File name:

AppSuite-PDF.msi

Full analysis: https://app.any.run/tasks/13d2702e-7fdc-4698-ae0b-3b8dfd29f873
Verdict: Malicious activity
Analysis date: June 13, 2025, 19:28:16
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
generated-doc
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: PDF Editor, Author: user, Keywords: Installer, Comments: This installer database contains the logic and data required to install PDF Editor., Template: Intel;1033, Revision Number: {E5D0BE0F-D538-42F3-A1E6-D51C7BBCF7BE}, Create Time/Date: Thu May 29 01:26:22 2025, Last Saved Time/Date: Thu May 29 01:26:22 2025, Number of Pages: 200, Number of Words: 10, Name of Creating Application: WiX Toolset (5.0.2.0), Security: 2
MD5:

08E42764571804AA3E27530B03DD5D99

SHA1:

82CA6C9C8B0CF59F8DCE178352360ABCB99637AC

SHA256:

B66D89EE13A48E9C8D4A7AA2E3E1CB2B79F0B95E4F74F4184B85628656281588

SSDEEP:

98304:3a/8rG6Wj9FLEMN/2q/4pL51eLFfFQHZposE2kUanIu3L6vKM0a/8rGguJKeacPm:x

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • PDFEditorSetup.exe (PID: 1948)
      • PDF Editor.exe (PID: 3588)
      • PDF Editor.exe (PID: 1512)
      • PDF Editor.exe (PID: 1208)
      • PDF Editor.exe (PID: 2324)
      • PDF Editor.exe (PID: 2596)
      • PDF Editor.exe (PID: 2764)
      • PDF Editor.exe (PID: 3960)

    • Changes the autorun value in the registry

      • PDF Editor.exe (PID: 2324)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 5764)
      • PDFEditorSetup.exe (PID: 1948)

    • Executable content was dropped or overwritten

      • PDFEditorSetup.exe (PID: 1948)

    • The process creates files with name similar to system file names

      • PDFEditorSetup.exe (PID: 1948)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • PDFEditorSetup.exe (PID: 1948)

    • Drops 7-zip archiver for unpacking

      • PDFEditorSetup.exe (PID: 1948)

    • Process drops legitimate windows executable

      • PDFEditorSetup.exe (PID: 1948)

    • Creates a software uninstall entry

      • PDFEditorSetup.exe (PID: 1948)

    • Application launched itself

      • PDF Editor.exe (PID: 1512)
      • PDF Editor.exe (PID: 2324)

  • INFO

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 6852)
      • PDFEditorSetup.exe (PID: 1948)
      • PDF Editor.exe (PID: 1512)
      • PDF Editor.exe (PID: 3588)
      • PDF Editor.exe (PID: 2324)

    • An automatically generated document

      • msiexec.exe (PID: 6852)

    • Create files in a temporary directory

      • msiexec.exe (PID: 6852)
      • msiexec.exe (PID: 5764)
      • PDFEditorSetup.exe (PID: 1948)
      • PDF Editor.exe (PID: 1512)

    • Reads the computer name

      • msiexec.exe (PID: 5764)
      • msiexec.exe (PID: 1700)
      • PDFEditorSetup.exe (PID: 1948)
      • PDF Editor.exe (PID: 1512)
      • PDF Editor.exe (PID: 1208)
      • PDF Editor.exe (PID: 3588)
      • PDF Editor.exe (PID: 2324)

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 6852)

    • Checks supported languages

      • msiexec.exe (PID: 1700)
      • msiexec.exe (PID: 5764)
      • PDFEditorSetup.exe (PID: 1948)
      • PDF Editor.exe (PID: 1512)
      • PDF Editor.exe (PID: 1208)
      • PDF Editor.exe (PID: 3588)
      • PDF Editor.exe (PID: 2324)
      • PDF Editor.exe (PID: 2596)
      • PDF Editor.exe (PID: 2764)

    • Checks proxy server information

      • msiexec.exe (PID: 6852)
      • msiexec.exe (PID: 5764)
      • PDF Editor.exe (PID: 1512)
      • PDF Editor.exe (PID: 2324)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 6852)
      • msiexec.exe (PID: 5764)

    • Reads the software policy settings

      • msiexec.exe (PID: 6852)
      • msiexec.exe (PID: 5764)

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 5764)
      • PDF Editor.exe (PID: 1512)
      • PDF Editor.exe (PID: 2324)

    • Disables trace logs

      • msiexec.exe (PID: 5764)

    • Process checks computer location settings

      • msiexec.exe (PID: 5764)
      • PDF Editor.exe (PID: 1512)
      • PDF Editor.exe (PID: 2596)

    • The sample compiled with english language support

      • PDFEditorSetup.exe (PID: 1948)

    • Manual execution by a user

      • PDF Editor.exe (PID: 1512)

    • Launching a file from a Registry key

      • PDF Editor.exe (PID: 2324)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Windows Installer (98.5)
.msi | Microsoft Installer (100)

EXIF

FlashPix

CodePage: Windows Latin 1 (Western European)
Title: Installation Database
Subject: PDF Editor
Author: user
Keywords: Installer
Comments: This installer database contains the logic and data required to install PDF Editor.
Template: Intel;1033
RevisionNumber: {E5D0BE0F-D538-42F3-A1E6-D51C7BBCF7BE}
CreateDate: 2025:05:29 01:26:22
ModifyDate: 2025:05:29 01:26:22
Pages: 200
Words: 10
Software: WiX Toolset (5.0.2.0)
Security: Read-only recommended
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
145
Monitored processes
11
Malicious processes
5
Suspicious processes
5

Behavior graph

Click at the process to see the details
start msiexec.exe msiexec.exe no specs msiexec.exe pdfeditorsetup.exe pdf editor.exe pdf editor.exe no specs pdf editor.exe pdf editor.exe pdf editor.exe no specs pdf editor.exe no specs pdf editor.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1208"C:\Users\admin\PDFEditor\PDF Editor.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Roaming\PDF Editor" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1884 --field-trial-handle=1888,i,9701092309191093083,6088858745771378273,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2C:\Users\admin\PDFEditor\PDF Editor.exePDF Editor.exe
User:
admin
Company:
AppSuite
Integrity Level:
LOW
Description:
PDF Editor
Exit code:
0
Version:
1.0.8
Modules
Images
c:\users\admin\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1512"C:\Users\admin\PDFEditor\PDF Editor.exe" C:\Users\admin\PDFEditor\PDF Editor.exe
explorer.exe
User:
admin
Company:
AppSuite
Integrity Level:
MEDIUM
Description:
PDF Editor
Exit code:
0
Version:
1.0.8
Modules
Images
c:\users\admin\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\combase.dll
1700C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1948"C:\Users\admin\PDFEditor\PDFEditorSetup.exe" --force-run /S /D="C:\Users\admin\PDFEditor"C:\Users\admin\PDFEditor\PDFEditorSetup.exe
msiexec.exe
User:
admin
Company:
AppSuite
Integrity Level:
MEDIUM
Description:
PDF EDITOR BY APPSUITE
Exit code:
0
Version:
1.0.8
Modules
Images
c:\users\admin\pdfeditor\pdfeditorsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
2324"C:\Users\admin\PDFEditor\PDF Editor.exe" --cm=--enableupdateC:\Users\admin\PDFEditor\PDF Editor.exe
msiexec.exe
User:
admin
Company:
AppSuite
Integrity Level:
MEDIUM
Description:
PDF Editor
Exit code:
0
Version:
1.0.8
Modules
Images
c:\users\admin\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\users\admin\pdfeditor\ffmpeg.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2596"C:\Users\admin\PDFEditor\PDF Editor.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\PDF Editor" --app-path="C:\Users\admin\PDFEditor\resources\app" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2972 --field-trial-handle=1888,i,9701092309191093083,6088858745771378273,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1C:\Users\admin\PDFEditor\PDF Editor.exePDF Editor.exe
User:
admin
Company:
AppSuite
Integrity Level:
LOW
Description:
PDF Editor
Exit code:
0
Version:
1.0.8
Modules
Images
c:\users\admin\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
2764"C:\Users\admin\PDFEditor\PDF Editor.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Roaming\PDF Editor" --mojo-platform-channel-handle=1860 --field-trial-handle=1724,i,6002643493731606234,7842743272947167952,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8C:\Users\admin\PDFEditor\PDF Editor.exePDF Editor.exe
User:
admin
Company:
AppSuite
Integrity Level:
MEDIUM
Description:
PDF Editor
Exit code:
0
Version:
1.0.8
Modules
Images
c:\users\admin\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
3588"C:\Users\admin\PDFEditor\PDF Editor.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Roaming\PDF Editor" --mojo-platform-channel-handle=2000 --field-trial-handle=1888,i,9701092309191093083,6088858745771378273,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8C:\Users\admin\PDFEditor\PDF Editor.exe
PDF Editor.exe
User:
admin
Company:
AppSuite
Integrity Level:
MEDIUM
Description:
PDF Editor
Exit code:
0
Version:
1.0.8
Modules
Images
c:\users\admin\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3960"C:\Users\admin\PDFEditor\PDF Editor.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Roaming\PDF Editor" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1720 --field-trial-handle=1724,i,6002643493731606234,7842743272947167952,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2C:\Users\admin\PDFEditor\PDF Editor.exePDF Editor.exe
User:
admin
Company:
AppSuite
Integrity Level:
LOW
Description:
PDF Editor
Exit code:
0
Version:
1.0.8
Modules
Images
c:\users\admin\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
5764C:\Windows\syswow64\MsiExec.exe -Embedding 3015D423E660D105094F004EDCBF36AB UC:\Windows\SysWOW64\msiexec.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
Total events
8 502
Read events
8 456
Write events
28
Delete events
18

Modification events

(PID) Process:(5764) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(5764) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(5764) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(5764) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(5764) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(5764) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(5764) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(5764) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(5764) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASMANCS
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(5764) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASMANCS
Operation:writeName:EnableConsoleTracing
Value:
0
Executable files
34
Suspicious files
232
Text files
33
Unknown types
0

Dropped files

PID
Process
Filename
Type
5764msiexec.exeC:\Users\admin\PDFEditor\PDFEditorSetup.exe
MD5:
SHA256:
1948PDFEditorSetup.exeC:\Users\admin\AppData\Local\Temp\nso97FB.tmp\app-64.7z
MD5:
SHA256:
6852msiexec.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\248DDD9FCF61002E219645695E3FFC98_8CA320F42C1C527BA68EC7341846F93Cbinary
MD5:2066597B5F02ACAC834A17BCEF6C4777
SHA256:975834033AF7FFED1BA9CCD0F52BCC23702F4A1CEF2BCF896B97056E3ADFBAA5
1948PDFEditorSetup.exeC:\Users\admin\AppData\Local\Temp\nso97FB.tmp\7z-out\icudtl.dat
MD5:
SHA256:
5764msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI2984\WixSharp.dllexecutable
MD5:CA64E60B4874854FF33BF6CE8619CEBB
SHA256:846A4B3FFBD090BBC659A183BE01D3A7F833D34E604DC64D607EF29577545BBF
1948PDFEditorSetup.exeC:\Users\admin\AppData\Local\Temp\nso97FB.tmp\7z-out\LICENSES.chromium.html
MD5:
SHA256:
6852msiexec.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FE17BEC2A573BC9AE36869D0274FFA19_6DA81F04C5F9EAD2CD0268808FCE61E1binary
MD5:04BC634277DA6CC61659381255E3388A
SHA256:A3C16470C034EB1ECB7DEC72E919D93DC475BF29AD51E780DF0FA893911B1DA3
6852msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI2984\WixSharp.UI.CA.dllexecutable
MD5:D3CF446C9F3F258030FD984DD81D5826
SHA256:B1302D4BFE97A7B1E791C880433148D7BAD4841DFAB54364081C0292336B32A7
5764msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI2984\WixSharp.UI.WPF.dllexecutable
MD5:C593B3351E9DA6668E70C9CD45D2C224
SHA256:32FA0A9E828B57D201EF0DBC31FA1B057E8A4C87B5C16C5F0930C955D4F08252
6852msiexec.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\248DDD9FCF61002E219645695E3FFC98_8CA320F42C1C527BA68EC7341846F93Cbinary
MD5:2CA23F243C37405C40BFD8BDF8B6BE75
SHA256:1674C91605BA40D03F80B8ACDB0E3270332CA8624E33A82F552A1ECA61CCD2B1
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
45
DNS requests
35
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6852
msiexec.exe
GET
200
18.173.205.113:80
http://ocsps.ssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQg3SSkKA74hABkhmlBtJTz8w3hlAQU%2BWC71OPVNPa49QaAJadz20ZpqJ4CEEJLalPOx2YUHCpjsaUcQQQ%3D
unknown
whitelisted
6852
msiexec.exe
GET
200
18.173.205.113:80
http://ocsps.ssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSoEwb5tith0jIBy9frSyNGB1lsAAQUNr1J%2FzEs669qQP6ZwBbtuvxI3V8CED%2FrrkGJaIXpH9sg4JUMYFQ%3D
unknown
whitelisted
2288
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1268
svchost.exe
GET
200
184.24.77.14:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
3576
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
3576
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1268
svchost.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3788
RUXIMICS.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5944
MoUsoCoreWorker.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6852
msiexec.exe
18.173.205.113:80
ocsps.ssl.com
US
whitelisted
5764
msiexec.exe
3.160.150.12:443
inst.productivity-tools.ai
US
unknown
4
System
192.168.100.255:138
whitelisted
2336
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
2288
svchost.exe
40.126.31.129:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2288
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 216.58.206.78
whitelisted
ocsps.ssl.com
  • 18.173.205.113
  • 18.173.205.57
  • 18.173.205.76
  • 18.173.205.43
whitelisted
inst.productivity-tools.ai
  • 3.160.150.12
  • 3.160.150.89
  • 3.160.150.107
  • 3.160.150.27
unknown
login.live.com
  • 40.126.31.129
  • 20.190.159.64
  • 20.190.159.131
  • 20.190.159.130
  • 20.190.159.68
  • 40.126.31.130
  • 20.190.159.71
  • 40.126.31.0
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 184.24.77.14
  • 184.24.77.43
  • 184.24.77.19
  • 184.24.77.6
  • 184.24.77.24
  • 184.24.77.10
  • 184.24.77.22
  • 184.24.77.8
  • 184.24.77.16
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
vault.appsuites.ai
  • 143.204.98.57
  • 143.204.98.82
  • 143.204.98.38
  • 143.204.98.121
unknown

Threats

PID
Process
Class
Message
3588
PDF Editor.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
3588
PDF Editor.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
3588
PDF Editor.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
3588
PDF Editor.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
3588
PDF Editor.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
3588
PDF Editor.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
3588
PDF Editor.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
3588
PDF Editor.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
AppSuite-PDF.msi