File name:

AppSuite-PDF.msi

Full analysis: https://app.any.run/tasks/2dca7f00-c4c1-45af-b650-437c08630bcc
Verdict: Malicious activity
Analysis date: August 05, 2025, 23:51:17
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
generated-doc
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: PDF Editor 1.0.28.0, Author: user, Keywords: Installer, Comments: This installer database contains the logic and data required to install PDF Editor., Template: Intel;1033, Revision Number: {E2E39B2A-AF8E-45C8-9DB7-ED849583C3EC}, Create Time/Date: Tue Jul 15 04:40:06 2025, Last Saved Time/Date: Tue Jul 15 04:40:06 2025, Number of Pages: 200, Number of Words: 10, Name of Creating Application: WiX Toolset (5.0.2.0), Security: 2
MD5:

213ECA72F00563FA2ED788A1212C67E0

SHA1:

1B77BEEDB0B99BF5430C1A18315302399D07812C

SHA256:

FDE67BA523B2C1E517D679AD4EAF87925C6BBF2F171B9212462DC9A855FAA34B

SSDEEP:

98304:7a/8rG+Wj9FLEMN/2q/4pL51eLFfFQGZpbiGXR3Kr6BLqIgCDBww3ra/8rGQuJKK:a0

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • PDFEditorSetup.exe (PID: 1800)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 1212)
      • PDFEditorSetup.exe (PID: 1800)
      • PDF Editor.exe (PID: 7396)

    • The process creates files with name similar to system file names

      • PDFEditorSetup.exe (PID: 1800)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • PDFEditorSetup.exe (PID: 1800)

    • Drops 7-zip archiver for unpacking

      • PDFEditorSetup.exe (PID: 1800)

    • Executable content was dropped or overwritten

      • PDFEditorSetup.exe (PID: 1800)

    • There is functionality for taking screenshot (YARA)

      • PDFEditorSetup.exe (PID: 1800)

    • Process drops legitimate windows executable

      • PDFEditorSetup.exe (PID: 1800)

    • Creates a software uninstall entry

      • PDFEditorSetup.exe (PID: 1800)

    • Application launched itself

      • PDF Editor.exe (PID: 7396)

  • INFO

    • An automatically generated document

      • msiexec.exe (PID: 1392)

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 1392)

    • Checks supported languages

      • msiexec.exe (PID: 7052)
      • msiexec.exe (PID: 1212)
      • PDFEditorSetup.exe (PID: 1800)
      • PDF Editor.exe (PID: 7396)
      • PDF Editor.exe (PID: 7704)
      • PDF Editor.exe (PID: 7540)
      • PDF Editor.exe (PID: 7532)

    • Reads the software policy settings

      • msiexec.exe (PID: 1392)
      • msiexec.exe (PID: 1212)

    • Checks proxy server information

      • msiexec.exe (PID: 1392)
      • msiexec.exe (PID: 1212)
      • PDF Editor.exe (PID: 7396)

    • Reads the computer name

      • msiexec.exe (PID: 7052)
      • msiexec.exe (PID: 1212)
      • PDFEditorSetup.exe (PID: 1800)
      • PDF Editor.exe (PID: 7396)
      • PDF Editor.exe (PID: 7532)
      • PDF Editor.exe (PID: 7540)

    • Create files in a temporary directory

      • msiexec.exe (PID: 1392)
      • msiexec.exe (PID: 1212)
      • PDFEditorSetup.exe (PID: 1800)
      • PDF Editor.exe (PID: 7396)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 1392)
      • PDFEditorSetup.exe (PID: 1800)
      • PDF Editor.exe (PID: 7396)
      • PDF Editor.exe (PID: 7540)

    • Disables trace logs

      • msiexec.exe (PID: 1212)

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 1212)
      • PDF Editor.exe (PID: 7396)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 1392)
      • msiexec.exe (PID: 1212)

    • Process checks computer location settings

      • msiexec.exe (PID: 1212)
      • PDF Editor.exe (PID: 7396)
      • PDF Editor.exe (PID: 7704)

    • The sample compiled with english language support

      • PDFEditorSetup.exe (PID: 1800)

    • Application launched itself

      • firefox.exe (PID: 1636)
      • firefox.exe (PID: 4172)

    • Reads Microsoft Office registry keys

      • firefox.exe (PID: 4172)

    • Manual execution by a user

      • firefox.exe (PID: 1636)
      • PDF Editor.exe (PID: 7396)

    • Launching a file from a Registry key

      • PDFEditorSetup.exe (PID: 1800)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Windows Installer (98.5)
.msi | Microsoft Installer (100)

EXIF

FlashPix

CodePage: Windows Latin 1 (Western European)
Title: Installation Database
Subject: PDF Editor 1.0.28.0
Author: user
Keywords: Installer
Comments: This installer database contains the logic and data required to install PDF Editor.
Template: Intel;1033
RevisionNumber: {E2E39B2A-AF8E-45C8-9DB7-ED849583C3EC}
CreateDate: 2025:07:15 04:40:06
ModifyDate: 2025:07:15 04:40:06
Pages: 200
Words: 10
Software: WiX Toolset (5.0.2.0)
Security: Read-only recommended
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
154
Monitored processes
22
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start msiexec.exe msiexec.exe no specs msiexec.exe pdfeditorsetup.exe firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs pdf editor.exe pdf editor.exe no specs pdf editor.exe pdf editor.exe no specs slui.exe no specs firefox.exe no specs svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
892"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 2364 -prefsLen 39068 -prefMapHandle 5076 -prefMapSize 272997 -jsInitHandle 5052 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 2272 -initialChannelId {3f476321-8734-430e-98a6-34bec83ac94a} -parentPid 4172 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4172" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\msvcp140.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
1212C:\Windows\syswow64\MsiExec.exe -Embedding BC8CC34595696E348CF0C2694EFBC05F UC:\Windows\SysWOW64\msiexec.exe
msiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
1392"C:\Windows\System32\msiexec.exe" /i C:\Users\admin\AppData\Local\Temp\AppSuite-PDF.msiC:\Windows\System32\msiexec.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
1602
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1636"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\firefox.exeexplorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\windows\system32\bcrypt.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\windows\system32\crypt32.dll
1800"C:\Users\admin\PDFEditor\PDFEditorSetup.exe" --force-run /S /D="C:\Users\admin\PDFEditor"C:\Users\admin\PDFEditor\PDFEditorSetup.exe
msiexec.exe
User:
admin
Company:
AppSuite
Integrity Level:
MEDIUM
Description:
PDF EDITOR BY APPSUITE
Exit code:
0
Version:
1.0.28
Modules
Images
c:\users\admin\pdfeditor\pdfeditorsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
2032"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250227124745 -prefsHandle 1992 -prefsLen 36520 -prefMapHandle 1996 -prefMapSize 272997 -ipcHandle 2056 -initialChannelId {ef01dd52-495e-4674-84a1-fdd2311774d5} -parentPid 4172 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4172" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\vcruntime140_1.dll
2200C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2220"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5280 -prefsLen 39068 -prefMapHandle 5284 -prefMapSize 272997 -jsInitHandle 5288 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 5240 -initialChannelId {2cccff94-867d-498b-b65e-2e939df55498} -parentPid 4172 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4172" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
3932"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3232 -prefsLen 36996 -prefMapHandle 3236 -prefMapSize 272997 -jsInitHandle 3240 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 3248 -initialChannelId {c659b972-e74c-4b1f-abc6-3d550f7a49ab} -parentPid 4172 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4172" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\msvcp140.dll
3944"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4060 -prefsLen 44877 -prefMapHandle 4064 -prefMapSize 272997 -jsInitHandle 4040 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 4072 -initialChannelId {7bb72424-7e56-4ebc-bb98-446bc8d273c0} -parentPid 4172 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4172" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\vcruntime140_1.dll
c:\windows\system32\bcrypt.dll
Total events
22 167
Read events
22 086
Write events
62
Delete events
19

Modification events

(PID) Process:(1212) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(1212) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(1212) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(1212) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(1212) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(1212) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(1212) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(1212) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(1212) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASMANCS
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(1212) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MsiExec_RASMANCS
Operation:writeName:EnableConsoleTracing
Value:
0
Executable files
31
Suspicious files
518
Text files
175
Unknown types
255

Dropped files

PID
Process
Filename
Type
1212msiexec.exeC:\Users\admin\PDFEditor\PDFEditorSetup.exe
MD5:
SHA256:
1800PDFEditorSetup.exeC:\Users\admin\AppData\Local\Temp\nsqD07.tmp\app-64.7z
MD5:
SHA256:
1392msiexec.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554Eder
MD5:B0DE918ABC25B8DE10E7DE6E4985C49B
SHA256:8FA02390F6A54099C306DFDDDE00169BA74F090F7DEF50ECB23741F72DB88B8C
1800PDFEditorSetup.exeC:\Users\admin\AppData\Local\Temp\nsqD07.tmp\7z-out\icudtl.dat
MD5:
SHA256:
1212msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI514\EmbeddedUI.configxml
MD5:C9C40AF1656F8531EAA647CACEB1E436
SHA256:1A67F60962CA1CBF19873B62A8518EFE8C701A09CD609AF4C50ECC7F0B468BB8
1800PDFEditorSetup.exeC:\Users\admin\AppData\Local\Temp\nsqD07.tmp\7z-out\LICENSES.chromium.html
MD5:
SHA256:
1212msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI514\WixSharp.UI.dllexecutable
MD5:19769632E246C6726BF03AB45027609D
SHA256:4856C78885D53CA633E36CC3A76BE435B2DF65B5EBED1510D1119CD1C241519B
1392msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI514\WixSharp.UI.CA.dllexecutable
MD5:F2AEB79EFC4D15F1A1B786D6DE45F13A
SHA256:518848B3A8083C3097AD38B3231E1E611556E4EF9439A97A4CB953841F84EA32
1392msiexec.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_A231BA70EA43587EF7642A7A9D2CBD6Dbinary
MD5:4E672EF6F0437EB15ECAC0A3C348D207
SHA256:70C6601B2EDA273367427534BF5D3F3D072DC83C2839E82CE57DC9CB9406FD45
1212msiexec.exeC:\Users\admin\AppData\Local\Temp\MSI514\WixSharp.UI.WPF.dllexecutable
MD5:C593B3351E9DA6668E70C9CD45D2C224
SHA256:32FA0A9E828B57D201EF0DBC31FA1B057E8A4C87B5C16C5F0930C955D4F08252
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
28
TCP/UDP connections
80
DNS requests
110
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1392
msiexec.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/codesigningrootr45/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQVFZP5vqhCrtRN5SWf40Rn6NM1IAQUHwC%2FRoAK%2FHg5t6W0Q9lWULvOljsCEHe9DgW3WQu2HUdhUx4%2Fde0%3D
unknown
binary
1.67 Kb
whitelisted
1268
svchost.exe
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
DE
825 b
whitelisted
1268
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
NL
binary
814 b
whitelisted
1392
msiexec.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/gsgccr45evcodesignca2020/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQaCbVYh07WONuW4e63Ydlu4AlbDAQUJZ3Q%2FFkJhmPF7POxEztXHAOSNhECDFgsOkuZNLfsECi2OA%3D%3D
unknown
binary
1.66 Kb
whitelisted
6664
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
binary
471 b
whitelisted
4172
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
US
text
8 b
whitelisted
4172
firefox.exe
POST
200
142.250.185.195:80
http://o.pki.goog/we2
US
binary
279 b
whitelisted
892
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
NL
binary
420 b
whitelisted
892
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
NL
binary
408 b
whitelisted
4172
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
US
text
90 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5944
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
1268
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4700
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1392
msiexec.exe
104.18.20.226:80
ocsp.globalsign.com
CLOUDFLARENET
whitelisted
4
System
192.168.100.255:138
whitelisted
1212
msiexec.exe
3.160.150.89:443
inst.productivity-tools.ai
US
malicious
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
2.16.241.12:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
  • 20.73.194.208
whitelisted
google.com
  • 172.217.23.110
whitelisted
ocsp.globalsign.com
  • 104.18.20.226
  • 104.18.21.226
whitelisted
inst.productivity-tools.ai
  • 3.160.150.89
  • 3.160.150.107
  • 3.160.150.12
  • 3.160.150.27
malicious
crl.microsoft.com
  • 2.16.241.12
  • 2.16.241.14
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
vault.appsuites.ai
  • 143.204.98.82
  • 143.204.98.121
  • 143.204.98.57
  • 143.204.98.38
unknown
login.live.com
  • 40.126.31.3
  • 20.190.159.130
  • 20.190.159.129
  • 20.190.159.23
  • 40.126.31.1
  • 20.190.159.68
  • 40.126.31.129
  • 40.126.31.69
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
slscr.update.microsoft.com
  • 20.165.94.63
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
AppSuite-PDF.msi