File name:

AppSuite-PDF (1).msi

Full analysis: https://app.any.run/tasks/02ab7d40-ffb6-4110-aa44-6a7b4d0514c8
Verdict: Malicious activity
Analysis date: July 01, 2025, 16:52:07
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
generated-doc
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: PDF Editor, Author: user, Keywords: Installer, Comments: This installer database contains the logic and data required to install PDF Editor., Template: Intel;1033, Revision Number: {E5D0BE0F-D538-42F3-A1E6-D51C7BBCF7BE}, Create Time/Date: Thu May 29 01:26:22 2025, Last Saved Time/Date: Thu May 29 01:26:22 2025, Number of Pages: 200, Number of Words: 10, Name of Creating Application: WiX Toolset (5.0.2.0), Security: 2
MD5:

08E42764571804AA3E27530B03DD5D99

SHA1:

82CA6C9C8B0CF59F8DCE178352360ABCB99637AC

SHA256:

B66D89EE13A48E9C8D4A7AA2E3E1CB2B79F0B95E4F74F4184B85628656281588

SSDEEP:

98304:3a/8rG6Wj9FLEMN/2q/4pL51eLFfFQHZposE2kUanIu3L6vKM0a/8rGguJKeacPm:x

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • PDFEditorSetup.exe (PID: 6900)
      • PDF Editor.exe (PID: 5172)
      • PDF Editor.exe (PID: 2180)
      • PDF Editor.exe (PID: 6676)
      • PDF Editor.exe (PID: 6656)
      • PDF Editor.exe (PID: 1636)
      • PDF Editor.exe (PID: 6936)
      • PDF Editor.exe (PID: 6424)

    • Changes the autorun value in the registry

      • PDF Editor.exe (PID: 1636)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 6808)
      • PDFEditorSetup.exe (PID: 6900)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • PDFEditorSetup.exe (PID: 6900)

    • The process creates files with name similar to system file names

      • PDFEditorSetup.exe (PID: 6900)

    • Executable content was dropped or overwritten

      • PDFEditorSetup.exe (PID: 6900)

    • Drops 7-zip archiver for unpacking

      • PDFEditorSetup.exe (PID: 6900)

    • Process drops legitimate windows executable

      • PDFEditorSetup.exe (PID: 6900)

    • Creates a software uninstall entry

      • PDFEditorSetup.exe (PID: 6900)

    • Application launched itself

      • PDF Editor.exe (PID: 5172)
      • PDF Editor.exe (PID: 1636)

  • INFO

    • Reads the software policy settings

      • msiexec.exe (PID: 7164)
      • msiexec.exe (PID: 6808)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 7164)
      • PDFEditorSetup.exe (PID: 6900)
      • PDF Editor.exe (PID: 5172)
      • PDF Editor.exe (PID: 6676)
      • PDF Editor.exe (PID: 1636)

    • Checks proxy server information

      • msiexec.exe (PID: 7164)
      • msiexec.exe (PID: 6808)
      • PDF Editor.exe (PID: 5172)
      • PDF Editor.exe (PID: 1636)

    • Checks supported languages

      • msiexec.exe (PID: 2732)
      • msiexec.exe (PID: 6808)
      • PDFEditorSetup.exe (PID: 6900)
      • PDF Editor.exe (PID: 5172)
      • PDF Editor.exe (PID: 2180)
      • PDF Editor.exe (PID: 6676)
      • PDF Editor.exe (PID: 6656)
      • PDF Editor.exe (PID: 1636)
      • PDF Editor.exe (PID: 6424)

    • An automatically generated document

      • msiexec.exe (PID: 7164)

    • Reads the computer name

      • msiexec.exe (PID: 2732)
      • msiexec.exe (PID: 6808)
      • PDFEditorSetup.exe (PID: 6900)
      • PDF Editor.exe (PID: 5172)
      • PDF Editor.exe (PID: 6676)
      • PDF Editor.exe (PID: 2180)
      • PDF Editor.exe (PID: 1636)

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 7164)

    • Create files in a temporary directory

      • msiexec.exe (PID: 7164)
      • msiexec.exe (PID: 6808)
      • PDFEditorSetup.exe (PID: 6900)
      • PDF Editor.exe (PID: 5172)

    • Disables trace logs

      • msiexec.exe (PID: 6808)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 7164)
      • msiexec.exe (PID: 6808)

    • Process checks computer location settings

      • msiexec.exe (PID: 6808)
      • PDF Editor.exe (PID: 5172)
      • PDF Editor.exe (PID: 6656)

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 6808)
      • PDF Editor.exe (PID: 5172)
      • PDF Editor.exe (PID: 1636)

    • The sample compiled with english language support

      • PDFEditorSetup.exe (PID: 6900)

    • Manual execution by a user

      • PDF Editor.exe (PID: 5172)

    • Launching a file from a Registry key

      • PDF Editor.exe (PID: 1636)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Windows Installer (98.5)
.msi | Microsoft Installer (100)

EXIF

FlashPix

CodePage: Windows Latin 1 (Western European)
Title: Installation Database
Subject: PDF Editor
Author: user
Keywords: Installer
Comments: This installer database contains the logic and data required to install PDF Editor.
Template: Intel;1033
RevisionNumber: {E5D0BE0F-D538-42F3-A1E6-D51C7BBCF7BE}
CreateDate: 2025:05:29 01:26:22
ModifyDate: 2025:05:29 01:26:22
Pages: 200
Words: 10
Software: WiX Toolset (5.0.2.0)
Security: Read-only recommended
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
148
Monitored processes
12
Malicious processes
5
Suspicious processes
5

Behavior graph

Click at the process to see the details
start msiexec.exe msiexec.exe no specs msiexec.exe pdfeditorsetup.exe pdf editor.exe pdf editor.exe no specs pdf editor.exe pdf editor.exe no specs pdf editor.exe pdf editor.exe no specs pdf editor.exe no specs slui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1636"C:\Users\admin\PDFEditor\PDF Editor.exe" --cm=--enableupdateC:\Users\admin\PDFEditor\PDF Editor.exe
msiexec.exe
User:
admin
Company:
AppSuite
Integrity Level:
MEDIUM
Description:
PDF Editor
Exit code:
0
Version:
1.0.8
Modules
Images
c:\users\admin\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\users\admin\pdfeditor\ffmpeg.dll
2180"C:\Users\admin\PDFEditor\PDF Editor.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Roaming\PDF Editor" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1900 --field-trial-handle=1904,i,4401665083781758114,10431779398487006025,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2C:\Users\admin\PDFEditor\PDF Editor.exePDF Editor.exe
User:
admin
Company:
AppSuite
Integrity Level:
LOW
Description:
PDF Editor
Version:
1.0.8
Modules
Images
c:\users\admin\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2732C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
4192C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5172"C:\Users\admin\PDFEditor\PDF Editor.exe" C:\Users\admin\PDFEditor\PDF Editor.exe
explorer.exe
User:
admin
Company:
AppSuite
Integrity Level:
MEDIUM
Description:
PDF Editor
Version:
1.0.8
Modules
Images
c:\users\admin\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6424"C:\Users\admin\PDFEditor\PDF Editor.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Roaming\PDF Editor" --mojo-platform-channel-handle=1824 --field-trial-handle=1740,i,10034445757593693120,12916207619693733355,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8C:\Users\admin\PDFEditor\PDF Editor.exePDF Editor.exe
User:
admin
Company:
AppSuite
Integrity Level:
MEDIUM
Description:
PDF Editor
Exit code:
0
Version:
1.0.8
Modules
Images
c:\users\admin\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
6656"C:\Users\admin\PDFEditor\PDF Editor.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\PDF Editor" --app-path="C:\Users\admin\PDFEditor\resources\app" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3008 --field-trial-handle=1904,i,4401665083781758114,10431779398487006025,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1C:\Users\admin\PDFEditor\PDF Editor.exePDF Editor.exe
User:
admin
Company:
AppSuite
Integrity Level:
LOW
Description:
PDF Editor
Version:
1.0.8
Modules
Images
c:\users\admin\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
6676"C:\Users\admin\PDFEditor\PDF Editor.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Roaming\PDF Editor" --mojo-platform-channel-handle=2000 --field-trial-handle=1904,i,4401665083781758114,10431779398487006025,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8C:\Users\admin\PDFEditor\PDF Editor.exe
PDF Editor.exe
User:
admin
Company:
AppSuite
Integrity Level:
MEDIUM
Description:
PDF Editor
Version:
1.0.8
Modules
Images
c:\users\admin\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6808C:\Windows\syswow64\MsiExec.exe -Embedding 19FBFE9F20754A2DE7893B05CCE8846F UC:\Windows\SysWOW64\msiexec.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
6900"C:\Users\admin\PDFEditor\PDFEditorSetup.exe" --force-run /S /D="C:\Users\admin\PDFEditor"C:\Users\admin\PDFEditor\PDFEditorSetup.exe
msiexec.exe
User:
admin
Company:
AppSuite
Integrity Level:
MEDIUM
Description:
PDF EDITOR BY APPSUITE
Exit code:
0
Version:
1.0.8
Modules
Images
c:\users\admin\pdfeditor\pdfeditorsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
Total events
8 858
Read events
8 812
Write events
28
Delete events
18

Modification events

(PID) Process:(6808) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(6808) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(6808) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(6808) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(6808) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(6808) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(6808) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(6808) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(6808) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASMANCS
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(6808) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASMANCS
Operation:writeName:EnableConsoleTracing
Value:
0
Executable files
29
Suspicious files
96
Text files
34
Unknown types
134

Dropped files

PID
Process
Filename
Type
6808msiexec.exeC:\Users\admin\PDFEditor\PDFEditorSetup.exe
MD5:
SHA256:
6900PDFEditorSetup.exeC:\Users\admin\AppData\Local\Temp\nsa76B7.tmp\app-64.7z
MD5:
SHA256:
6808msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI4797\WixSharp.UI.dllexecutable
MD5:19769632E246C6726BF03AB45027609D
SHA256:4856C78885D53CA633E36CC3A76BE435B2DF65B5EBED1510D1119CD1C241519B
6900PDFEditorSetup.exeC:\Users\admin\AppData\Local\Temp\nsa76B7.tmp\7z-out\icudtl.dat
MD5:
SHA256:
7164msiexec.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FE17BEC2A573BC9AE36869D0274FFA19_6DA81F04C5F9EAD2CD0268808FCE61E1binary
MD5:EE7C5F5AF5D0A36AAD1ECF107A648656
SHA256:63204912F539CB7748C734007AEE6B67834553B30263F7C0FD04B056D3A0DAF1
6900PDFEditorSetup.exeC:\Users\admin\AppData\Local\Temp\nsa76B7.tmp\7z-out\LICENSES.chromium.html
MD5:
SHA256:
6808msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI4797\WixToolset.Mba.Core.dllexecutable
MD5:1E43E0952B5CC4C73245ACAD8114EE63
SHA256:32C39201104A304E74244A7B8D6BEF7DC82C91324BC9B473EDA8163337291692
6808msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI4797\WixSharp.dllexecutable
MD5:CA64E60B4874854FF33BF6CE8619CEBB
SHA256:846A4B3FFBD090BBC659A183BE01D3A7F833D34E604DC64D607EF29577545BBF
6808msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI4797\WixSharp.UI.WPF.dllexecutable
MD5:C593B3351E9DA6668E70C9CD45D2C224
SHA256:32FA0A9E828B57D201EF0DBC31FA1B057E8A4C87B5C16C5F0930C955D4F08252
6900PDFEditorSetup.exeC:\Users\admin\AppData\Local\Temp\nsa76B7.tmp\System.dllexecutable
MD5:0D7AD4F45DC6F5AA87F606D0331C6901
SHA256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
42
DNS requests
37
Threats
9

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7164
msiexec.exe
GET
200
18.173.205.113:80
http://ocsps.ssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQg3SSkKA74hABkhmlBtJTz8w3hlAQU%2BWC71OPVNPa49QaAJadz20ZpqJ4CEEJLalPOx2YUHCpjsaUcQQQ%3D
US
binary
727 b
whitelisted
7164
msiexec.exe
GET
200
18.173.205.113:80
http://ocsps.ssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSoEwb5tith0jIBy9frSyNGB1lsAAQUNr1J%2FzEs669qQP6ZwBbtuvxI3V8CED%2FrrkGJaIXpH9sg4JUMYFQ%3D
US
binary
727 b
whitelisted
1268
svchost.exe
GET
200
2.18.121.147:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
FR
binary
825 b
whitelisted
1268
svchost.exe
GET
200
2.20.154.94:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
ZA
binary
814 b
whitelisted
5444
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
DE
binary
471 b
whitelisted
4880
SIHClient.exe
GET
200
2.20.154.94:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
ZA
binary
408 b
whitelisted
4880
SIHClient.exe
GET
200
2.20.154.94:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
ZA
binary
420 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6788
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
7164
msiexec.exe
18.173.205.113:80
ocsps.ssl.com
US
whitelisted
4
System
192.168.100.255:138
whitelisted
6808
msiexec.exe
3.160.150.27:443
inst.productivity-tools.ai
US
unknown
6808
msiexec.exe
143.204.98.121:443
vault.appsuites.ai
AMAZON-02
US
unknown
1268
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
2.18.121.147:80
crl.microsoft.com
AKAMAI-AS
FR
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.104.136.2
whitelisted
google.com
  • 142.250.185.78
whitelisted
ocsps.ssl.com
  • 18.173.205.113
  • 18.173.205.57
  • 18.173.205.76
  • 18.173.205.43
whitelisted
inst.productivity-tools.ai
  • 3.160.150.27
  • 3.160.150.107
  • 3.160.150.89
  • 3.160.150.12
unknown
vault.appsuites.ai
  • 143.204.98.121
  • 143.204.98.82
  • 143.204.98.57
  • 143.204.98.38
unknown
crl.microsoft.com
  • 2.18.121.147
  • 2.18.121.139
whitelisted
www.microsoft.com
  • 2.20.154.94
whitelisted
login.live.com
  • 40.126.31.0
  • 20.190.159.4
  • 40.126.31.129
  • 20.190.159.0
  • 20.190.159.71
  • 20.190.159.130
  • 20.190.159.68
  • 40.126.31.130
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted

Threats

PID
Process
Class
Message
6676
PDF Editor.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
6676
PDF Editor.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
6676
PDF Editor.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
6676
PDF Editor.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
6676
PDF Editor.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
6676
PDF Editor.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
6676
PDF Editor.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
6676
PDF Editor.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
AppSuite-PDF (1).msi