File name:

ccsetup532.exe.7z

Full analysis: https://app.any.run/tasks/7d9a2f9e-e7bb-4208-b457-d1056117e42a
Verdict: Malicious activity
Analysis date: November 01, 2023, 16:39:27
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

7C3AD38D126244EF9CC48FC99B51D0D4

SHA1:

6F65BFC34B07DCBD5393E308C2679B1CB2802495

SHA256:

B92250950732BE3711B23233412F78F8D61BAB9BEF44E1EBF61613D82664B017

SSDEEP:

98304:VaaPNrGUva9d39PjZCTez8NlGgF59YI/2zPJk6xMvdyU9ys+AQa4qbzdupQt0kIJ:vXDCQWqndGnu7XXv9sL1

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Steals credentials from Web Browsers

      • ccsetup532.exe (PID: 3208)
      • taskhost.exe (PID: 3676)
      • taskhost.exe (PID: 1612)
      • taskhost.exe (PID: 3864)
      • CCleaner.exe (PID: 1768)

    • Actions looks like stealing of personal data

      • ccsetup532.exe (PID: 3208)
      • CCleaner.exe (PID: 1768)

    • Drops the executable file immediately after the start

      • ccsetup532.exe (PID: 3208)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • ccsetup532.exe (PID: 3208)

    • Searches for installed software

      • ccsetup532.exe (PID: 3208)

    • Reads Internet Explorer settings

      • ccsetup532.exe (PID: 3208)
      • CCleaner.exe (PID: 1768)

    • Executes as Windows Service

      • taskhost.exe (PID: 3676)
      • taskhost.exe (PID: 1612)
      • taskhost.exe (PID: 3864)

    • Reads the Internet Settings

      • ccsetup532.exe (PID: 3208)
      • taskhost.exe (PID: 3676)
      • CCleaner.exe (PID: 1768)
      • taskhost.exe (PID: 1612)

    • Starts application with an unusual extension

      • ccsetup532.exe (PID: 3208)

    • Reads browser cookies

      • ccsetup532.exe (PID: 3208)

    • The process creates files with name similar to system file names

      • ccsetup532.exe (PID: 3208)

    • Checks Windows Trust Settings

      • ccsetup532.exe (PID: 3208)

    • Creates a software uninstall entry

      • ccsetup532.exe (PID: 3208)

    • Process requests binary or script from the Internet

      • ccsetup532.exe (PID: 3208)

    • Reads security settings of Internet Explorer

      • ccsetup532.exe (PID: 3208)

    • Reads settings of System Certificates

      • ccsetup532.exe (PID: 3208)

    • Starts application from unusual location

      • CCleaner.exe (PID: 1768)

    • The process verifies whether the antivirus software is installed

      • CCleaner.exe (PID: 1768)

  • INFO

    • Checks supported languages

      • ccsetup532.exe (PID: 3208)
      • nsB914.tmp (PID: 3360)
      • nsCC7E.tmp (PID: 748)
      • CCleaner.exe (PID: 2668)
      • CCleaner.exe (PID: 1768)

    • Reads the computer name

      • ccsetup532.exe (PID: 3208)
      • CCleaner.exe (PID: 2668)
      • CCleaner.exe (PID: 1768)

    • Reads product name

      • ccsetup532.exe (PID: 3208)
      • CCleaner.exe (PID: 1768)

    • Checks proxy server information

      • ccsetup532.exe (PID: 3208)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 2360)

    • Creates files or folders in the user directory

      • ccsetup532.exe (PID: 3208)
      • taskhost.exe (PID: 3676)
      • CCleaner.exe (PID: 1768)
      • taskhost.exe (PID: 1612)
      • taskhost.exe (PID: 3864)

    • Create files in a temporary directory

      • ccsetup532.exe (PID: 3208)
      • CCleaner.exe (PID: 1768)

    • Reads Environment values

      • ccsetup532.exe (PID: 3208)
      • CCleaner.exe (PID: 1768)

    • Application launched itself

      • msedge.exe (PID: 2216)
      • msedge.exe (PID: 2016)

    • Reads CPU info

      • CCleaner.exe (PID: 1768)

    • Reads the machine GUID from the registry

      • CCleaner.exe (PID: 1768)
      • ccsetup532.exe (PID: 3208)

    • Manual execution by a user

      • msedge.exe (PID: 2016)

    • Reads Microsoft Office registry keys

      • CCleaner.exe (PID: 1768)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
79
Monitored processes
36
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs ccsetup532.exe no specs ccsetup532.exe nsb914.tmp no specs ping.exe no specs taskhost.exe nscc7e.tmp no specs ping.exe no specs ccleaner.exe no specs ccleaner.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs taskhost.exe msedge.exe no specs msedge.exe no specs taskhost.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
276"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6bb6f598,0x6bb6f5a8,0x6bb6f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
632"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2432 --field-trial-handle=1296,i,1984193959849015958,2711376844942778871,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
748"C:\Users\admin\AppData\Local\Temp\nsnB3D3.tmp\nsCC7E.tmp" ping -n 1 -w 5000 www.piriform.comC:\Users\admin\AppData\Local\Temp\nsnB3D3.tmp\nsCC7E.tmpccsetup532.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\nsnb3d3.tmp\nscc7e.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1128ping -n 1 -w 5000 www.piriform.comC:\Windows\System32\PING.EXEnsCC7E.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
TCP/IP Ping Command
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\ping.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
1228"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3364 --field-trial-handle=1296,i,1984193959849015958,2711376844942778871,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1612"taskhost.exe"C:\Windows\System32\taskhost.exe
services.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Host Process for Windows Tasks
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\taskhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1768"C:\Program Files\CCleaner\CCleaner.exe" C:\Program Files\CCleaner\CCleaner.exe
ccsetup532.exe
User:
admin
Company:
Piriform Ltd
Integrity Level:
HIGH
Description:
CCleaner
Exit code:
0
Version:
5, 32, 00, 6129
Modules
Images
c:\program files\ccleaner\ccleaner.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
2016"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate http://www.piriform.com/go/app_releasenotes?p=1&v=5.32.6129&l=1033&b=1&a=0C:\Program Files\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2100"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3932 --field-trial-handle=1296,i,1984193959849015958,2711376844942778871,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2200"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1240 --field-trial-handle=1280,i,5521842715684878404,13470863217330980560,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
13 876
Read events
13 591
Write events
182
Delete events
103

Modification events

(PID) Process:(2360) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2360) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(2360) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(2360) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(2360) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2360) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2360) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2360) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2360) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2360) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
133
Suspicious files
197
Text files
43
Unknown types
0

Dropped files

PID
Process
Filename
Type
3208ccsetup532.exeC:\Users\admin\AppData\Local\Temp\nsnB3D3.tmp\nsExec.dllexecutable
MD5:5ED60250F74FA36A5A247A715BCD026E
SHA256:EA8026766ADC2D7CC26E2206CFDF5F0865B1426BFE3BC2AEC8F43D3FC9A072EF
2360WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb2360.27177\ccsetup532.exeexecutable
MD5:4D4F7F80A542A93D0D3C822153E2C254
SHA256:5EFE445A696914B968F763B5830A62365D95E45052C35A96E05794BC7A7A2964
3208ccsetup532.exeC:\Users\admin\AppData\Local\Temp\nsnB3D3.tmp\ui\pfUI.dllexecutable
MD5:2BBCC2D1B429AE5CC0BBF169F9E8A75D
SHA256:E99AE53B3C4EF370940E8F9E9025ADE899559D492925CA14C34A88D09337DD50
3208ccsetup532.exeC:\Users\admin\AppData\Local\Temp\nsnB3D3.tmp\g\gcapi_dll.dllexecutable
MD5:2973AF8515EFFD0A3BFC7A43B03B3FCC
SHA256:D0E4581210A22135CE5DEB47D9DF4D636A94B3813E0649AAB84822C9F08AF2A0
3208ccsetup532.exeC:\Users\admin\AppData\Local\Temp\nsnB3D3.tmp\UserInfo.dllexecutable
MD5:C1F778A6D65178D34BDE4206161A98E0
SHA256:9CAF7A78F750713180CF64D18967A2B803B5580E636E59279DCAAF18BA0DAA87
3208ccsetup532.exeC:\Users\admin\AppData\Local\Temp\nsnB3D3.tmp\ui\res\lang-1049.dllexecutable
MD5:6E086B9B522B10DE43E0609AA9A8EED0
SHA256:4B09C2FA621069CC3D66E35242DA34F149594EDBC7873461E947E7CF2013309F
3208ccsetup532.exeC:\Users\admin\AppData\Local\Temp\nsnB3D3.tmp\g\gtapi_signed.dllexecutable
MD5:61BC40D1FAD9E0FAA9A07219B90BA0E4
SHA256:89E157A4F61D7D18180CB7F901C0095DA3B7A5CC5A9FD58D710099E5F0EE505A
3208ccsetup532.exeC:\Users\admin\AppData\Local\Temp\nsnB3D3.tmp\nsB914.tmpexecutable
MD5:5ED60250F74FA36A5A247A715BCD026E
SHA256:EA8026766ADC2D7CC26E2206CFDF5F0865B1426BFE3BC2AEC8F43D3FC9A072EF
3208ccsetup532.exeC:\Users\admin\AppData\Local\Temp\nsnB3D3.tmp\p\syschk.dllexecutable
MD5:F46BC8015929E17A2B1AFF097D7DF0E4
SHA256:26602D21203CF28B0C840A57BEE8F1FF52FF885223095797180C9AFE91265C32
3208ccsetup532.exeC:\Users\admin\AppData\Local\Temp\nsnB3D3.tmp\ui\res\Montserrat-Regular.otfbinary
MD5:27E50FFD6A14CBC8221C9DBD3B5208DC
SHA256:40FC1142200A5C1C18F80B6915257083C528C7F7FD2B00A552AEEBC42898D428
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
62
DNS requests
89
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3208
ccsetup532.exe
GET
302
184.30.215.216:80
http://service.piriform.com/installcheck.aspx?p=1&v=5.32.6129&vx=6.14.10584&l=1033&b=1&o=6.1W3&g=0&i=1&a=0&c=0&d=0&e=0&n=ccsetup532.exe&id=003
unknown
unknown
3884
msedge.exe
GET
302
184.30.215.216:80
http://www.piriform.com/go/app_releasenotes?p=1&v=5.32.6129&l=1033&b=1&a=0
unknown
unknown
3884
msedge.exe
GET
301
2.19.225.128:80
http://www.ccleaner.com/go/app_releasenotes?p=1&v=5.32.6129&l=1033&b=1&a=0
unknown
unknown
3208
ccsetup532.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8fd0774ad29da25a
unknown
compressed
4.66 Kb
unknown
3208
ccsetup532.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
binary
471 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2656
svchost.exe
239.255.255.250:1900
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
3208
ccsetup532.exe
184.30.215.216:443
www.piriform.com
AKAMAI-AS
DE
unknown
3208
ccsetup532.exe
184.30.215.216:80
www.piriform.com
AKAMAI-AS
DE
unknown
3208
ccsetup532.exe
209.197.3.8:80
ctldl.windowsupdate.com
STACKPATH-CDN
US
whitelisted
3208
ccsetup532.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
3884
msedge.exe
184.30.215.216:80
www.piriform.com
AKAMAI-AS
DE
unknown
2016
msedge.exe
239.255.255.250:1900
whitelisted

DNS requests

Domain
IP
Reputation
www.piriform.com
  • 184.30.215.216
whitelisted
service.piriform.com
  • 184.30.215.216
whitelisted
license.piriform.com
  • 184.30.215.216
whitelisted
ctldl.windowsupdate.com
  • 209.197.3.8
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
nav-edge.smartscreen.microsoft.com
  • 20.105.95.163
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
www.ccleaner.com
  • 2.19.225.128
whitelisted
data-edge.smartscreen.microsoft.com
  • 51.104.176.40
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ccsetup532.exe.7z