File name:

architect-setup.exe

Full analysis: https://app.any.run/tasks/aef6b0a4-9a23-4fca-8f21-6a8f150ee6e7
Verdict: Malicious activity
Analysis date: November 28, 2024, 19:54:54
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

509265C143AB2811433F86DE50BF4BDC

SHA1:

1455723D0923EC41E07320A02016777C96EB4E66

SHA256:

CBB28983FD748662652E8B951DCC5CBFA11226CE7CA4709998FC8B352E7B7DC9

SSDEEP:

98304:vrc/ZkUP5kaqdiKDzeFc6JBI4IYl1SlOJdhx58MutLojHog1YVLn8a/Lj1dvkwQ1:Es0Z6Af

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • architect-setup.exe (PID: 6848)

    • Executable content was dropped or overwritten

      • architect-setup.exe (PID: 6848)
      • spoolsv.exe (PID: 6348)
      • printer-installer-app.exe (PID: 2160)

    • Starts itself from another location

      • architect-setup.exe (PID: 6848)

    • Checks Windows Trust Settings

      • architect-setup.exe (PID: 6848)
      • msiexec.exe (PID: 5592)

    • Executes as Windows Service

      • VSSVC.exe (PID: 4876)
      • spoolsv.exe (PID: 6348)
      • activation-service.exe (PID: 2448)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 5592)

    • Process drops legitimate windows executable

      • msiexec.exe (PID: 5592)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 5592)

    • Creates/Modifies COM task schedule object

      • msiexec.exe (PID: 6272)
      • msiexec.exe (PID: 7128)
      • msiexec.exe (PID: 7164)

    • Application launched itself

      • architect.exe (PID: 432)
      • architect-launcher.exe (PID: 7436)

  • INFO

    • Creates files in the program directory

      • architect-setup.exe (PID: 6848)

    • Reads the machine GUID from the registry

      • architect-setup.exe (PID: 6848)
      • msiexec.exe (PID: 5592)

    • Checks supported languages

      • PDF_Architect_9_Installer.exe (PID: 448)
      • msiexec.exe (PID: 5592)
      • msiexec.exe (PID: 7144)
      • printer-installer-app.exe (PID: 2160)

    • Reads the computer name

      • PDF_Architect_9_Installer.exe (PID: 448)
      • msiexec.exe (PID: 5592)
      • msiexec.exe (PID: 7144)
      • printer-installer-app.exe (PID: 2160)

    • Checks proxy server information

      • architect-setup.exe (PID: 6848)

    • Manages system restore points

      • SrTasks.exe (PID: 6904)
      • SrTasks.exe (PID: 7984)
      • SrTasks.exe (PID: 6356)
      • SrTasks.exe (PID: 6496)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 5592)
      • msedge.exe (PID: 6576)

    • Reads the software policy settings

      • msiexec.exe (PID: 5592)

    • Application launched itself

      • msiexec.exe (PID: 5592)
      • msedge.exe (PID: 1888)
      • msedge.exe (PID: 6096)
      • msedge.exe (PID: 7736)

    • Manual execution by a user

      • architect.exe (PID: 432)
      • msedge.exe (PID: 6096)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:03:12 14:09:00+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.37
CodeSize: 7508992
InitializedDataSize: 4529152
UninitializedDataSize: -
EntryPoint: 0x6016db
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 9.1.56.3239
ProductVersionNumber: 9.1.56.3239
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Avanquest pdfforge GmbH
FileDescription: PDF Architect 9 Installer
FileVersion: 9.1.56.3239
InternalName: PDF_Architect_9_Installer.exe
LegalCopyright: © Avanquest pdfforge GmbH. All rights reserved.
OriginalFileName: PDF_Architect_9_Installer.exe
ProductName: PDF Architect 9 Installer
ProductVersion: 9.1.56.3239
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
222
Monitored processes
94
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start architect-setup.exe pdf_architect_9_installer.exe no specs msiexec.exe vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs printer-installer-app.exe spoolsv.exe creator-app.exe no specs creator-ws.exe no specs activation-service.exe no specs msiexec.exe no specs architect.exe no specs update-service.exe no specs stats-com.exe no specs architect-launcher.exe no specs architect.exe no specs activation-service.exe architect.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs architect-launcher.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs tray-app.exe no specs architect.exe no specs stats-com.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs srtasks.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs architect-launcher.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs srtasks.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs srtasks.exe no specs conhost.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs architect-setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
432"C:\Program Files\PDF Architect 9\architect.exe" C:\Program Files\PDF Architect 9\architect.exe
explorer.exe
User:
admin
Company:
Avanquest pdfforge GmbH
Integrity Level:
MEDIUM
Description:
PDF Architect 9
Exit code:
0
Version:
9.1.64.22946
Modules
Images
c:\program files\pdf architect 9\architect.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\psapi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
448"C:\ProgramData\PDF Architect 9\Installation\PDF_Architect_9_Installer.exe" /RegServerC:\ProgramData\PDF Architect 9\Installation\PDF_Architect_9_Installer.exearchitect-setup.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\programdata\pdf architect 9\installation\pdf_architect_9_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.3996_none_d954cb49e10154a6\gdiplus.dll
624"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2968 --field-trial-handle=2324,i,12272492492129207536,16701827548808368496,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
628"C:\Program Files\PDF Architect 9\creator-app.exe" -regserverC:\Program Files\PDF Architect 9\creator-app.exemsiexec.exe
User:
admin
Company:
Avanquest pdfforge GmbH
Integrity Level:
HIGH
Description:
PDF Architect 9
Exit code:
0
Version:
9.1.64.22946
Modules
Images
c:\program files\pdf architect 9\creator-app.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
848C:\Windows\System32\MsiExec.exe -Embedding 6B8A7B3819323F94B1F1100F96FE3760 E Global\MSI0000C:\Windows\System32\msiexec.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1144"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4672 --field-trial-handle=2092,i,2912176471354056634,15317564980994660353,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
1144"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=2324,i,12272492492129207536,16701827548808368496,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
1480"C:\Program Files\PDF Architect 9\architect-launcher.exe" --add-schedulerC:\Program Files\PDF Architect 9\architect-launcher.exemsiexec.exe
User:
admin
Company:
Avanquest pdfforge GmbH
Integrity Level:
HIGH
Description:
PDF Architect 9
Exit code:
0
Version:
9.1.64.22946
Modules
Images
c:\program files\pdf architect 9\architect-launcher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1888"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://paygw.pdfarchitect.org/redirect/install/PDF-Architect-9/?lang=en&uid=1006694&wid=6800&partner=architect_creator_seo&mkey2=B84E42DB-EA7C-4BEA-A683-5DEB6AF005C3&version=9.1.64.22946&configId=7337901D-7D94-481D-ABFC-4314E1698065&ii=B84E42DB-EA7C-4BEA-A683-5DEB6AF005C3&guid=B84E42DB-EA7C-4BEA-A683-5DEB6AF005C3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exearchitect-setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
1
Version:
122.0.2365.59
2160"C:\Program Files\PDF Architect 9\printer-installer-app.exe" -i "C:\Program Files\PDF Architect 9\"C:\Program Files\PDF Architect 9\printer-installer-app.exe
msiexec.exe
User:
admin
Company:
Avanquest pdfforge GmbH
Integrity Level:
HIGH
Description:
PDF Architect 9
Exit code:
0
Version:
9.1.64.22946
Modules
Images
c:\program files\pdf architect 9\printer-installer-app.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\pdf architect 9\encoding-conversion.dll
c:\program files\pdf architect 9\atom.dll
c:\program files\pdf architect 9\boost_program_options-vc143-mt-x64-1_85.dll
c:\program files\pdf architect 9\vcruntime140_1.dll
Total events
43 454
Read events
41 518
Write events
1 864
Delete events
72

Modification events

(PID) Process:(448) PDF_Architect_9_Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D3812FE5-F09C-475F-B0E0-26D4F76DDB80}
Operation:writeName:LaunchPermission
Value:
010014804C0000005C000000140000003000000002001C0001000000110014000400000001010000000000100010000002001C0001000000000014000B0000000101000000000001000000000102000000000005200000002002000001020000000000052000000020020000
(PID) Process:(448) PDF_Architect_9_Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D3812FE5-F09C-475F-B0E0-26D4F76DDB80}
Operation:writeName:AccessPermission
Value:
010014804C0000005C000000140000003000000002001C0001000000110014000400000001010000000000100010000002001C0001000000000014000B0000000101000000000001000000000102000000000005200000002002000001020000000000052000000020020000
(PID) Process:(448) PDF_Architect_9_Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0844C86B-623E-4E33-BEEB-F547ECCA9D4B}\LocalServer32
Operation:writeName:ServerExecutable
Value:
C:\ProgramData\PDF Architect 9\Installation\PDF_Architect_9_Installer.exe
(PID) Process:(448) PDF_Architect_9_Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0844C86B-623E-4E33-BEEB-F547ECCA9D4B}
Operation:writeName:LocalizedString
Value:
@%programdata%\PDF Architect 9\Installation\logs\analytics.dll,-127
(PID) Process:(448) PDF_Architect_9_Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0844C86B-623E-4E33-BEEB-F547ECCA9D4B}\Elevation
Operation:writeName:Enabled
Value:
1
(PID) Process:(448) PDF_Architect_9_Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0844C86B-623E-4E33-BEEB-F547ECCA9D4B}\Elevation
Operation:writeName:IconReference
Value:
@C:\ProgramData\PDF Architect 9\Installation\PDF_Architect_9_Installer.exe,-501
(PID) Process:(448) PDF_Architect_9_Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C76D62DC-F23F-4307-832D-3276A3D620BF}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(448) PDF_Architect_9_Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C76D62DC-F23F-4307-832D-3276A3D620BF}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(6848) architect-setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\PDF Architect 9
Operation:writeName:locale
Value:
en
(PID) Process:(6848) architect-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\PDF Architect 9
Operation:writeName:Common data
Value:
7B22636F6E746163745F656D61696C223A22636F6E74616374406176616E71756573742E636F6D222C22636F756E7472795F69736F32223A225553222C22444F574E4C4F41445F4C494E4B223A22646F776E6C6F6164392E7064666172636869746563742E6F72672F222C22706172616D73223A227569643D31303036363934267769643D3638303026706172746E65723D6172636869746563745F63726561746F725F73656F266D6B6579323D42383445343244422D454137432D344245412D413638332D354445423641463030354333222C22706172746E6572223A226172636869746563745F63726561746F725F73656F222C2272656469726563746F725F6C696E6B223A2268747470733A2F2F70617967772E7064666172636869746563742E6F72672F72656469726563742F222C22756964223A2231303036363934222C227369676E6174757265223A226B57793232596C707A676D524F55615154364B7A352B5A35624C454273784747504B7271464B53366B453531664177714679436E4A5A47595665734631705071724578646E6D5367567843686149526B4A506447737056675135393968366F4255482F684374793853496B7A7176753562626837755979726B48797737494F4647374F614831395854524D33497342512F73556D525A5735686E6D4B7574646E735850397731474E737A2B46315569534E485A444F3056533075417936664B644479344A68362B344470416B45512F2B5355507071374F5A614F3362775175516D654754637463395752527044665065584849686C4E526D784D59576D4E5241374B78415A71546B4667446B65794F4D6A464339336B7156765555595A384C7872696E58457538307A7151556970414142747877346B6E512B41502B5A4167327562354D4F3676745A77656854796F534150463636413D3D227D
Executable files
224
Suspicious files
1 044
Text files
233
Unknown types
8

Dropped files

PID
Process
Filename
Type
6848architect-setup.exeC:\ProgramData\PDF Architect 9\Installation\pdf-architect9-startup-9.1.64.22946-x64.msi
MD5:
SHA256:
5592msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
5592msiexec.exeC:\Windows\Installer\142067.msi
MD5:
SHA256:
5592msiexec.exeC:\Windows\Installer\MSI2D2A.tmp
MD5:
SHA256:
5592msiexec.exeC:\Windows\Installer\MSI2856.tmpexecutable
MD5:C6B4A3411F2AE7594023E46523C39827
SHA256:4A2682D1C05EAF79BE2A405FD89962D74EDBE928FBC20691BFC2404EC27B0BAE
6848architect-setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBder
MD5:4DFFCAEA598CA9A7AC90C4AC4D896FCE
SHA256:D2493F2955428CE9D1E90EAD6467E43F57AC55D5DB6B61F3CE5276025B73F9B9
5592msiexec.exeC:\Windows\Installer\inprogressinstallinfo.ipibinary
MD5:96E7E99F9C1189A652B0B76FCEFE71EB
SHA256:09D7B5EEFEA011AC9118E71714E4127EE749CC75B47856227152855921E73542
5592msiexec.exeC:\System Volume Information\SPP\snapshot-2binary
MD5:86D18ACF4181A83E12C291440BF24715
SHA256:9AFE431C7C79C24095668E97CC5A31A10BD8F41346CA51033113052919338658
6848architect-setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBbinary
MD5:57CFA2D18FCB11AAFF927D4BB5093AD8
SHA256:3D8ABCC571CAFFC954882F9320EB5245982ED7C123CD11EC0ADD6801A4A8F6EE
6848architect-setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141binary
MD5:0C12A1A80C3DBB5725AA79F5A671D6B7
SHA256:53671AEFEDD4FA53BF3C5C02E1EDB9B96B3BB646007B18CEBFA4FEEB09DE54EC
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
48
TCP/UDP connections
176
DNS requests
170
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6848
architect-setup.exe
HEAD
302
104.22.30.211:80
http://download9.pdfarchitect.org/x64/module/main
unknown
whitelisted
6260
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6260
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6848
architect-setup.exe
GET
302
104.22.30.211:80
http://download9.pdfarchitect.org/x64/module/main
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
2.16.164.9:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1488
svchost.exe
GET
200
2.16.164.9:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.16.164.9:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1488
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4712
MoUsoCoreWorker.exe
2.16.164.9:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
1488
svchost.exe
2.16.164.9:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
2.16.164.9:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
4712
MoUsoCoreWorker.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
1488
svchost.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2.23.209.185:443
www.bing.com
Akamai International B.V.
GB
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 40.127.240.158
whitelisted
crl.microsoft.com
  • 2.16.164.9
  • 2.16.164.114
  • 2.16.164.49
whitelisted
www.microsoft.com
  • 88.221.169.152
  • 184.30.21.171
whitelisted
google.com
  • 142.250.185.142
whitelisted
www.bing.com
  • 2.23.209.185
  • 2.23.209.187
  • 2.23.209.176
  • 2.23.209.177
  • 2.23.209.189
  • 2.23.209.161
  • 2.23.209.179
  • 2.23.209.182
  • 2.23.209.193
  • 2.23.209.130
  • 2.23.209.148
  • 2.23.209.133
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 40.126.32.133
  • 40.126.32.74
  • 40.126.32.134
  • 20.190.160.22
  • 20.190.160.14
  • 40.126.32.76
  • 40.126.32.136
  • 40.126.32.72
whitelisted
wsgeoip.pdfarchitect.org
  • 104.22.30.211
  • 172.67.14.205
  • 104.22.31.211
whitelisted
c.pki.goog
  • 142.250.185.131
  • 142.250.185.227
whitelisted
api-updateservice.pdfarchitect.org
  • 104.22.30.211
  • 172.67.14.205
  • 104.22.31.211
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
architect-setup.exe