File name:

DeskPins-1.32-setup.exe

Full analysis: https://app.any.run/tasks/0259bd68-3833-4e56-8447-e7aef31b4a33
Verdict: Malicious activity
Analysis date: April 20, 2025, 07:23:09
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
evasion
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

5A669C5723F8E1E6ADC328B3869A8955

SHA1:

D41796CEBB9AA95DB10641C908B5C745A11C4990

SHA256:

70BFD44E774837E52BC83F2C128DE7D164251E513F6EBEA4A70E2073E28ECD2A

SSDEEP:

1536:IpgpHzb9dZVX9fHMvG0D3XJBkqf2VXcUDaeMYus/x6WsfwK2rUKxuj:+gXdZt9P6D3XJBkqOVMUWbJ2AKuj

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Create files in the Startup directory

      • DeskPins-1.32-setup.exe (PID: 7300)

    • Changes the autorun value in the registry

      • CCleaner64.exe (PID: 7388)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • DeskPins-1.32-setup.exe (PID: 7300)

    • Executable content was dropped or overwritten

      • DeskPins-1.32-setup.exe (PID: 7300)
      • CCleaner64.exe (PID: 5332)
      • CCleaner64.exe (PID: 7388)

    • Creates a software uninstall entry

      • DeskPins-1.32-setup.exe (PID: 7300)

    • Reads security settings of Internet Explorer

      • CCleaner64.exe (PID: 6652)
      • CCleaner64.exe (PID: 5332)
      • CCleaner64.exe (PID: 7388)

    • Reads the date of Windows installation

      • CCleaner64.exe (PID: 6652)
      • CCleaner64.exe (PID: 5332)

    • Application launched itself

      • CCleaner64.exe (PID: 6652)
      • CCleaner64.exe (PID: 5332)

    • Reads Internet Explorer settings

      • CCleaner64.exe (PID: 5332)
      • CCleaner64.exe (PID: 7388)

    • Checks for external IP

      • CCleaner64.exe (PID: 5332)

    • Searches for installed software

      • CCleaner64.exe (PID: 5332)
      • CCleaner64.exe (PID: 7388)

    • There is functionality for taking screenshot (YARA)

      • deskpins.exe (PID: 5968)

    • The process verifies whether the antivirus software is installed

      • CCleaner64.exe (PID: 7388)

    • The process creates files with name similar to system file names

      • DeskPins-1.32-setup.exe (PID: 7300)

  • INFO

    • Checks supported languages

      • DeskPins-1.32-setup.exe (PID: 7300)
      • CCleaner64.exe (PID: 6652)
      • CCleaner64.exe (PID: 5332)
      • deskpins.exe (PID: 5968)
      • CCleaner64.exe (PID: 7388)

    • Create files in a temporary directory

      • DeskPins-1.32-setup.exe (PID: 7300)

    • The sample compiled with english language support

      • DeskPins-1.32-setup.exe (PID: 7300)
      • CCleaner64.exe (PID: 5332)
      • CCleaner64.exe (PID: 7388)

    • Reads the computer name

      • DeskPins-1.32-setup.exe (PID: 7300)
      • CCleaner64.exe (PID: 6652)
      • deskpins.exe (PID: 5968)
      • CCleaner64.exe (PID: 5332)
      • CCleaner64.exe (PID: 7388)

    • Creates files in the program directory

      • DeskPins-1.32-setup.exe (PID: 7300)
      • CCleaner64.exe (PID: 5332)
      • CCleaner64.exe (PID: 7388)

    • Creates files or folders in the user directory

      • DeskPins-1.32-setup.exe (PID: 7300)
      • CCleaner64.exe (PID: 5332)

    • Manual execution by a user

      • CCleaner64.exe (PID: 6652)
      • deskpins.exe (PID: 5968)

    • Process checks computer location settings

      • CCleaner64.exe (PID: 6652)
      • CCleaner64.exe (PID: 5332)

    • Reads Environment values

      • CCleaner64.exe (PID: 6652)
      • CCleaner64.exe (PID: 5332)
      • CCleaner64.exe (PID: 7388)

    • Reads CPU info

      • CCleaner64.exe (PID: 5332)
      • CCleaner64.exe (PID: 7388)

    • Reads product name

      • CCleaner64.exe (PID: 5332)
      • CCleaner64.exe (PID: 7388)

    • Reads the machine GUID from the registry

      • CCleaner64.exe (PID: 5332)
      • CCleaner64.exe (PID: 7388)

    • Reads the software policy settings

      • CCleaner64.exe (PID: 5332)
      • CCleaner64.exe (PID: 7388)

    • Checks proxy server information

      • CCleaner64.exe (PID: 5332)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | NSIS - Nullsoft Scriptable Install System (94.8)
.exe | Win32 Executable MS Visual C++ (generic) (3.4)
.dll | Win32 Dynamic Link Library (generic) (0.7)
.exe | Win32 Executable (generic) (0.5)
.exe | Generic Win/DOS Executable (0.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:12:05 22:50:52+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 24064
InitializedDataSize: 164864
UninitializedDataSize: 1024
EntryPoint: 0x30fa
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.32.0.0
ProductVersionNumber: 1.32.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Windows, Latin1
Comments: Freeware
CompanyName: Elias Fotinis
FileDescription: DeskPins installer
FileVersion: {PRETTY_VER}
LegalCopyright: Copyright © 2002-2015 Elias Fotinis
ProductName: DeskPins
ProductVersion: {PRETTY_VER}
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
146
Monitored processes
8
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start deskpins-1.32-setup.exe sppextcomobj.exe no specs slui.exe no specs deskpins.exe no specs ccleaner64.exe no specs ccleaner64.exe ccleaner64.exe deskpins-1.32-setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2852"C:\Users\admin\AppData\Local\Temp\DeskPins-1.32-setup.exe" C:\Users\admin\AppData\Local\Temp\DeskPins-1.32-setup.exeexplorer.exe
User:
admin
Company:
Elias Fotinis
Integrity Level:
MEDIUM
Description:
DeskPins installer
Exit code:
3221226540
Version:
{PRETTY_VER}
Modules
Images
c:\users\admin\appdata\local\temp\deskpins-1.32-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
5332"C:\Program Files\CCleaner\CCleaner64.exe" /uacC:\Program Files\CCleaner\CCleaner64.exe
CCleaner64.exe
User:
admin
Company:
Piriform Software Ltd
Integrity Level:
HIGH
Description:
CCleaner
Version:
6.20.0.10897
Modules
Images
c:\program files\ccleaner\ccleaner64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
5968"C:\Program Files (x86)\DeskPins\deskpins.exe" C:\Program Files (x86)\DeskPins\deskpins.exeexplorer.exe
User:
admin
Company:
Elias Fotinis
Integrity Level:
MEDIUM
Description:
DeskPins application
Version:
1.32
Modules
Images
c:\program files (x86)\deskpins\deskpins.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6652"C:\Program Files\CCleaner\CCleaner64.exe" C:\Program Files\CCleaner\CCleaner64.exeexplorer.exe
User:
admin
Company:
Piriform Software Ltd
Integrity Level:
MEDIUM
Description:
CCleaner
Exit code:
0
Version:
6.20.0.10897
Modules
Images
c:\program files\ccleaner\ccleaner64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_60b6a03d71f818d5\comctl32.dll
7300"C:\Users\admin\AppData\Local\Temp\DeskPins-1.32-setup.exe" C:\Users\admin\AppData\Local\Temp\DeskPins-1.32-setup.exe
explorer.exe
User:
admin
Company:
Elias Fotinis
Integrity Level:
HIGH
Description:
DeskPins installer
Exit code:
0
Version:
{PRETTY_VER}
Modules
Images
c:\users\admin\appdata\local\temp\deskpins-1.32-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
7388"C:\Program Files\CCleaner\CCleaner64.exe" /monitorC:\Program Files\CCleaner\CCleaner64.exe
CCleaner64.exe
User:
admin
Company:
Piriform Software Ltd
Integrity Level:
HIGH
Description:
CCleaner
Version:
6.20.0.10897
Modules
Images
c:\program files\ccleaner\ccleaner64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
7404C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
7436"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exeSppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
Total events
17 428
Read events
17 282
Write events
94
Delete events
52

Modification events

(PID) Process:(7300) DeskPins-1.32-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Elias Fotinis\DeskPins
Operation:writeName:Install_Dir
Value:
C:\Program Files (x86)\DeskPins
(PID) Process:(7300) DeskPins-1.32-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DeskPins
Operation:writeName:DisplayName
Value:
DeskPins
(PID) Process:(7300) DeskPins-1.32-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DeskPins
Operation:writeName:UninstallString
Value:
"C:\Program Files (x86)\DeskPins\uninst.exe"
(PID) Process:(7300) DeskPins-1.32-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DeskPins
Operation:writeName:DisplayIcon
Value:
"C:\Program Files (x86)\DeskPins\DeskPins.exe"
(PID) Process:(7300) DeskPins-1.32-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DeskPins
Operation:writeName:NoModify
Value:
1
(PID) Process:(7300) DeskPins-1.32-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DeskPins
Operation:writeName:NoRepair
Value:
1
(PID) Process:(7300) DeskPins-1.32-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DeskPins
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\DeskPins
(PID) Process:(7300) DeskPins-1.32-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DeskPins
Operation:writeName:Publisher
Value:
Elias Fotinis
(PID) Process:(7300) DeskPins-1.32-setup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DeskPins
Operation:writeName:DisplayVersion
Value:
1.32
(PID) Process:(5332) CCleaner64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Piriform\CCleaner
Operation:writeName:DAST
Value:
04/20/2025 07:23:32
Executable files
8
Suspicious files
19
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
7300DeskPins-1.32-setup.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeskPins\Uninstall.lnkbinary
MD5:18E65376F248C7DC42D073E791CC38F3
SHA256:34FCFC9049137644F78F095B3018E4D1B3D2E4008767DED01479D528895AA652
7300DeskPins-1.32-setup.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeskPins\DeskPins.lnkbinary
MD5:7191F7F4A62E47ADB4AC7C012EFB418F
SHA256:6BA2F175AF9219B018E4153C46A8174ACCCD87714629D0D495CFF71DDFCF20F2
7300DeskPins-1.32-setup.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeskPins\Help.lnkbinary
MD5:2B85817AFC93407CCC2C1300CC02E5D6
SHA256:4D373A0BF05C90A318AFE88BCED577E7F6B8E67465D30FE94F44C63421EC2823
5332CCleaner64.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccc0fa1b9f86f7b3.customDestinations-ms~RF1102db.TMPbinary
MD5:715D03F2C851242AE02F082C92170337
SHA256:52F9047E9A072554A68045FD0215B8484C2D6D758FEE82543FBAA7C7F7D163D9
5332CCleaner64.exeC:\Program Files\CCleaner\gcapi_dll.dllexecutable
MD5:F17F96322F8741FE86699963A1812897
SHA256:8B6CE3A640E2D6F36B0001BE2A1ABB765AE51E62C314A15911E75138CBB544BB
7300DeskPins-1.32-setup.exeC:\Program Files (x86)\DeskPins\DeskPins.chmbinary
MD5:13DFE50C5FD09196EC5E08E688480E5B
SHA256:75AF28FA805A1EA57F9A70CB588DA6D55B670EBCCB13675AB28798E1A1EE6897
7300DeskPins-1.32-setup.exeC:\Users\admin\AppData\Local\Temp\nsfB75C.tmp\System.dllexecutable
MD5:C17103AE9072A06DA581DEC998343FC1
SHA256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
7300DeskPins-1.32-setup.exeC:\Program Files (x86)\DeskPins\uninst.exeexecutable
MD5:DAE81921C510B98594DBFEB3BC22070C
SHA256:F30514EB9B5FF71D168659ECB159BDB12C00AE87A9CE7090989D06D4A161B68B
5332CCleaner64.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCV3KQBA\ccupdate635_free[1].exe
MD5:
SHA256:
5332CCleaner64.exeC:\Program Files\CCleaner\temp_ccupdate\ccupdate635_free.exe
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
41
DNS requests
29
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5328
SIHClient.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2924
SearchApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
5332
CCleaner64.exe
GET
200
2.22.242.105:80
http://ncc.avast.com/ncc.txt
unknown
whitelisted
2924
SearchApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
2924
SearchApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
5332
CCleaner64.exe
GET
200
142.250.185.227:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
whitelisted
5332
CCleaner64.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEAXfj0A2M0oL7zuU%2F%2F2jetU%3D
unknown
whitelisted
5332
CCleaner64.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2104
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2568
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5496
MoUsoCoreWorker.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
2112
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
2924
SearchApp.exe
104.126.37.170:443
www.bing.com
Akamai International B.V.
DE
whitelisted
6544
svchost.exe
20.190.159.64:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 23.216.77.6
  • 23.216.77.28
whitelisted
google.com
  • 142.250.184.238
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
www.bing.com
  • 104.126.37.170
  • 104.126.37.160
  • 104.126.37.137
  • 104.126.37.161
  • 104.126.37.171
  • 104.126.37.144
  • 104.126.37.153
  • 104.126.37.139
  • 104.126.37.155
whitelisted
login.live.com
  • 20.190.159.64
  • 20.190.159.75
  • 40.126.31.67
  • 40.126.31.0
  • 20.190.159.0
  • 40.126.31.1
  • 40.126.31.129
  • 40.126.31.71
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
fp.msedge.net
  • 204.79.197.222
whitelisted
dual-s-ring.msedge.net
  • 52.123.128.254
  • 52.123.129.254
whitelisted
ax-ring.msedge.net
  • 150.171.27.254
  • 150.171.28.254
unknown

Threats

PID
Process
Class
Message
2196
svchost.exe
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
5332
CCleaner64.exe
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
DeskPins-1.32-setup.exe