B95E4F74F4184B85628656281588

SSDEEP:

98304:3a/8rG6Wj9FLEMN/2q/4pL51eLFfFQHZposE2kUanIu3L6vKM0a/8rGguJKeacPm:x

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • PDFEditorSetup.exe (PID: 6900)
      • PDF Editor.exe (PID: 2180)
      • PDF Editor.exe (PID: 6676)
      • PDF Editor.exe (PID: 6656)
      • PDF Editor.exe (PID: 5172)
      • PDF Editor.exe (PID: 1636)
      • PDF Editor.exe (PID: 6936)
      • PDF Editor.exe (PID: 6424)

    • Changes the autorun value in the registry

      • PDF Editor.exe (PID: 1636)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • PDFEditorSetup.exe (PID: 6900)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • PDFEditorSetup.exe (PID: 6900)

    • Executable content was dropped or overwritten

      • PDFEditorSetup.exe (PID: 6900)

    • Drops 7-zip archiver for unpacking

      • PDFEditorSetup.exe (PID: 6900)

    • Process drops legitimate windows executable

      • PDFEditorSetup.exe (PID: 6900)

    • Reads security settings of Internet Explorer

      • PDFEditorSetup.exe (PID: 6900)
      • msiexec.exe (PID: 6808)

    • Application launched itself

      • PDF Editor.exe (PID: 5172)
      • PDF Editor.exe (PID: 1636)

    • Creates a software uninstall entry

      • PDFEditorSetup.exe (PID: 6900)

  • INFO

    • An automatically generated document

      • msiexec.exe (PID: 7164)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 7164)
      • PDF Editor.exe (PID: 5172)
      • PDF Editor.exe (PID: 6676)
      • PDFEditorSetup.exe (PID: 6900)
      • PDF Editor.exe (PID: 1636)

    • Checks supported languages

      • msiexec.exe (PID: 6808)
      • msiexec.exe (PID: 2732)
      • PDFEditorSetup.exe (PID: 6900)
      • PDF Editor.exe (PID: 5172)
      • PDF Editor.exe (PID: 2180)
      • PDF Editor.exe (PID: 6676)
      • PDF Editor.exe (PID: 6656)
      • PDF Editor.exe (PID: 1636)
      • PDF Editor.exe (PID: 6424)

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 6808)
      • PDF Editor.exe (PID: 5172)
      • PDF Editor.exe (PID: 1636)

    • Reads the computer name

      • msiexec.exe (PID: 2732)
      • msiexec.exe (PID: 6808)
      • PDFEditorSetup.exe (PID: 6900)
      • PDF Editor.exe (PID: 5172)
      • PDF Editor.exe (PID: 2180)
      • PDF Editor.exe (PID: 6676)
      • PDF Editor.exe (PID: 1636)

    • Checks proxy server information

      • msiexec.exe (PID: 7164)
      • msiexec.exe (PID: 6808)
      • PDF Editor.exe (PID: 5172)
      • PDF Editor.exe (PID: 1636)

    • Disables trace logs

      • msiexec.exe (PID: 6808)

    • Create files in a temporary directory

      • msiexec.exe (PID: 7164)
      • PDFEditorSetup.exe (PID: 6900)
      • msiexec.exe (PID: 6808)
      • PDF Editor.exe (PID: 5172)

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 7164)

    • Reads the software policy settings

      • msiexec.exe (PID: 6808)
      • msiexec.exe (PID: 7164)

    • The sample compiled with english language support

      • PDFEditorSetup.exe (PID: 6900)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 7164)
      • msiexec.exe (PID: 6808)

    • Process checks computer location settings

      • msiexec.exe (PID: 6808)
      • PDF Editor.exe (PID: 5172)
      • PDF Editor.exe (PID: 6656)

    • Manual execution by a user

      • PDF Editor.exe (PID: 5172)

    • Launching a file from a Registry key

      • PDF Editor.exe (PID: 1636)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Windows Installer (98.5)
.msi | Microsoft Installer (100)

EXIF

FlashPix

CodePage: Windows Latin 1 (Western European)
Title: Installation Database
Subject: PDF Editor
Author: user
Keywords: Installer
Comments: This installer database contains the logic and data required to install PDF Editor.
Template: Intel;1033
RevisionNumber: {E5D0BE0F-D538-42F3-A1E6-D51C7BBCF7BE}
CreateDate: 2025:05:29 01:26:22
ModifyDate: 2025:05:29 01:26:22
Pages: 200
Words: 10
Software: WiX Toolset (5.0.2.0)
Security: Read-only recommended
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
148
Monitored processes
12
Malicious processes
5
Suspicious processes
5

Behavior graph

Click at the process to see the details
start msiexec.exe msiexec.exe no specs msiexec.exe pdfeditorsetup.exe pdf editor.exe pdf editor.exe no specs pdf editor.exe pdf editor.exe no specs pdf editor.exe pdf editor.exe no specs pdf editor.exe no specs slui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1636"C:\Users\admin\PDFEditor\PDF Editor.exe" --cm=--enableupdateC:\Users\admin\PDFEditor\PDF Editor.exe
msiexec.exe
User:
admin
Company:
AppSuite
Integrity Level:
MEDIUM
Description:
PDF Editor
Exit code:
0
Version:
1.0.8
Modules
Images
c:\users\admin\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\users\admin\pdfeditor\ffmpeg.dll
2180"C:\Users\admin\PDFEditor\PDF Editor.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Roaming\PDF Editor" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1900 --field-trial-handle=1904,i,4401665083781758114,10431779398487006025,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2C:\Users\admin\PDFEditor\PDF Editor.exePDF Editor.exe
User:
admin
Company:
AppSuite
Integrity Level:
LOW
Description:
PDF Editor
Version:
1.0.8
Modules
Images
c:\users\admin\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2732C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
4192C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5172"C:\Users\admin\PDFEditor\PDF Editor.exe" C:\Users\admin\PDFEditor\PDF Editor.exe
explorer.exe
User:
admin
Company:
AppSuite
Integrity Level:
MEDIUM
Description:
PDF Editor
Version:
1.0.8
Modules
Images
c:\users\admin\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6424"C:\Users\admin\PDFEditor\PDF Editor.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Roaming\PDF Editor" --mojo-platform-channel-handle=1824 --field-trial-handle=1740,i,10034445757593693120,12916207619693733355,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8C:\Users\admin\PDFEditor\PDF Editor.exePDF Editor.exe
User:
admin
Company:
AppSuite
Integrity Level:
MEDIUM
Description:
PDF Editor
Exit code:
0
Version:
1.0.8
Modules
Images
c:\users\admin\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
6656"C:\Users\admin\PDFEditor\PDF Editor.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\PDF Editor" --app-path="C:\Users\admin\PDFEditor\resources\app" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3008 --field-trial-handle=1904,i,4401665083781758114,10431779398487006025,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1C:\Users\admin\PDFEditor\PDF Editor.exePDF Editor.exe
User:
admin
Company:
AppSuite
Integrity Level:
LOW
Description:
PDF Editor
Version:
1.0.8
Modules
Images
c:\users\admin\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
6676"C:\Users\admin\PDFEditor\PDF Editor.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Roaming\PDF Editor" --mojo-platform-channel-handle=2000 --field-trial-handle=1904,i,4401665083781758114,10431779398487006025,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8C:\Users\admin\PDFEditor\PDF Editor.exe
PDF Editor.exe
User:
admin
Company:
AppSuite
Integrity Level:
MEDIUM
Description:
PDF Editor
Version:
1.0.8
Modules
Images
c:\users\admin\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6808C:\Windows\syswow64\MsiExec.exe -Embedding 19FBFE9F20754A2DE7893B05CCE8846F UC:\Windows\SysWOW64\msiexec.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
6900"C:\Users\admin\PDFEditor\PDFEditorSetup.exe" --force-run /S /D="C:\Users\admin\PDFEditor"C:\Users\admin\PDFEditor\PDFEditorSetup.exe
msiexec.exe
User:
admin
Company:
AppSuite
Integrity Level:
MEDIUM
Description:
PDF EDITOR BY APPSUITE
Exit code:
0
Version:
1.0.8
Modules
Images
c:\users\admin\pdfeditor\pdfeditorsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
Total events
8 858
Read events
8 812
Write events
28
Delete events
18

Modification events

(PID) Process:(6808) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(6808) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(6808) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(6808) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(6808) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(6808) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(6808) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(6808) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(6808) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASMANCS
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(6808) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASMANCS
Operation:writeName:EnableConsoleTracing
Value:
0
Executable files
29
Suspicious files
96
Text files
34
Unknown types
134

Dropped files

PID
Process
Filename
Type
6808msiexec.exeC:\Users\admin\PDFEditor\PDFEditorSetup.exe
MD5:
SHA256:
6900PDFEditorSetup.exeC:\Users\admin\AppData\Local\Temp\nsa76B7.tmp\app-64.7z
MD5:
SHA256:
7164msiexec.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FE17BEC2A573BC9AE36869D0274FFA19_6DA81F04C5F9EAD2CD0268808FCE61E1binary
MD5:EE7C5F5AF5D0A36AAD1ECF107A648656
SHA256:63204912F539CB7748C734007AEE6B67834553B30263F7C0FD04B056D3A0DAF1
6900PDFEditorSetup.exeC:\Users\admin\AppData\Local\Temp\nsa76B7.tmp\7z-out\icudtl.dat
MD5:
SHA256:
7164msiexec.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\248DDD9FCF61002E219645695E3FFC98_8CA320F42C1C527BA68EC7341846F93Cbinary
MD5:A1F84325A85DECF3BB010620D8726E43
SHA256:F5A419730BBA45049E112979A5EFE0277EF1DBE03BF0F9CAF76E58B9B2E5ACC0
6900PDFEditorSetup.exeC:\Users\admin\AppData\Local\Temp\nsa76B7.tmp\7z-out\LICENSES.chromium.html
MD5:
SHA256:
7164msiexec.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FE17BEC2A573BC9AE36869D0274FFA19_6DA81F04C5F9EAD2CD0268808FCE61E1der
MD5:7E5E9912DE7A985FF6257B5E3005DE2C
SHA256:EC0BDEA0FCC54BE0A302CAC5A2513186CCD5A9E1BD9DE7C8DD81CE1773141571
7164msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI4797\WixSharp.UI.CA.dllexecutable
MD5:D3CF446C9F3F258030FD984DD81D5826
SHA256:B1302D4BFE97A7B1E791C880433148D7BAD4841DFAB54364081C0292336B32A7
7164msiexec.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\248DDD9FCF61002E219645695E3FFC98_8CA320F42C1C527BA68EC7341846F93Cder
MD5:40B2231A1A6014306F8153324DCF5AFD
SHA256:EB1B6FA1E692F1F352D08267B03CA8F992E446909949ED72BEB0626C36F8107E
6808msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI4797\EmbeddedUI.configxml
MD5:C9C40AF1656F8531EAA647CACEB1E436
SHA256:1A67F60962CA1CBF19873B62A8518EFE8C701A09CD609AF4C50ECC7F0B468BB8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
42
DNS requests
37
Threats
9

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7164
msiexec.exe
GET
200
18.173.205.113:80
http://ocsps.ssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQg3SSkKA74hABkhmlBtJTz8w3hlAQU%2BWC71OPVNPa49QaAJadz20ZpqJ4CEEJLalPOx2YUHCpjsaUcQQQ%3D
unknown
whitelisted
7164
msiexec.exe
GET
200
18.173.205.113:80
http://ocsps.ssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSoEwb5tith0jIBy9frSyNGB1lsAAQUNr1J%2FzEs669qQP6ZwBbtuvxI3V8CED%2FrrkGJaIXpH9sg4JUMYFQ%3D
unknown
whitelisted
1268
svchost.exe
GET
200
2.18.121.147:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5444
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1268
svchost.exe
GET
200
2.20.154.94:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4880
SIHClient.exe
GET
200
2.20.154.94:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
4880
SIHClient.exe
GET
200
2.20.154.94:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6788
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
7164
msiexec.exe
18.173.205.113:80
ocsps.ssl.com
US
whitelisted
4
System
192.168.100.255:138
whitelisted
6808
msiexec.exe
3.160.150.27:443
inst.productivity-tools.ai
US
unknown
6808
msiexec.exe
143.204.98.121:443
vault.appsuites.ai
AMAZON-02
US
unknown
1268
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
2.18.121.147:80
crl.microsoft.com
AKAMAI-AS
FR
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.104.136.2
whitelisted
google.com
  • 142.250.185.78
whitelisted
ocsps.ssl.com
  • 18.173.205.113
  • 18.173.205.57
  • 18.173.205.76
  • 18.173.205.43
whitelisted
inst.productivity-tools.ai
  • 3.160.150.27
  • 3.160.150.107
  • 3.160.150.89
  • 3.160.150.12
unknown
vault.appsuites.ai
  • 143.204.98.121
  • 143.204.98.82
  • 143.204.98.57
  • 143.204.98.38
unknown
crl.microsoft.com
  • 2.18.121.147
  • 2.18.121.139
whitelisted
www.microsoft.com
  • 2.20.154.94
whitelisted
login.live.com
  • 40.126.31.0
  • 20.190.159.4
  • 40.126.31.129
  • 20.190.159.0
  • 20.190.159.71
  • 20.190.159.130
  • 20.190.159.68
  • 40.126.31.130
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted

Threats

PID
Process
Class
Message
6676
PDF Editor.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
6676
PDF Editor.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
6676
PDF Editor.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
6676
PDF Editor.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
6676
PDF Editor.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
6676
PDF Editor.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
6676
PDF Editor.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
6676
PDF Editor.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
AppSuite-PDF (1).msi