File name:

PC_Cleaner_setup.exe

Full analysis: https://app.any.run/tasks/2a7c1bbe-1d81-472c-a114-b4e45ae56b0f
Verdict: Malicious activity
Analysis date: September 03, 2025, 17:20:59
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

DB4CB78D65D71424217AD2A227B30225

SHA1:

E606CA8CE3F597D9B494A4A9FC93B202E705036C

SHA256:

D54B331AEEFE3B9AEF34F90D785C81C01890EB1D176363679F277566CF67B75C

SSDEEP:

98304:7eRmzwh2oM+3yvyXWZ0vI8mNE9UyFTPf7TEuH0rK0FFw+cjt6/WTknWlRA6o674J:EPqB1rGE

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Changes the autorun value in the registry

      • PC_Cleaner_setup.exe (PID: 6808)
  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • PC_Cleaner_setup.exe (PID: 6808)
    • Executes as Windows Service

      • VSSVC.exe (PID: 2580)
      • PC Cleaner Service.exe (PID: 5188)
    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 1520)
    • Adds/modifies Windows certificates

      • msiexec.exe (PID: 1520)
    • Uses TASKKILL.EXE to kill process

      • msiexec.exe (PID: 188)
    • Application launched itself

      • msiexec.exe (PID: 1520)
    • The process drops C-runtime libraries

      • msiexec.exe (PID: 1520)
    • Process drops legitimate windows executable

      • msiexec.exe (PID: 1520)
    • There is functionality for taking screenshot (YARA)

      • PC_Cleaner_setup.exe (PID: 6808)
    • Process drops SQLite DLL files

      • msiexec.exe (PID: 1520)
    • Searches for installed software

      • PC Cleaner Service.exe (PID: 5188)
  • INFO

    • The sample compiled with english language support

      • PC_Cleaner_setup.exe (PID: 6808)
      • msiexec.exe (PID: 1520)
    • Checks supported languages

      • PC_Cleaner_setup.exe (PID: 6808)
      • msiexec.exe (PID: 1520)
      • msiexec.exe (PID: 188)
      • msiexec.exe (PID: 5564)
      • msiexec.exe (PID: 2112)
      • PC Cleaner.exe (PID: 6668)
      • PC Cleaner Service.exe (PID: 5188)
    • Create files in a temporary directory

      • PC_Cleaner_setup.exe (PID: 6808)
    • Reads the computer name

      • PC_Cleaner_setup.exe (PID: 6808)
      • msiexec.exe (PID: 1520)
      • msiexec.exe (PID: 188)
      • msiexec.exe (PID: 5564)
      • msiexec.exe (PID: 2112)
      • PC Cleaner Service.exe (PID: 5188)
      • PC Cleaner.exe (PID: 6668)
    • Creates files or folders in the user directory

      • PC_Cleaner_setup.exe (PID: 6808)
      • msiexec.exe (PID: 1520)
    • Creates files in the program directory

      • PC_Cleaner_setup.exe (PID: 6808)
      • PC Cleaner.exe (PID: 6668)
      • PC Cleaner Service.exe (PID: 5188)
    • Checks proxy server information

      • PC_Cleaner_setup.exe (PID: 6808)
    • Manages system restore points

      • SrTasks.exe (PID: 3944)
    • Reads the software policy settings

      • msiexec.exe (PID: 1520)
    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 1520)
    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 1520)
    • Creates a software uninstall entry

      • msiexec.exe (PID: 1520)
    • Launching a file from a Registry key

      • PC_Cleaner_setup.exe (PID: 6808)
    • Manual execution by a user

      • PC Cleaner.exe (PID: 6668)
    • Reads Environment values

      • PC Cleaner Service.exe (PID: 5188)
    • Reads CPU info

      • PC Cleaner Service.exe (PID: 5188)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:02:25 14:27:38+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.42
CodeSize: 2791424
InitializedDataSize: 5954560
UninitializedDataSize: -
EntryPoint: 0x243d3d
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 9.9.39351.5169
ProductVersionNumber: 9.9.39351.5169
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (British)
CharacterSet: Unicode
CompanyName: Avanquest
FileDescription: PC Cleaner Installer
FileVersion: 9,9,39351,5169
LegalCopyright: © Avanquest
InternalName: PC Cleaner Installer
OriginalFileName: PC Cleaner Installer.exe
ProductName: PC Cleaner
ProductVersion: 9,9,39351,5169
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
153
Monitored processes
14
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start pc_cleaner_setup.exe msiexec.exe vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs taskkill.exe no specs conhost.exe no specs msiexec.exe no specs msiexec.exe no specs pc cleaner.exe no specs pc cleaner service.exe slui.exe no specs pc_cleaner_setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
188C:\Windows\syswow64\MsiExec.exe -Embedding 6CC76117747AA9020827279087511B5DC:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
1036\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetaskkill.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1520C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2112C:\Windows\System32\MsiExec.exe -Embedding FA35F12CD19E3FC841815D3B6A919728 E Global\MSI0000C:\Windows\System32\msiexec.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2580C:\WINDOWS\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3656"C:\Users\admin\AppData\Local\Temp\PC_Cleaner_setup.exe" C:\Users\admin\AppData\Local\Temp\PC_Cleaner_setup.exeexplorer.exe
User:
admin
Company:
Avanquest
Integrity Level:
MEDIUM
Description:
PC Cleaner Installer
Exit code:
3221226540
Version:
9,9,39351,5169
Modules
Images
c:\users\admin\appdata\local\temp\pc_cleaner_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
3944C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:11C:\Windows\System32\SrTasks.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Windows System Protection background tasks.
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\srtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5188"C:\Program Files\Avanquest\PC Cleaner\application\9.9.39351.5169\PC Cleaner Service.exe"C:\Program Files\Avanquest\PC Cleaner\application\9.9.39351.5169\PC Cleaner Service.exe
services.exe
User:
SYSTEM
Company:
Avanquest
Integrity Level:
SYSTEM
Description:
PC Cleaner Service
Version:
9,9,39351,5169
Modules
Images
c:\program files\avanquest\pc cleaner\application\9.9.39351.5169\pc cleaner service.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
5352"C:\WINDOWS\SysWOW64\taskkill.exe" /F /IM "PC Cleaner.exe"C:\Windows\SysWOW64\taskkill.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
5564C:\Windows\System32\MsiExec.exe -Embedding 6618F9F96FDE022FF1C43DE09C31A36DC:\Windows\System32\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
Total events
29 047
Read events
28 756
Write events
270
Delete events
21

Modification events

(PID) Process:(1520) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
480000000000000031DAFF25F71CDC01F00500000C160000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1520) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
480000000000000031DAFF25F71CDC01F00500000C160000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1520) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
48000000000000008013DC25F71CDC01F00500000C160000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1520) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
48000000000000008013DC25F71CDC01F00500000C160000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1520) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
4800000000000000D85A0226F71CDC01F00500000C160000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1520) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
480000000000000008980426F71CDC01F00500000C160000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1520) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:writeName:LastIndex
Value:
11
(PID) Process:(2580) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Registry Writer
Operation:writeName:IDENTIFY (Enter)
Value:
48000000000000005E894E26F71CDC01140A0000E0150000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2580) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Shadow Copy Optimization Writer
Operation:writeName:IDENTIFY (Enter)
Value:
48000000000000005E894E26F71CDC01140A000070140000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2580) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\ASR Writer
Operation:writeName:IDENTIFY (Enter)
Value:
48000000000000005E894E26F71CDC01140A0000901B0000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
120
Suspicious files
36
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
6808PC_Cleaner_setup.exeC:\ProgramData\Avanquest\PC Cleaner\msi-cache\944ed1b0-b138-4f5f-a338-a82217ec77b5.msi
MD5:
SHA256:
1520msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
1520msiexec.exeC:\Windows\Installer\191023.msi
MD5:
SHA256:
1520msiexec.exeC:\Windows\Installer\MSI1D43.tmp
MD5:
SHA256:
6808PC_Cleaner_setup.exeC:\ProgramData\Avanquest\PC Cleaner\settings\current-partner-paramsbinary
MD5:AC007C8ABFE1763AB336C048E3064A71
SHA256:885E513DE2ED18349149C529942F04782193184E0DE6C347B605BA393862A7F6
6808PC_Cleaner_setup.exeC:\Users\admin\AppData\Local\Temp\8208bb3c-fcfc-4b6e-802b-00443ea578e3\sciter.dllexecutable
MD5:014DD1D0CA3CF45058C1CFF243DE1F64
SHA256:A99EB6F8B94BB47DB6EDD8DC797D6E24C43C88FF5BE3FBDE83123160892A93C0
6808PC_Cleaner_setup.exeC:\ProgramData\Avanquest\PC Cleaner\settings\original-partner-paramsbinary
MD5:AC007C8ABFE1763AB336C048E3064A71
SHA256:885E513DE2ED18349149C529942F04782193184E0DE6C347B605BA393862A7F6
6808PC_Cleaner_setup.exeC:\ProgramData\Avanquest\PC Cleaner\settings\installation-idbinary
MD5:49260C4B5DE44DAB06AC898144C9BFF8
SHA256:8BA3C51C5A8442CD411802870E838E2A56EC7B8D70AF1482E51B7CAE8DFF5A31
1520msiexec.exeC:\System Volume Information\SPP\OnlineMetadataCache\{98a792af-eb76-44ba-84f3-b46806a939fc}_OnDiskSnapshotPropbinary
MD5:50F598C8CAD7C62C304F58B955E90E54
SHA256:AF858EECA44C596DE7BF1107F8DFA736402A2E8C20C77F4A0466F714DD819C38
1520msiexec.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FFbinary
MD5:E64E24C5D0D3C3EFEB536B4EDAA676C2
SHA256:D6AF036AF4E2153FC73EDC2D574270AA155758DD60A053B5C1937FC0E10F6AAA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
47
DNS requests
25
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
764
lsass.exe
GET
200
142.250.185.195:80
http://c.pki.goog/r/r4.crl
US
binary
530 b
whitelisted
764
lsass.exe
GET
200
142.250.185.195:80
http://c.pki.goog/r/gsr1.crl
US
binary
1.70 Kb
whitelisted
1520
msiexec.exe
GET
200
72.246.170.45:80
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR1GyNn5ASZqsCEE5A5DdU7eaMAAAAAFHTlH8%3D
DE
binary
1.54 Kb
whitelisted
764
lsass.exe
GET
200
184.30.131.245:80
http://status.rapidssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJiUKgT2m88fZ4nxc1Lu6M%2FjvkagQUDNtsgkkPSmcKuBTuesRIUojrVjgCEAN2Bf4W%2BlJ5Zx7tXF2ldaI%3D
US
binary
471 b
whitelisted
5724
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
DE
binary
471 b
whitelisted
1268
svchost.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
DE
binary
825 b
whitelisted
1520
msiexec.exe
GET
200
72.246.170.45:80
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRr2bwARTxMtEy9aspRAZg5QFhagQQUgrrWPZfOn89x6JI3r%2F2ztWk1V88CEDWvt3udNB9q%2FI%2BERqsxNSs%3D
DE
binary
812 b
whitelisted
1268
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
NL
binary
814 b
whitelisted
1520
msiexec.exe
GET
200
72.246.170.45:80
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRp%2BmQDKauE4nIg%2FgknZHuBlLkfKgQUzolPglGqFaKEYsoxI2HSYfv4%2FngCEAlGWUsbJQFYeJPc6qnkoG8%3D
DE
binary
806 b
whitelisted
4224
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
NL
binary
419 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4196
RUXIMICS.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1268
svchost.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6808
PC_Cleaner_setup.exe
104.16.149.130:443
partner-tracking.lavasoft.com
CLOUDFLARENET
whitelisted
764
lsass.exe
142.250.185.195:80
c.pki.goog
GOOGLE
US
whitelisted
4
System
192.168.100.255:138
whitelisted
5724
svchost.exe
20.190.160.132:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6808
PC_Cleaner_setup.exe
104.16.212.94:443
acdn.adaware.com
CLOUDFLARENET
whitelisted
5724
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.142
whitelisted
partner-tracking.lavasoft.com
  • 104.16.149.130
  • 104.16.148.130
whitelisted
c.pki.goog
  • 142.250.185.195
whitelisted
login.live.com
  • 20.190.160.132
  • 20.190.160.65
  • 40.126.32.76
  • 20.190.160.2
  • 20.190.160.14
  • 20.190.160.22
  • 40.126.32.72
  • 20.190.160.130
whitelisted
acdn.adaware.com
  • 104.16.212.94
  • 104.16.213.94
whitelisted
ocsp.digicert.com
  • 2.17.190.73
  • 184.30.131.245
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 23.216.77.28
  • 23.216.77.42
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
go.microsoft.com
  • 184.28.89.167
whitelisted

Threats

No threats detected
No debug info