File name:

Reader_PDF_2024.exe

Full analysis: https://app.any.run/tasks/48106972-ac30-4c45-a78e-1aa0bf708664
Verdict: Malicious activity
Analysis date: October 18, 2024, 15:32:54
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
evasion
Indicators:
MIME: application/x-dosexec
File info: PE32+ executable (GUI) x86-64, for MS Windows
MD5:

F3597861327B985E3FD109C1BF44EDA1

SHA1:

587838A9242D3B8B063E07427FA95F900AA0842B

SHA256:

E8A8473C1E01688D370BBB1968B6361264C56A65DDBB31F8278AC618618F4EFA

SSDEEP:

196608:am0+sXNbPOoKMsNGqFzKj396q+a6plIQn1fWnDnZjGlGNSG4Qyyb4tBaElT2GVB9:ha7zKiIrCCvJJ3haR5B2

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Adds path to the Windows Defender exclusion list

      • Reader_PDF_2024.exe (PID: 5328)
      • chrome.exe (PID: 9184)

    • Uses Task Scheduler to run other applications

      • chrome.exe (PID: 8308)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • Reader_PDF_2024.exe (PID: 6376)
      • Reader_br_install.exe (PID: 1700)

    • Application launched itself

      • Reader_PDF_2024.exe (PID: 6376)

    • Executable content was dropped or overwritten

      • Reader_PDF_2024.exe (PID: 6376)
      • Reader_PDF_2024.exe (PID: 5328)
      • chrome.exe (PID: 8308)

    • Reads the date of Windows installation

      • Reader_PDF_2024.exe (PID: 6376)

    • Checks Windows Trust Settings

      • Reader_br_install.exe (PID: 1700)

    • Reads Microsoft Outlook installation path

      • Reader_br_install.exe (PID: 1700)

    • Script adds exclusion path to Windows Defender

      • Reader_PDF_2024.exe (PID: 5328)
      • chrome.exe (PID: 9184)

    • Reads Internet Explorer settings

      • Reader_br_install.exe (PID: 1700)

    • Starts POWERSHELL.EXE for commands execution

      • Reader_PDF_2024.exe (PID: 5328)
      • chrome.exe (PID: 9184)

    • Checks for external IP

      • svchost.exe (PID: 2172)
      • Reader_PDF_2024.exe (PID: 6376)
      • Reader_PDF_2024.exe (PID: 5328)

    • Executes as Windows Service

      • chrome.exe (PID: 8308)

  • INFO

    • Reads Environment values

      • Reader_PDF_2024.exe (PID: 6376)
      • Reader_PDF_2024.exe (PID: 5328)

    • Reads product name

      • Reader_PDF_2024.exe (PID: 6376)
      • Reader_PDF_2024.exe (PID: 5328)

    • Checks supported languages

      • Reader_PDF_2024.exe (PID: 6376)
      • Reader_br_install.exe (PID: 1700)
      • Reader_PDF_2024.exe (PID: 5328)

    • Create files in a temporary directory

      • Reader_PDF_2024.exe (PID: 6376)
      • Reader_PDF_2024.exe (PID: 5328)
      • Reader_br_install.exe (PID: 1700)

    • Reads the computer name

      • Reader_PDF_2024.exe (PID: 6376)
      • Reader_PDF_2024.exe (PID: 5328)
      • Reader_br_install.exe (PID: 1700)

    • The process uses the downloaded file

      • Reader_PDF_2024.exe (PID: 6376)
      • Reader_br_install.exe (PID: 1700)

    • Process checks computer location settings

      • Reader_PDF_2024.exe (PID: 6376)

    • Creates files or folders in the user directory

      • Reader_br_install.exe (PID: 1700)

    • Checks proxy server information

      • Reader_br_install.exe (PID: 1700)

    • Application launched itself

      • Acrobat.exe (PID: 3004)
      • msedge.exe (PID: 1336)
      • msedge.exe (PID: 3700)
      • AcroCEF.exe (PID: 8144)

    • Reads the software policy settings

      • Reader_br_install.exe (PID: 1700)

    • Manual execution by a user

      • msedge.exe (PID: 1336)

    • Reads the machine GUID from the registry

      • Reader_br_install.exe (PID: 1700)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2024:09:30 17:03:39+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.38
CodeSize: 26915840
InitializedDataSize: 24547840
UninitializedDataSize: -
EntryPoint: 0x196819c
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 2.0.0.790
ProductVersionNumber: 2.0.0.790
FileFlagsMask: 0x003f
FileFlags: Special build
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Microsoft
ProductName: Adobe Download Manager
FileDescription: Adobe Download Manager
FileVersion: 2.0.0.790
ProductVersion: 2.0.0.790
OriginalFileName: Adobe Download Manager
InternalName: Microsoft
LegalCopyright: Copyright 2019 Adobe Inc. All rights reserved.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
197
Monitored processes
68
Malicious processes
2
Suspicious processes
3

Behavior graph

Click at the process to see the details
start reader_pdf_2024.exe svchost.exe reader_pdf_2024.exe reader_br_install.exe msedge.exe no specs acrobat.exe acrobat.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs explorer.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe acrocef.exe no specs acrocef.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs acrocef.exe no specs identity_helper.exe no specs identity_helper.exe no specs acrocef.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs powershell.exe no specs conhost.exe no specs chrome.exe powershell.exe no specs conhost.exe no specs chrome.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs schtasks.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
944"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x294,0x298,0x29c,0x288,0x2a4,0x7ffbcb0c5fd8,0x7ffbcb0c5fe4,0x7ffbcb0c5ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1336"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate --single-argument https://get.adobe.com/reader/completion/adm/?exitcode=-1&type=install&preinstalled=1&workflow=64C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1344"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5092 --field-trial-handle=2332,i,10831553326507741891,17146688433300325836,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
1396"C:\WINDOWS\system32\explorer.exe"C:\Windows\SysWOW64\explorer.exeReader_br_install.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Explorer
Exit code:
0
Version:
10.0.19041.3758 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcp_win.dll
1572"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2556 --field-trial-handle=2416,i,4092720010963400406,13128493350794562187,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1576"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" --type=renderer /prefetch:1C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeAcrobat.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe Acrobat
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrobat.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1700C:\Users\admin\AppData\Local\Temp\Reader_br_install.exeC:\Users\admin\AppData\Local\Temp\Reader_br_install.exe
Reader_PDF_2024.exe
User:
admin
Company:
Adobe Inc
Integrity Level:
HIGH
Description:
Adobe Download Manager
Exit code:
0
Version:
2.0.0.790s
Modules
Images
c:\users\admin\appdata\local\temp\reader_br_install.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1952"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2500 --field-trial-handle=2332,i,10831553326507741891,17146688433300325836,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2172C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2236"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=gpu-process --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --lang=en-US --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1556 --field-trial-handle=1580,i,7282098844513151281,13317981947860039740,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Exit code:
0
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
32 144
Read events
32 007
Write events
130
Delete events
7

Modification events

(PID) Process:(1700) Reader_br_install.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1700) Reader_br_install.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1700) Reader_br_install.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1700) Reader_br_install.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(3700) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3700) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(3700) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(3004) Acrobat.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-2034283098-2252572593-1072577386-2659511007-3245387615-27016815-3920691934
Operation:writeName:DisplayName
Value:
Adobe Acrobat Reader Protected Mode
(PID) Process:(3700) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(3700) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
3046814E58832F00
Executable files
7
Suspicious files
406
Text files
95
Unknown types
4

Dropped files

PID
Process
Filename
Type
1700Reader_br_install.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\d[1]binary
MD5:DF0CD5EDE266E9EA694C3D28209FCE9F
SHA256:5ECD3C64E4C0D1A51D13E2762BECB9E7DA2ACD30D670058A6B16761BE3E017DB
3700msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Variationsbinary
MD5:A34EC9C59051B8FBF03B12C026F7100D
SHA256:B20CA4589C8F379B43C13AE0409461361BB90CECB1DEE885333C0EE1D066E862
1700Reader_br_install.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419binary
MD5:DEDCC6BB4D39D0C12F8118F528A7D2F7
SHA256:EA83523770AA3093A277F19DBD61C3E29F217EE362FC441F8AE820134DD1F4AA
1700Reader_br_install.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\E4DJRUXW\d[1]woff
MD5:EE10AE517D40542F597A9E0E2852B52B
SHA256:ED1815F9829E1F6A710FCDC182613F614F4887E39281E095360BEEC1CCC72348
1700Reader_br_install.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\E4DJRUXW\d[2]binary
MD5:590A9EEBC0AC0BA776529CBA1D5B718A
SHA256:28195F698F74D701F5B253495756F7ECD70C50047C1F795952587E6F3E742B19
3700msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Last Versiontext
MD5:C7E2197BAE099B13BBB3ADEB1433487D
SHA256:3460EEAF45D581DD43A6E4E17AF8102DDAFF5AEAA88B10099527CF85211629E9
6376Reader_PDF_2024.exeC:\Users\admin\AppData\Local\Temp\amd_64_browser.inf.resources_pi905f2cs0550a3a_7.2.22992.0_none_21yyw11db43e3187k\d1f6e50334a50a3f1f8e35e02d788ad9.nodeexecutable
MD5:D1F6E50334A50A3F1F8E35E02D788AD9
SHA256:B0E0C6AD80FCCC92A41F644AFE3AD1D7E4EBCAC9CAA94A9CCF4EAA0DEA2247E3
3700msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datbinary
MD5:1E9E15EF6E531C4557100F20C9C76F01
SHA256:46CB063CC268B69B172660F166C4394D5B4EDD802388B3EC16766DEBDB9F86C3
1700Reader_br_install.exeC:\Users\admin\AppData\Local\Temp\Adobe_ADMLogs\Adobe_GDE.logtext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
1336msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF8ed08.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
39
TCP/UDP connections
161
DNS requests
131
Threats
92

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6376
Reader_PDF_2024.exe
GET
200
208.95.112.1:80
http://208.95.112.1:80/json
unknown
shared
6384
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5328
Reader_PDF_2024.exe
GET
200
208.95.112.1:80
http://208.95.112.1:80/json
unknown
shared
1700
Reader_br_install.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
whitelisted
6296
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2.16.164.120:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
104.126.37.137:443
www.bing.com
Akamai International B.V.
DE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6376
Reader_PDF_2024.exe
208.95.112.1:80
ip-api.com
TUT-AS
US
shared

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 4.231.128.59
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 2.16.164.120
  • 2.16.164.49
whitelisted
www.microsoft.com
  • 95.101.149.131
  • 184.30.21.171
whitelisted
www.bing.com
  • 104.126.37.137
  • 104.126.37.145
  • 104.126.37.154
  • 104.126.37.146
  • 104.126.37.131
  • 104.126.37.160
  • 104.126.37.130
  • 104.126.37.129
  • 104.126.37.161
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
google.com
  • 142.250.74.206
whitelisted
ip-api.com
  • 208.95.112.1
shared
login.live.com
  • 40.126.32.133
  • 40.126.32.138
  • 20.190.160.20
  • 40.126.32.68
  • 40.126.32.136
  • 40.126.32.140
  • 40.126.32.74
  • 40.126.32.134
whitelisted
purpleadapter.com.br
  • 89.117.72.231
unknown
th.bing.com
  • 104.126.37.129
  • 104.126.37.161
  • 104.126.37.137
  • 104.126.37.145
  • 104.126.37.154
  • 104.126.37.146
  • 104.126.37.131
  • 104.126.37.160
  • 104.126.37.130
whitelisted

Threats

PID
Process
Class
Message
2172
svchost.exe
Device Retrieving External IP Address Detected
INFO [ANY.RUN] External IP Check (ip-api .com)
2172
svchost.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com)
6376
Reader_PDF_2024.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ip-api.com
5328
Reader_PDF_2024.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ip-api.com
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ip-api.com
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ip-api.com
86 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Reader_PDF_2024.exe