File name:

Reader_PDF_2024.exe

Full analysis: https://app.any.run/tasks/48106972-ac30-4c45-a78e-1aa0bf708664
Verdict: Malicious activity
Analysis date: October 18, 2024, 15:32:54
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
evasion
Indicators:
MIME: application/x-dosexec
File info: PE32+ executable (GUI) x86-64, for MS Windows
MD5:

F3597861327B985E3FD109C1BF44EDA1

SHA1:

587838A9242D3B8B063E07427FA95F900AA0842B

SHA256:

E8A8473C1E01688D370BBB1968B6361264C56A65DDBB31F8278AC618618F4EFA

SSDEEP:

196608:am0+sXNbPOoKMsNGqFzKj396q+a6plIQn1fWnDnZjGlGNSG4Qyyb4tBaElT2GVB9:ha7zKiIrCCvJJ3haR5B2

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Adds path to the Windows Defender exclusion list

      • Reader_PDF_2024.exe (PID: 5328)
      • chrome.exe (PID: 9184)

    • Uses Task Scheduler to run other applications

      • chrome.exe (PID: 8308)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Reader_PDF_2024.exe (PID: 6376)
      • Reader_PDF_2024.exe (PID: 5328)
      • chrome.exe (PID: 8308)

    • Reads security settings of Internet Explorer

      • Reader_PDF_2024.exe (PID: 6376)
      • Reader_br_install.exe (PID: 1700)

    • Application launched itself

      • Reader_PDF_2024.exe (PID: 6376)

    • Reads the date of Windows installation

      • Reader_PDF_2024.exe (PID: 6376)

    • Reads Internet Explorer settings

      • Reader_br_install.exe (PID: 1700)

    • Reads Microsoft Outlook installation path

      • Reader_br_install.exe (PID: 1700)

    • Script adds exclusion path to Windows Defender

      • Reader_PDF_2024.exe (PID: 5328)
      • chrome.exe (PID: 9184)

    • Starts POWERSHELL.EXE for commands execution

      • chrome.exe (PID: 9184)
      • Reader_PDF_2024.exe (PID: 5328)

    • Checks for external IP

      • svchost.exe (PID: 2172)
      • Reader_PDF_2024.exe (PID: 6376)
      • Reader_PDF_2024.exe (PID: 5328)

    • Executes as Windows Service

      • chrome.exe (PID: 8308)

    • Checks Windows Trust Settings

      • Reader_br_install.exe (PID: 1700)

  • INFO

    • Checks supported languages

      • Reader_PDF_2024.exe (PID: 6376)
      • Reader_br_install.exe (PID: 1700)
      • Reader_PDF_2024.exe (PID: 5328)

    • Reads product name

      • Reader_PDF_2024.exe (PID: 6376)
      • Reader_PDF_2024.exe (PID: 5328)

    • Create files in a temporary directory

      • Reader_PDF_2024.exe (PID: 6376)
      • Reader_br_install.exe (PID: 1700)
      • Reader_PDF_2024.exe (PID: 5328)

    • Reads Environment values

      • Reader_PDF_2024.exe (PID: 6376)
      • Reader_PDF_2024.exe (PID: 5328)

    • Reads the computer name

      • Reader_PDF_2024.exe (PID: 6376)
      • Reader_br_install.exe (PID: 1700)
      • Reader_PDF_2024.exe (PID: 5328)

    • The process uses the downloaded file

      • Reader_PDF_2024.exe (PID: 6376)
      • Reader_br_install.exe (PID: 1700)

    • Reads the machine GUID from the registry

      • Reader_br_install.exe (PID: 1700)

    • Application launched itself

      • msedge.exe (PID: 3700)
      • AcroCEF.exe (PID: 8144)
      • msedge.exe (PID: 1336)
      • Acrobat.exe (PID: 3004)

    • Reads the software policy settings

      • Reader_br_install.exe (PID: 1700)

    • Process checks computer location settings

      • Reader_PDF_2024.exe (PID: 6376)

    • Checks proxy server information

      • Reader_br_install.exe (PID: 1700)

    • Creates files or folders in the user directory

      • Reader_br_install.exe (PID: 1700)

    • Manual execution by a user

      • msedge.exe (PID: 1336)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2024:09:30 17:03:39+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.38
CodeSize: 26915840
InitializedDataSize: 24547840
UninitializedDataSize: -
EntryPoint: 0x196819c
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 2.0.0.790
ProductVersionNumber: 2.0.0.790
FileFlagsMask: 0x003f
FileFlags: Special build
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Microsoft
ProductName: Adobe Download Manager
FileDescription: Adobe Download Manager
FileVersion: 2.0.0.790
ProductVersion: 2.0.0.790
OriginalFileName: Adobe Download Manager
InternalName: Microsoft
LegalCopyright: Copyright 2019 Adobe Inc. All rights reserved.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
197
Monitored processes
68
Malicious processes
2
Suspicious processes
3

Behavior graph

Click at the process to see the details
start reader_pdf_2024.exe svchost.exe reader_pdf_2024.exe reader_br_install.exe msedge.exe no specs acrobat.exe acrobat.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs explorer.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe no specs acrocef.exe acrocef.exe no specs acrocef.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs acrocef.exe no specs identity_helper.exe no specs identity_helper.exe no specs acrocef.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs powershell.exe no specs conhost.exe no specs chrome.exe powershell.exe no specs conhost.exe no specs chrome.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs schtasks.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
944"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x294,0x298,0x29c,0x288,0x2a4,0x7ffbcb0c5fd8,0x7ffbcb0c5fe4,0x7ffbcb0c5ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1336"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate --single-argument https://get.adobe.com/reader/completion/adm/?exitcode=-1&type=install&preinstalled=1&workflow=64C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1344"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5092 --field-trial-handle=2332,i,10831553326507741891,17146688433300325836,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
1396"C:\WINDOWS\system32\explorer.exe"C:\Windows\SysWOW64\explorer.exeReader_br_install.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Explorer
Exit code:
0
Version:
10.0.19041.3758 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcp_win.dll
1572"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2556 --field-trial-handle=2416,i,4092720010963400406,13128493350794562187,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1576"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" --type=renderer /prefetch:1C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeAcrobat.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe Acrobat
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrobat.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1700C:\Users\admin\AppData\Local\Temp\Reader_br_install.exeC:\Users\admin\AppData\Local\Temp\Reader_br_install.exe
Reader_PDF_2024.exe
User:
admin
Company:
Adobe Inc
Integrity Level:
HIGH
Description:
Adobe Download Manager
Exit code:
0
Version:
2.0.0.790s
Modules
Images
c:\users\admin\appdata\local\temp\reader_br_install.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1952"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2500 --field-trial-handle=2332,i,10831553326507741891,17146688433300325836,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2172C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2236"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=gpu-process --log-severity=disable --user-agent-product="ReaderServices/23.1.20093 Chrome/105.0.0.0" --lang=en-US --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1556 --field-trial-handle=1580,i,7282098844513151281,13317981947860039740,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeAcroCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe AcroCEF
Exit code:
0
Version:
23.1.20093.0
Modules
Images
c:\program files\adobe\acrobat dc\acrobat\acrocef_1\acrocef.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
32 144
Read events
32 007
Write events
130
Delete events
7

Modification events

(PID) Process:(1700) Reader_br_install.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1700) Reader_br_install.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1700) Reader_br_install.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1700) Reader_br_install.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(3700) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3700) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(3700) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(3004) Acrobat.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-2034283098-2252572593-1072577386-2659511007-3245387615-27016815-3920691934
Operation:writeName:DisplayName
Value:
Adobe Acrobat Reader Protected Mode
(PID) Process:(3700) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(3700) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
3046814E58832F00
Executable files
7
Suspicious files
406
Text files
95
Unknown types
4

Dropped files

PID
Process
Filename
Type
6376Reader_PDF_2024.exeC:\Users\admin\AppData\Local\Temp\amd_64_browser.inf.resources_pi905f2cs0550a3a_7.2.22992.0_none_21yyw11db43e3187k\d1f6e50334a50a3f1f8e35e02d788ad9.nodeexecutable
MD5:D1F6E50334A50A3F1F8E35E02D788AD9
SHA256:B0E0C6AD80FCCC92A41F644AFE3AD1D7E4EBCAC9CAA94A9CCF4EAA0DEA2247E3
1700Reader_br_install.exeC:\Users\admin\AppData\Local\Temp\Adobe_ADMLogs\Adobe_ADM.logtext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
1700Reader_br_install.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419binary
MD5:DEDCC6BB4D39D0C12F8118F528A7D2F7
SHA256:EA83523770AA3093A277F19DBD61C3E29F217EE362FC441F8AE820134DD1F4AA
5328Reader_PDF_2024.exeC:\Users\admin\AppData\Local\Temp\Reader_br_install.exeexecutable
MD5:EACF7B2ABA850CF3D69D2A8830732FC2
SHA256:02F2FFBF79559EF7004AA33C8672871F6CE1B645776D128640BAA0090FE7906B
1700Reader_br_install.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\AH8CR9J5\p[1].gifimage
MD5:81144D75B3E69E9AA2FA3E9D83A64D03
SHA256:9B9265C69A5CC295D1AB0D04E0273B3677DB1A6216CE2CCF4EFC8C277ED84B39
6376Reader_PDF_2024.exeC:\Users\admin\AppData\Local\Temp\amd_64_browser.inf.resources_pi905f2cs0550a3a_7.2.22992.0_none_21yyw11db43e3187k\153a5d422243f7f95721f6c2c5de8c9d.nodeexecutable
MD5:153A5D422243F7F95721F6C2C5DE8C9D
SHA256:837CB201A460A44D025689218D3B0E588AE3EDBCD6AB11F415B147B5331CC843
1700Reader_br_install.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419der
MD5:C004F72EC608EB28E37765EBC2F7847E
SHA256:34822245A0D5750E34C2E98B261E6BFD68EE94EE44BEC5A836F8ADB483065372
1700Reader_br_install.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\AH8CR9J5\bxf0ivf[1].jstext
MD5:CFE609917C9E7D4EED2C80563DED171B
SHA256:AD84B43FFD121E46AC4D2FA817B5863E4802C523BC3FB5E864DB28B3DB0E2514
1700Reader_br_install.exeC:\Users\admin\AppData\Local\Temp\Adobe_ADMLogs\Adobe_GDE.logtext
MD5:F3B25701FE362EC84616A93A45CE9998
SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
1336msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF8ed08.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
39
TCP/UDP connections
161
DNS requests
131
Threats
92

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6376
Reader_PDF_2024.exe
GET
200
208.95.112.1:80
http://208.95.112.1:80/json
unknown
shared
5328
Reader_PDF_2024.exe
GET
200
208.95.112.1:80
http://208.95.112.1:80/json
unknown
shared
6384
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
8676
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1700
Reader_br_install.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2.16.164.120:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
104.126.37.137:443
www.bing.com
Akamai International B.V.
DE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6376
Reader_PDF_2024.exe
208.95.112.1:80
ip-api.com
TUT-AS
US
shared

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 4.231.128.59
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 2.16.164.120
  • 2.16.164.49
whitelisted
www.microsoft.com
  • 95.101.149.131
  • 184.30.21.171
whitelisted
www.bing.com
  • 104.126.37.137
  • 104.126.37.145
  • 104.126.37.154
  • 104.126.37.146
  • 104.126.37.131
  • 104.126.37.160
  • 104.126.37.130
  • 104.126.37.129
  • 104.126.37.161
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
google.com
  • 142.250.74.206
whitelisted
ip-api.com
  • 208.95.112.1
shared
login.live.com
  • 40.126.32.133
  • 40.126.32.138
  • 20.190.160.20
  • 40.126.32.68
  • 40.126.32.136
  • 40.126.32.140
  • 40.126.32.74
  • 40.126.32.134
whitelisted
purpleadapter.com.br
  • 89.117.72.231
unknown
th.bing.com
  • 104.126.37.129
  • 104.126.37.161
  • 104.126.37.137
  • 104.126.37.145
  • 104.126.37.154
  • 104.126.37.146
  • 104.126.37.131
  • 104.126.37.160
  • 104.126.37.130
whitelisted

Threats

PID
Process
Class
Message
2172
svchost.exe
Device Retrieving External IP Address Detected
INFO [ANY.RUN] External IP Check (ip-api .com)
2172
svchost.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (ip-api .com)
6376
Reader_PDF_2024.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ip-api.com
5328
Reader_PDF_2024.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ip-api.com
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ip-api.com
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ip-api.com
86 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Reader_PDF_2024.exe