File name:

AppSuites-PDF-1.0.28.exe

Full analysis: https://app.any.run/tasks/a217a729-67b8-45b5-901b-9ee773fab393
Verdict: Malicious activity
Analysis date: August 21, 2025, 07:57:06
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto-reg
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

56FFF546CE738E76884611CA49C5751C

SHA1:

21DF00AC8BF8BAA1111F3FC564D27A9EABF0F097

SHA256:

DA3C6EC20A006EC4B289A90488F824F0F72098A2F5C2D3F37D7A2D4A83B344A0

SSDEEP:

786432:da7wDWHAgZZspLEW45L7Xvnu7ZliYqB51zc80a3bzk9SSr:EJgEW4ZvnUziY0Nc80aXkgo

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • AppSuites-PDF-1.0.28.exe (PID: 888)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • AppSuites-PDF-1.0.28.exe (PID: 888)

    • Reads security settings of Internet Explorer

      • AppSuites-PDF-1.0.28.exe (PID: 888)
      • PDF Editor.exe (PID: 3092)

    • The process creates files with name similar to system file names

      • AppSuites-PDF-1.0.28.exe (PID: 888)

    • Drops 7-zip archiver for unpacking

      • AppSuites-PDF-1.0.28.exe (PID: 888)

    • Process drops legitimate windows executable

      • AppSuites-PDF-1.0.28.exe (PID: 888)

    • Creates a software uninstall entry

      • AppSuites-PDF-1.0.28.exe (PID: 888)

    • There is functionality for taking screenshot (YARA)

      • AppSuites-PDF-1.0.28.exe (PID: 888)

    • Application launched itself

      • PDF Editor.exe (PID: 3092)
      • PDF Editor.exe (PID: 4700)

  • INFO

    • Reads the computer name

      • AppSuites-PDF-1.0.28.exe (PID: 888)
      • PDF Editor.exe (PID: 3092)
      • PDF Editor.exe (PID: 1336)
      • PDF Editor.exe (PID: 3756)
      • PDF Editor.exe (PID: 4700)

    • The sample compiled with english language support

      • AppSuites-PDF-1.0.28.exe (PID: 888)

    • Creates files or folders in the user directory

      • AppSuites-PDF-1.0.28.exe (PID: 888)
      • PDF Editor.exe (PID: 3092)
      • PDF Editor.exe (PID: 3756)
      • PDF Editor.exe (PID: 4700)

    • Checks supported languages

      • AppSuites-PDF-1.0.28.exe (PID: 888)
      • PDF Editor.exe (PID: 3092)
      • PDF Editor.exe (PID: 1336)
      • PDF Editor.exe (PID: 4676)
      • PDF Editor.exe (PID: 4700)
      • PDF Editor.exe (PID: 6668)
      • PDF Editor.exe (PID: 3756)

    • Create files in a temporary directory

      • AppSuites-PDF-1.0.28.exe (PID: 888)
      • PDF Editor.exe (PID: 3092)

    • Launching a file from a Registry key

      • AppSuites-PDF-1.0.28.exe (PID: 888)

    • Checks proxy server information

      • PDF Editor.exe (PID: 3092)
      • PDF Editor.exe (PID: 4700)
      • slui.exe (PID: 3392)

    • Manual execution by a user

      • PDF Editor.exe (PID: 3092)
      • PDF Editor.exe (PID: 4700)

    • Reads the machine GUID from the registry

      • PDF Editor.exe (PID: 3092)
      • PDF Editor.exe (PID: 4700)

    • Process checks computer location settings

      • PDF Editor.exe (PID: 4676)
      • PDF Editor.exe (PID: 3092)

    • Reads the software policy settings

      • slui.exe (PID: 3392)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:12:15 22:26:14+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 473088
UninitializedDataSize: 16384
EntryPoint: 0x338f
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.28.0
ProductVersionNumber: 1.0.28.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: AppSuite
FileDescription: PDF EDITOR BY APPSUITE
FileVersion: 1.0.28
LegalCopyright: Copyright © 2025 AppSuite
ProductName: PDF Editor
ProductVersion: 1.0.28
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
140
Monitored processes
9
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start appsuites-pdf-1.0.28.exe pdf editor.exe pdf editor.exe no specs pdf editor.exe pdf editor.exe no specs pdf editor.exe no specs pdf editor.exe no specs pdf editor.exe no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
888"C:\Users\admin\AppData\Local\Temp\AppSuites-PDF-1.0.28.exe" C:\Users\admin\AppData\Local\Temp\AppSuites-PDF-1.0.28.exe
explorer.exe
User:
admin
Company:
AppSuite
Integrity Level:
MEDIUM
Description:
PDF EDITOR BY APPSUITE
Exit code:
0
Version:
1.0.28
Modules
Images
c:\users\admin\appdata\local\temp\appsuites-pdf-1.0.28.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1336"C:\Users\admin\AppData\Local\Programs\PDFEditor\PDF Editor.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Roaming\PDF Editor" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1892 --field-trial-handle=1900,i,4765783375625725313,5619242930720668192,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2C:\Users\admin\AppData\Local\Programs\PDFEditor\PDF Editor.exePDF Editor.exe
User:
admin
Company:
AppSuite
Integrity Level:
LOW
Description:
PDF Editor
Version:
1.0.28
Modules
Images
c:\users\admin\appdata\local\programs\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3092"C:\Users\admin\AppData\Local\Programs\PDFEditor\PDF Editor.exe" C:\Users\admin\AppData\Local\Programs\PDFEditor\PDF Editor.exe
explorer.exe
User:
admin
Company:
AppSuite
Integrity Level:
MEDIUM
Description:
PDF Editor
Version:
1.0.28
Modules
Images
c:\users\admin\appdata\local\programs\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\combase.dll
3392C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
3756"C:\Users\admin\AppData\Local\Programs\PDFEditor\PDF Editor.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Roaming\PDF Editor" --mojo-platform-channel-handle=2000 --field-trial-handle=1900,i,4765783375625725313,5619242930720668192,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8C:\Users\admin\AppData\Local\Programs\PDFEditor\PDF Editor.exe
PDF Editor.exe
User:
admin
Company:
AppSuite
Integrity Level:
MEDIUM
Description:
PDF Editor
Version:
1.0.28
Modules
Images
c:\users\admin\appdata\local\programs\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4100"C:\Users\admin\AppData\Local\Programs\PDFEditor\PDF Editor.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Roaming\PDF Editor" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1720 --field-trial-handle=1732,i,11216719128735328244,15525720295328764489,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2C:\Users\admin\AppData\Local\Programs\PDFEditor\PDF Editor.exePDF Editor.exe
User:
admin
Company:
AppSuite
Integrity Level:
LOW
Description:
PDF Editor
Exit code:
0
Version:
1.0.28
Modules
Images
c:\users\admin\appdata\local\programs\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
4676"C:\Users\admin\AppData\Local\Programs\PDFEditor\PDF Editor.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\PDF Editor" --app-path="C:\Users\admin\AppData\Local\Programs\PDFEditor\resources\app" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3004 --field-trial-handle=1900,i,4765783375625725313,5619242930720668192,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1C:\Users\admin\AppData\Local\Programs\PDFEditor\PDF Editor.exePDF Editor.exe
User:
admin
Company:
AppSuite
Integrity Level:
LOW
Description:
PDF Editor
Version:
1.0.28
Modules
Images
c:\users\admin\appdata\local\programs\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
4700"C:\Users\admin\AppData\Local\Programs\PDFEditor\PDF Editor.exe" --cm=--fullupdateC:\Users\admin\AppData\Local\Programs\PDFEditor\PDF Editor.exeexplorer.exe
User:
admin
Company:
AppSuite
Integrity Level:
MEDIUM
Description:
PDF Editor
Exit code:
0
Version:
1.0.28
Modules
Images
c:\users\admin\appdata\local\programs\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\pdfeditor\ffmpeg.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6668"C:\Users\admin\AppData\Local\Programs\PDFEditor\PDF Editor.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Roaming\PDF Editor" --mojo-platform-channel-handle=1848 --field-trial-handle=1732,i,11216719128735328244,15525720295328764489,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8C:\Users\admin\AppData\Local\Programs\PDFEditor\PDF Editor.exePDF Editor.exe
User:
admin
Company:
AppSuite
Integrity Level:
MEDIUM
Description:
PDF Editor
Exit code:
0
Version:
1.0.28
Modules
Images
c:\users\admin\appdata\local\programs\pdfeditor\pdf editor.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
Total events
9 713
Read events
9 518
Write events
168
Delete events
27

Modification events

(PID) Process:(888) AppSuites-PDF-1.0.28.exeKey:HKEY_CURRENT_USER\SOFTWARE\PDFEditor
Operation:writeName:InstallVersion
Value:
1.0.28
(PID) Process:(888) AppSuites-PDF-1.0.28.exeKey:HKEY_CURRENT_USER\SOFTWARE\e0b05d7f-6bca-50e8-b129-1157af44ea69
Operation:writeName:InstallLocation
Value:
C:\Users\admin\AppData\Local\Programs\PDFEditor
(PID) Process:(888) AppSuites-PDF-1.0.28.exeKey:HKEY_CURRENT_USER\SOFTWARE\e0b05d7f-6bca-50e8-b129-1157af44ea69
Operation:writeName:KeepShortcuts
Value:
true
(PID) Process:(888) AppSuites-PDF-1.0.28.exeKey:HKEY_CURRENT_USER\SOFTWARE\e0b05d7f-6bca-50e8-b129-1157af44ea69
Operation:writeName:ShortcutName
Value:
PDF Editor
(PID) Process:(888) AppSuites-PDF-1.0.28.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e0b05d7f-6bca-50e8-b129-1157af44ea69
Operation:writeName:DisplayName
Value:
PDF Editor 1.0.28
(PID) Process:(888) AppSuites-PDF-1.0.28.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e0b05d7f-6bca-50e8-b129-1157af44ea69
Operation:writeName:UninstallString
Value:
"C:\Users\admin\AppData\Local\Programs\PDFEditor\Uninstall PDF Editor.exe" /currentuser
(PID) Process:(888) AppSuites-PDF-1.0.28.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e0b05d7f-6bca-50e8-b129-1157af44ea69
Operation:writeName:QuietUninstallString
Value:
"C:\Users\admin\AppData\Local\Programs\PDFEditor\Uninstall PDF Editor.exe" /currentuser /S
(PID) Process:(888) AppSuites-PDF-1.0.28.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e0b05d7f-6bca-50e8-b129-1157af44ea69
Operation:writeName:DisplayVersion
Value:
1.0.28
(PID) Process:(888) AppSuites-PDF-1.0.28.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e0b05d7f-6bca-50e8-b129-1157af44ea69
Operation:writeName:DisplayIcon
Value:
C:\Users\admin\AppData\Local\Programs\PDFEditor\uninstallerIcon.ico
(PID) Process:(888) AppSuites-PDF-1.0.28.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e0b05d7f-6bca-50e8-b129-1157af44ea69
Operation:writeName:Publisher
Value:
AppSuite
Executable files
32
Suspicious files
584
Text files
154
Unknown types
0

Dropped files

PID
Process
Filename
Type
888AppSuites-PDF-1.0.28.exeC:\Users\admin\AppData\Local\Temp\nsx5A4.tmp\app-64.7z
MD5:
SHA256:
888AppSuites-PDF-1.0.28.exeC:\Users\admin\AppData\Local\Temp\nsx5A4.tmp\7z-out\icudtl.dat
MD5:
SHA256:
888AppSuites-PDF-1.0.28.exeC:\Users\admin\AppData\Local\Temp\nsx5A4.tmp\7z-out\LICENSES.chromium.html
MD5:
SHA256:
888AppSuites-PDF-1.0.28.exeC:\Users\admin\AppData\Local\Temp\nsx5A4.tmp\StdUtils.dllexecutable
MD5:C6A6E03F77C313B267498515488C5740
SHA256:B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E
888AppSuites-PDF-1.0.28.exeC:\Users\admin\AppData\Local\Temp\nsx5A4.tmp\7z-out\locales\ca.pakbinary
MD5:D193A3AC614F64F4754C9DF5CF00E880
SHA256:4ECFA3785AB52564E0BD7DDA04D59A30163561588A04F3BD1B1B71DE051D2C53
888AppSuites-PDF-1.0.28.exeC:\Users\admin\AppData\Local\Temp\nsx5A4.tmp\nsis7z.dllexecutable
MD5:80E44CE4895304C6A3A831310FBF8CD0
SHA256:B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592
888AppSuites-PDF-1.0.28.exeC:\Users\admin\AppData\Local\Temp\nsx5A4.tmp\nsExec.dllexecutable
MD5:EC0504E6B8A11D5AAD43B296BEEB84B2
SHA256:5D9CEB1CE5F35AEA5F9E5A0C0EDEEEC04DFEFE0C77890C80C70E98209B58B962
888AppSuites-PDF-1.0.28.exeC:\Users\admin\AppData\Local\Temp\nsx5A4.tmp\7z-out\chrome_200_percent.pakbinary
MD5:47668AC5038E68A565E0A9243DF3C9E5
SHA256:FAC820A98B746A04CE14EC40C7268D6A58819133972B538F9720A5363C862E32
888AppSuites-PDF-1.0.28.exeC:\Users\admin\AppData\Local\Programs\PDFEditor\uninstallerIcon.icoimage
MD5:EABBAFF75F3E97495CD15A7839CE6D1E
SHA256:1CBCD1ACCDAFF2F0EA2A690E38B435A2F422412A1210FA8E90B2D3685791C7E5
888AppSuites-PDF-1.0.28.exeC:\Users\admin\AppData\Local\Temp\nsx5A4.tmp\7z-out\chrome_100_percent.pakbinary
MD5:4FC6564B727BAA5FECF6BF3F6116CC64
SHA256:B7805392BFCE11118165E3A4E747AC0CA515E4E0CEADAB356D685575F6AA45FB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
43
DNS requests
37
Threats
6

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
23.216.77.42:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7156
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6812
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6812
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
2940
svchost.exe
GET
200
104.76.201.34:80
http://x1.c.lencr.org/
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
23.216.77.42:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
5944
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
7156
svchost.exe
20.190.159.0:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
7156
svchost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
6812
SIHClient.exe
74.178.240.61:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6812
SIHClient.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.124.78.146
  • 4.231.128.59
whitelisted
google.com
  • 142.250.186.142
whitelisted
crl.microsoft.com
  • 23.216.77.42
  • 23.216.77.28
  • 23.216.77.25
  • 23.216.77.8
  • 23.216.77.36
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
login.live.com
  • 20.190.159.0
  • 20.190.159.73
  • 40.126.31.0
  • 20.190.159.128
  • 20.190.159.129
  • 20.190.159.130
  • 20.190.159.4
  • 40.126.31.129
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
slscr.update.microsoft.com
  • 74.178.240.61
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.242.39.171
whitelisted
appsuites.ai
  • 13.32.99.70
  • 13.32.99.44
  • 13.32.99.25
  • 13.32.99.9
unknown
pdf-tool.appsuites.ai
  • 18.66.102.11
  • 18.66.102.108
  • 18.66.102.50
  • 18.66.102.18
malicious

Threats

PID
Process
Class
Message
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
AppSuites-PDF-1.0.28.exe