File name:

architect-setup.exe

Full analysis: https://app.any.run/tasks/aef6b0a4-9a23-4fca-8f21-6a8f150ee6e7
Verdict: Malicious activity
Analysis date: November 28, 2024, 19:54:54
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

509265C143AB2811433F86DE50BF4BDC

SHA1:

1455723D0923EC41E07320A02016777C96EB4E66

SHA256:

CBB28983FD748662652E8B951DCC5CBFA11226CE7CA4709998FC8B352E7B7DC9

SSDEEP:

98304:vrc/ZkUP5kaqdiKDzeFc6JBI4IYl1SlOJdhx58MutLojHog1YVLn8a/Lj1dvkwQ1:Es0Z6Af

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • architect-setup.exe (PID: 6848)

    • Executable content was dropped or overwritten

      • architect-setup.exe (PID: 6848)
      • printer-installer-app.exe (PID: 2160)
      • spoolsv.exe (PID: 6348)

    • Starts itself from another location

      • architect-setup.exe (PID: 6848)

    • Checks Windows Trust Settings

      • architect-setup.exe (PID: 6848)
      • msiexec.exe (PID: 5592)

    • Executes as Windows Service

      • VSSVC.exe (PID: 4876)
      • activation-service.exe (PID: 2448)
      • spoolsv.exe (PID: 6348)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 5592)

    • Process drops legitimate windows executable

      • msiexec.exe (PID: 5592)

    • Creates/Modifies COM task schedule object

      • msiexec.exe (PID: 7128)
      • msiexec.exe (PID: 6272)
      • msiexec.exe (PID: 7164)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 5592)

    • Application launched itself

      • architect.exe (PID: 432)
      • architect-launcher.exe (PID: 7436)

  • INFO

    • Reads the machine GUID from the registry

      • architect-setup.exe (PID: 6848)
      • msiexec.exe (PID: 5592)

    • Creates files in the program directory

      • architect-setup.exe (PID: 6848)

    • Checks supported languages

      • PDF_Architect_9_Installer.exe (PID: 448)
      • msiexec.exe (PID: 5592)
      • msiexec.exe (PID: 7144)
      • printer-installer-app.exe (PID: 2160)

    • Checks proxy server information

      • architect-setup.exe (PID: 6848)

    • Reads the computer name

      • PDF_Architect_9_Installer.exe (PID: 448)
      • msiexec.exe (PID: 5592)
      • printer-installer-app.exe (PID: 2160)
      • msiexec.exe (PID: 7144)

    • Manages system restore points

      • SrTasks.exe (PID: 6904)
      • SrTasks.exe (PID: 6356)
      • SrTasks.exe (PID: 6496)
      • SrTasks.exe (PID: 7984)

    • Reads the software policy settings

      • msiexec.exe (PID: 5592)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 5592)
      • msedge.exe (PID: 6576)

    • Application launched itself

      • msiexec.exe (PID: 5592)
      • msedge.exe (PID: 1888)
      • msedge.exe (PID: 7736)
      • msedge.exe (PID: 6096)

    • Manual execution by a user

      • architect.exe (PID: 432)
      • msedge.exe (PID: 6096)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:03:12 14:09:00+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.37
CodeSize: 7508992
InitializedDataSize: 4529152
UninitializedDataSize: -
EntryPoint: 0x6016db
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 9.1.56.3239
ProductVersionNumber: 9.1.56.3239
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Avanquest pdfforge GmbH
FileDescription: PDF Architect 9 Installer
FileVersion: 9.1.56.3239
InternalName: PDF_Architect_9_Installer.exe
LegalCopyright: © Avanquest pdfforge GmbH. All rights reserved.
OriginalFileName: PDF_Architect_9_Installer.exe
ProductName: PDF Architect 9 Installer
ProductVersion: 9.1.56.3239
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
222
Monitored processes
94
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start architect-setup.exe pdf_architect_9_installer.exe no specs msiexec.exe vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs printer-installer-app.exe spoolsv.exe creator-app.exe no specs creator-ws.exe no specs activation-service.exe no specs msiexec.exe no specs architect.exe no specs update-service.exe no specs stats-com.exe no specs architect-launcher.exe no specs architect.exe no specs activation-service.exe architect.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs architect-launcher.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs tray-app.exe no specs architect.exe no specs stats-com.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs srtasks.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs architect-launcher.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs srtasks.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs srtasks.exe no specs conhost.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs architect-setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
432"C:\Program Files\PDF Architect 9\architect.exe" C:\Program Files\PDF Architect 9\architect.exe
explorer.exe
User:
admin
Company:
Avanquest pdfforge GmbH
Integrity Level:
MEDIUM
Description:
PDF Architect 9
Exit code:
0
Version:
9.1.64.22946
Modules
Images
c:\program files\pdf architect 9\architect.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\psapi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
448"C:\ProgramData\PDF Architect 9\Installation\PDF_Architect_9_Installer.exe" /RegServerC:\ProgramData\PDF Architect 9\Installation\PDF_Architect_9_Installer.exearchitect-setup.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\programdata\pdf architect 9\installation\pdf_architect_9_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.3996_none_d954cb49e10154a6\gdiplus.dll
624"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2968 --field-trial-handle=2324,i,12272492492129207536,16701827548808368496,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
628"C:\Program Files\PDF Architect 9\creator-app.exe" -regserverC:\Program Files\PDF Architect 9\creator-app.exemsiexec.exe
User:
admin
Company:
Avanquest pdfforge GmbH
Integrity Level:
HIGH
Description:
PDF Architect 9
Exit code:
0
Version:
9.1.64.22946
Modules
Images
c:\program files\pdf architect 9\creator-app.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
848C:\Windows\System32\MsiExec.exe -Embedding 6B8A7B3819323F94B1F1100F96FE3760 E Global\MSI0000C:\Windows\System32\msiexec.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1144"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4672 --field-trial-handle=2092,i,2912176471354056634,15317564980994660353,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
1144"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=2324,i,12272492492129207536,16701827548808368496,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
1480"C:\Program Files\PDF Architect 9\architect-launcher.exe" --add-schedulerC:\Program Files\PDF Architect 9\architect-launcher.exemsiexec.exe
User:
admin
Company:
Avanquest pdfforge GmbH
Integrity Level:
HIGH
Description:
PDF Architect 9
Exit code:
0
Version:
9.1.64.22946
Modules
Images
c:\program files\pdf architect 9\architect-launcher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1888"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://paygw.pdfarchitect.org/redirect/install/PDF-Architect-9/?lang=en&uid=1006694&wid=6800&partner=architect_creator_seo&mkey2=B84E42DB-EA7C-4BEA-A683-5DEB6AF005C3&version=9.1.64.22946&configId=7337901D-7D94-481D-ABFC-4314E1698065&ii=B84E42DB-EA7C-4BEA-A683-5DEB6AF005C3&guid=B84E42DB-EA7C-4BEA-A683-5DEB6AF005C3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exearchitect-setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
1
Version:
122.0.2365.59
2160"C:\Program Files\PDF Architect 9\printer-installer-app.exe" -i "C:\Program Files\PDF Architect 9\"C:\Program Files\PDF Architect 9\printer-installer-app.exe
msiexec.exe
User:
admin
Company:
Avanquest pdfforge GmbH
Integrity Level:
HIGH
Description:
PDF Architect 9
Exit code:
0
Version:
9.1.64.22946
Modules
Images
c:\program files\pdf architect 9\printer-installer-app.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\pdf architect 9\encoding-conversion.dll
c:\program files\pdf architect 9\atom.dll
c:\program files\pdf architect 9\boost_program_options-vc143-mt-x64-1_85.dll
c:\program files\pdf architect 9\vcruntime140_1.dll
Total events
43 454
Read events
41 518
Write events
1 864
Delete events
72

Modification events

(PID) Process:(448) PDF_Architect_9_Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D3812FE5-F09C-475F-B0E0-26D4F76DDB80}
Operation:writeName:LaunchPermission
Value:
010014804C0000005C000000140000003000000002001C0001000000110014000400000001010000000000100010000002001C0001000000000014000B0000000101000000000001000000000102000000000005200000002002000001020000000000052000000020020000
(PID) Process:(448) PDF_Architect_9_Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D3812FE5-F09C-475F-B0E0-26D4F76DDB80}
Operation:writeName:AccessPermission
Value:
010014804C0000005C000000140000003000000002001C0001000000110014000400000001010000000000100010000002001C0001000000000014000B0000000101000000000001000000000102000000000005200000002002000001020000000000052000000020020000
(PID) Process:(448) PDF_Architect_9_Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0844C86B-623E-4E33-BEEB-F547ECCA9D4B}\LocalServer32
Operation:writeName:ServerExecutable
Value:
C:\ProgramData\PDF Architect 9\Installation\PDF_Architect_9_Installer.exe
(PID) Process:(448) PDF_Architect_9_Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0844C86B-623E-4E33-BEEB-F547ECCA9D4B}
Operation:writeName:LocalizedString
Value:
@%programdata%\PDF Architect 9\Installation\logs\analytics.dll,-127
(PID) Process:(448) PDF_Architect_9_Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0844C86B-623E-4E33-BEEB-F547ECCA9D4B}\Elevation
Operation:writeName:Enabled
Value:
1
(PID) Process:(448) PDF_Architect_9_Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0844C86B-623E-4E33-BEEB-F547ECCA9D4B}\Elevation
Operation:writeName:IconReference
Value:
@C:\ProgramData\PDF Architect 9\Installation\PDF_Architect_9_Installer.exe,-501
(PID) Process:(448) PDF_Architect_9_Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C76D62DC-F23F-4307-832D-3276A3D620BF}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(448) PDF_Architect_9_Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C76D62DC-F23F-4307-832D-3276A3D620BF}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(6848) architect-setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\PDF Architect 9
Operation:writeName:locale
Value:
en
(PID) Process:(6848) architect-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\PDF Architect 9
Operation:writeName:Common data
Value:
7B22636F6E746163745F656D61696C223A22636F6E74616374406176616E71756573742E636F6D222C22636F756E7472795F69736F32223A225553222C22444F574E4C4F41445F4C494E4B223A22646F776E6C6F6164392E7064666172636869746563742E6F72672F222C22706172616D73223A227569643D31303036363934267769643D3638303026706172746E65723D6172636869746563745F63726561746F725F73656F266D6B6579323D42383445343244422D454137432D344245412D413638332D354445423641463030354333222C22706172746E6572223A226172636869746563745F63726561746F725F73656F222C2272656469726563746F725F6C696E6B223A2268747470733A2F2F70617967772E7064666172636869746563742E6F72672F72656469726563742F222C22756964223A2231303036363934222C227369676E6174757265223A226B57793232596C707A676D524F55615154364B7A352B5A35624C454273784747504B7271464B53366B453531664177714679436E4A5A47595665734631705071724578646E6D5367567843686149526B4A506447737056675135393968366F4255482F684374793853496B7A7176753562626837755979726B48797737494F4647374F614831395854524D33497342512F73556D525A5735686E6D4B7574646E735850397731474E737A2B46315569534E485A444F3056533075417936664B644479344A68362B344470416B45512F2B5355507071374F5A614F3362775175516D654754637463395752527044665065584849686C4E526D784D59576D4E5241374B78415A71546B4667446B65794F4D6A464339336B7156765555595A384C7872696E58457538307A7151556970414142747877346B6E512B41502B5A4167327562354D4F3676745A77656854796F534150463636413D3D227D
Executable files
224
Suspicious files
1 044
Text files
233
Unknown types
8

Dropped files

PID
Process
Filename
Type
6848architect-setup.exeC:\ProgramData\PDF Architect 9\Installation\pdf-architect9-startup-9.1.64.22946-x64.msi
MD5:
SHA256:
5592msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
5592msiexec.exeC:\Windows\Installer\142067.msi
MD5:
SHA256:
5592msiexec.exeC:\Windows\Installer\MSI2D2A.tmp
MD5:
SHA256:
6848architect-setup.exeC:\ProgramData\PDF Architect 9\Installation\installer-cachetext
MD5:269ED1516F4CBCA762731897F177D506
SHA256:C22ABB63557C2A0145A71CB90F41B6B22E880A800890529185F23D371E313C2A
6848architect-setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8der
MD5:971C514F84BBA0785F80AA1C23EDFD79
SHA256:F157ED17FCAF8837FA82F8B69973848C9B10A02636848F995698212A08F31895
6848architect-setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12der
MD5:67E486B2F148A3FCA863728242B6273E
SHA256:FACAF1C3A4BF232ABCE19A2D534E495B0D3ADC7DBE3797D336249AA6F70ADCFB
6848architect-setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8binary
MD5:41D0EB6162A96F20E582B1886D7F87B6
SHA256:41E358B1CC9FF05DCFD800E454AB18B3C370A1F9994BA50E4D3F4B6848C3FE57
6848architect-setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12binary
MD5:10E7D23D2EE78E06D2EEAC8FEE993D13
SHA256:CF659A978819BC45C4FA552CEEF4764A69F2BB77F0BD87CA91D2300EEC15E3A0
6848architect-setup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141der
MD5:5A9F34D0BD7074D978BCA26EFEE83CEA
SHA256:266CF7F825C8ECA0893D2B344853F0A4FE06A48BF76FD2ED9B5C4CCFE9AB69BD
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
48
TCP/UDP connections
176
DNS requests
170
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4712
MoUsoCoreWorker.exe
GET
200
2.16.164.9:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1488
svchost.exe
GET
200
2.16.164.9:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.16.164.9:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1488
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
GET
200
142.250.185.131:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
GET
200
142.250.185.131:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4712
MoUsoCoreWorker.exe
2.16.164.9:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
1488
svchost.exe
2.16.164.9:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
2.16.164.9:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
4712
MoUsoCoreWorker.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
1488
svchost.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2.23.209.185:443
www.bing.com
Akamai International B.V.
GB
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 40.127.240.158
whitelisted
crl.microsoft.com
  • 2.16.164.9
  • 2.16.164.114
  • 2.16.164.49
whitelisted
www.microsoft.com
  • 88.221.169.152
  • 184.30.21.171
whitelisted
google.com
  • 142.250.185.142
whitelisted
www.bing.com
  • 2.23.209.185
  • 2.23.209.187
  • 2.23.209.176
  • 2.23.209.177
  • 2.23.209.189
  • 2.23.209.161
  • 2.23.209.179
  • 2.23.209.182
  • 2.23.209.193
  • 2.23.209.130
  • 2.23.209.148
  • 2.23.209.133
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 40.126.32.133
  • 40.126.32.74
  • 40.126.32.134
  • 20.190.160.22
  • 20.190.160.14
  • 40.126.32.76
  • 40.126.32.136
  • 40.126.32.72
whitelisted
wsgeoip.pdfarchitect.org
  • 104.22.30.211
  • 172.67.14.205
  • 104.22.31.211
whitelisted
c.pki.goog
  • 142.250.185.131
  • 142.250.185.227
whitelisted
api-updateservice.pdfarchitect.org
  • 104.22.30.211
  • 172.67.14.205
  • 104.22.31.211
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
architect-setup.exe