File name:

cFosSpeed 12.50.2525.exe

Full analysis: https://app.any.run/tasks/99d5fee3-954d-4e23-b1dd-9787dc406922
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: May 29, 2024, 01:26:20
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

79D4E2F1E160EAA72EB950BEC277D31B

SHA1:

133A2173B799EAA2F112278647571E700845CF58

SHA256:

FEC1505233F99008EB531C76782AD3B67F92FDFFA2CD2ABA8083F8F198AFC774

SSDEEP:

98304:Fv5nriRyXVUnqmtdRT5rjxI9T4X6N4EYeOMhu+MzoKA9wsi47+h2eta2h+KdMGLb:qs/TgYAoDc8rs2y

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • cFosSpeed 12.50.2525.exe (PID: 4068)
      • cFosSpeed 12.50.2525.tmp (PID: 4084)
      • setup.exe (PID: 2040)
      • MicrosoftEdgeWebview2Setup.exe (PID: 1664)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • cFosSpeed 12.50.2525.exe (PID: 4068)
      • cFosSpeed 12.50.2525.tmp (PID: 4084)
      • setup.exe (PID: 2040)
      • MicrosoftEdgeWebview2Setup.exe (PID: 1664)

    • Process drops legitimate windows executable

      • cFosSpeed 12.50.2525.tmp (PID: 4084)
      • setup.exe (PID: 2040)
      • MicrosoftEdgeWebview2Setup.exe (PID: 1664)
      • MicrosoftEdgeUpdate.exe (PID: 1660)

    • Reads the Windows owner or organization settings

      • cFosSpeed 12.50.2525.tmp (PID: 4084)
      • setup.exe (PID: 2040)

    • Drops a system driver (possible attempt to evade defenses)

      • cFosSpeed 12.50.2525.tmp (PID: 4084)
      • setup.exe (PID: 2040)

    • Creates file in the systems drive root

      • setup.exe (PID: 2040)

    • Suspicious use of NETSH.EXE

      • setup.exe (PID: 2040)

    • Reads the Internet Settings

      • setup.exe (PID: 2040)
      • MicrosoftEdgeUpdate.exe (PID: 1816)

    • Reads settings of System Certificates

      • setup.exe (PID: 2040)
      • MicrosoftEdgeUpdate.exe (PID: 1816)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 1664)
      • MicrosoftEdgeUpdate.exe (PID: 1660)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 1660)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdate.exe (PID: 1132)

    • Creates a software uninstall entry

      • MicrosoftEdgeUpdate.exe (PID: 1660)

    • Executes as Windows Service

      • MicrosoftEdgeUpdate.exe (PID: 2240)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 1816)

    • Checks Windows Trust Settings

      • MicrosoftEdgeUpdate.exe (PID: 1816)

    • Potential Corporate Privacy Violation

      • setup.exe (PID: 2040)

    • Disables SEHOP

      • MicrosoftEdgeUpdate.exe (PID: 1660)

  • INFO

    • Checks supported languages

      • cFosSpeed 12.50.2525.tmp (PID: 4084)
      • setdrv.exe (PID: 2032)
      • setup.exe (PID: 2040)
      • wmpnscfg.exe (PID: 1864)
      • MicrosoftEdgeWebview2Setup.exe (PID: 1664)
      • MicrosoftEdgeUpdate.exe (PID: 1660)
      • MicrosoftEdgeUpdate.exe (PID: 1588)
      • cFosSpeed 12.50.2525.exe (PID: 4068)
      • MicrosoftEdgeUpdate.exe (PID: 1132)
      • MicrosoftEdgeUpdate.exe (PID: 1852)
      • MicrosoftEdgeUpdate.exe (PID: 2240)
      • MicrosoftEdgeUpdate.exe (PID: 1816)

    • Reads the computer name

      • cFosSpeed 12.50.2525.tmp (PID: 4084)
      • setdrv.exe (PID: 2032)
      • setup.exe (PID: 2040)
      • wmpnscfg.exe (PID: 1864)
      • MicrosoftEdgeUpdate.exe (PID: 1660)
      • MicrosoftEdgeUpdate.exe (PID: 1588)
      • MicrosoftEdgeUpdate.exe (PID: 1132)
      • MicrosoftEdgeUpdate.exe (PID: 1816)
      • MicrosoftEdgeUpdate.exe (PID: 1852)
      • MicrosoftEdgeUpdate.exe (PID: 2240)

    • Creates files in the program directory

      • cFosSpeed 12.50.2525.tmp (PID: 4084)
      • setup.exe (PID: 2040)
      • MicrosoftEdgeWebview2Setup.exe (PID: 1664)

    • Reads mouse settings

      • setdrv.exe (PID: 2032)

    • Reads product name

      • setup.exe (PID: 2040)

    • Reads Environment values

      • setup.exe (PID: 2040)
      • MicrosoftEdgeUpdate.exe (PID: 1816)

    • Reads Windows Product ID

      • setup.exe (PID: 2040)

    • Reads the machine GUID from the registry

      • setup.exe (PID: 2040)

    • Process checks computer location settings

      • setup.exe (PID: 2040)

    • Disables trace logs

      • setup.exe (PID: 2040)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 1864)

    • Reads the software policy settings

      • setup.exe (PID: 2040)
      • MicrosoftEdgeUpdate.exe (PID: 1816)
      • MicrosoftEdgeUpdate.exe (PID: 2240)

    • Create files in a temporary directory

      • setup.exe (PID: 2040)
      • cFosSpeed 12.50.2525.tmp (PID: 4084)
      • cFosSpeed 12.50.2525.exe (PID: 4068)
      • MicrosoftEdgeUpdate.exe (PID: 1816)

    • Checks proxy server information

      • MicrosoftEdgeUpdate.exe (PID: 1816)

    • Creates files or folders in the user directory

      • MicrosoftEdgeUpdate.exe (PID: 1816)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (77.7)
.exe | Win32 Executable Delphi generic (10)
.dll | Win32 Dynamic Link Library (generic) (4.6)
.exe | Win32 Executable (generic) (3.1)
.exe | Win16/32 Executable Delphi generic (1.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1992:06:19 22:22:17+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 37888
InitializedDataSize: 25600
UninitializedDataSize: -
EntryPoint: 0x9c14
OSVersion: 1
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 12.50.2525.0
ProductVersionNumber: 12.50.2525.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: lrepacks.net
FileDescription: cFosSpeed Setup
FileVersion: 12.50.2525.0
LegalCopyright: Copyright 2007-2022 LRepacks
ProductName: cFosSpeed
ProductVersion: 12.50.2525
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
51
Monitored processes
14
Malicious processes
6
Suspicious processes
1

Behavior graph

Click at the process to see the details
start cfosspeed 12.50.2525.exe cfosspeed 12.50.2525.tmp setdrv.exe no specs setup.exe netsh.exe no specs wmpnscfg.exe no specs microsoftedgewebview2setup.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe cfosspeed 12.50.2525.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
328netsh int tcp show globalC:\Windows\System32\netsh.exesetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Network Command Shell
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
1132"C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserverC:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.187.39
1588"C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvcC:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.187.39
1660"C:\Program Files\Microsoft\Temp\EUCCB3.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"C:\Program Files\Microsoft\Temp\EUCCB3.tmp\MicrosoftEdgeUpdate.exeMicrosoftEdgeWebview2Setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update
Version:
1.3.187.39
1664C:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe /silent /installC:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update Setup
Version:
1.3.187.39
1816"C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODcuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xODcuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTVFMjgwMUEtOUMyNS00QzhDLTg1MzAtN0IyN0JERTM2RkFBfSIgdXNlcmlkPSJ7NEQ1RjZBQTEtOEYyNS00RDZBLUI1MzAtMjI1NjhFOEM0RkNCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins0M0U2N0UwQS1DRUMzLTRCRUMtQjAwRC04NUIwNTZENjk5MzB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iMyIgZGlza190eXBlPSIwIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4yNDU0NiIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4ODYiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRFTEwiIHByb2R1Y3RfbmFtZT0iREVMTCIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE3NS4yOSIgbmV4dHZlcnNpb249IjEuMy4xODcuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjExNjgyODkwNjI1IiBpbnN0YWxsX3RpbWVfbXM9Ijg5MSIvPjwvYXBwPjwvcmVxdWVzdD4C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.187.39
1852"C:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{E5E2801A-9C25-4C8C-8530-7B27BDE36FAA}" /silentC:\Program Files\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update
Version:
1.3.187.39
1864"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
2032"C:\Users\admin\AppData\Local\Temp\is-2DLKS.tmp\setdrv.exe"C:\Users\admin\AppData\Local\Temp\is-2DLKS.tmp\setdrv.execFosSpeed 12.50.2525.tmp
User:
admin
Integrity Level:
HIGH
Version:
3, 3, 6, 0
2040"C:\Users\admin\AppData\Local\Temp\is-2DLKS.tmp\cfsp\setup.exe"C:\Users\admin\AppData\Local\Temp\is-2DLKS.tmp\cfsp\setup.exe
cFosSpeed 12.50.2525.tmp
User:
admin
Company:
cFos Software GmbH
Integrity Level:
HIGH
Description:
cFosSpeed Installer
Version:
12.50.2525
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
312
Suspicious files
21
Text files
1 845
Unknown types
12

Dropped files

PID
Process
Filename
Type
4084cFosSpeed 12.50.2525.tmpC:\Users\admin\AppData\Local\Temp\is-2DLKS.tmp\cfsp\cfspdiml.txttext
MD5:4B26B566A65391650D74D95591668176
SHA256:6CCD720E17D6867CEFAB70056E4F6766654B34CF7A6189ACC9138D67FBC4CF09
4084cFosSpeed 12.50.2525.tmpC:\Users\admin\AppData\Local\Temp\is-2DLKS.tmp\WizardForm.BitmapImage1.bmpimage
MD5:48386BC24D46A3FAC0056AB765A597A1
SHA256:55E4D15D42D4983C2D3A4E0ABD07EFF703929FAE4DD33115F008BE346D501036
4084cFosSpeed 12.50.2525.tmpC:\Users\admin\AppData\Local\Temp\is-2DLKS.tmp\VclStylesInno.dllexecutable
MD5:B0CA93CEB050A2FEFF0B19E65072BBB5
SHA256:0E93313F42084D804B9AC4BE53D844E549CFCAF19E6F276A3B0F82F01B9B2246
4084cFosSpeed 12.50.2525.tmpC:\Users\admin\AppData\Local\Temp\is-2DLKS.tmp\cfsp\is-286VP.tmptext
MD5:4B26B566A65391650D74D95591668176
SHA256:6CCD720E17D6867CEFAB70056E4F6766654B34CF7A6189ACC9138D67FBC4CF09
4084cFosSpeed 12.50.2525.tmpC:\Users\admin\AppData\Local\Temp\is-2DLKS.tmp\cfsp\is-6M1JF.tmptext
MD5:D5A84EF1B9607184B8B6CE59565FF813
SHA256:AF0C92C9A299D4A22B4661C69DF00DA6C2071A980E2C09AF4D3841E6AEEBF06E
4084cFosSpeed 12.50.2525.tmpC:\Users\admin\AppData\Local\Temp\is-2DLKS.tmp\_isetup\_RegDLL.tmpexecutable
MD5:0EE914C6F0BB93996C75941E1AD629C6
SHA256:4DC09BAC0613590F1FAC8771D18AF5BE25A1E1CB8FDBF4031AA364F3057E74A2
4084cFosSpeed 12.50.2525.tmpC:\Users\admin\AppData\Local\Temp\is-2DLKS.tmp\MetroBlue.vsfbinary
MD5:295D085196B3DA13BFCD53373F82F8EE
SHA256:CBDC95EB9E7269E0C3E3BDDFD37B0918962795D80BDBA932E46EA16FF5E6CDBF
4084cFosSpeed 12.50.2525.tmpC:\Users\admin\AppData\Local\Temp\is-2DLKS.tmp\cfsp\license_webview2.txttext
MD5:89AC2D3232149F6C00251DE9162FA6E3
SHA256:0AF8F1B807512AAE39C2AC1AA4D0CAE65CABECB6FD554B8439A5162A0D6ECA55
4084cFosSpeed 12.50.2525.tmpC:\Users\admin\AppData\Local\Temp\is-2DLKS.tmp\cfsp\header.bmpimage
MD5:8FB2A410835863C2355D2B6F24D90F70
SHA256:92835B87A720F6BF939A87FEA3906AD123A1D3F2E3AC45795D679481C0FDC634
4084cFosSpeed 12.50.2525.tmpC:\Users\admin\AppData\Local\Temp\is-2DLKS.tmp\cfsp\is-7RL7Q.tmptext
MD5:6F5482D19B8069919BD34B3647AA2690
SHA256:56A3CC70CF350D90D3AF10B7CC562CAB76E272A3AF9E93F203C5CDE4BEE41421
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
18
DNS requests
9
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2040
setup.exe
GET
301
23.214.121.169:80
http://go.microsoft.com/fwlink/p/?LinkId=2124703
unknown
unknown
1816
MicrosoftEdgeUpdate.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
unknown
2040
setup.exe
GET
200
2.19.122.202:80
http://msedge.sf.dl.delivery.mp.microsoft.com/filestreamingservice/files/f9e20864-dafb-4728-8a89-5879d36301b7/MicrosoftEdgeWebview2Setup.exe
unknown
unknown
884
svchost.exe
HEAD
200
199.232.214.172:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d87a3bbd-7fe5-4ec3-b806-293cca78b363?P1=1717550895&P2=404&P3=2&P4=PcEGM6egcAVk2thuswLXomi1%2bpUxaCB8YPw8YZRarR1YUXvFJ86uEP2l2oI%2ftRjiBJWJm%2fn8D44uaM%2bc9EXW1Q%3d%3d
unknown
unknown
1816
MicrosoftEdgeUpdate.exe
GET
304
199.232.210.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?bb849f2003417ceb
unknown
unknown
884
svchost.exe
GET
199.232.214.172:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/d87a3bbd-7fe5-4ec3-b806-293cca78b363?P1=1717550895&P2=404&P3=2&P4=PcEGM6egcAVk2thuswLXomi1%2bpUxaCB8YPw8YZRarR1YUXvFJ86uEP2l2oI%2ftRjiBJWJm%2fn8D44uaM%2bc9EXW1Q%3d%3d
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
2040
setup.exe
23.214.121.169:443
go.microsoft.com
AKAMAI-AS
GB
unknown
2040
setup.exe
2.19.122.202:443
msedge.sf.dl.delivery.mp.microsoft.com
Akamai International B.V.
DE
unknown
2040
setup.exe
23.214.121.169:80
go.microsoft.com
AKAMAI-AS
GB
unknown
2040
setup.exe
2.19.122.202:80
msedge.sf.dl.delivery.mp.microsoft.com
Akamai International B.V.
DE
unknown
1816
MicrosoftEdgeUpdate.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2240
MicrosoftEdgeUpdate.exe
20.7.47.135:443
msedge.api.cdp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown

DNS requests

Domain
IP
Reputation
cfos.de
unknown
go.microsoft.com
  • 23.214.121.169
whitelisted
msedge.sf.dl.delivery.mp.microsoft.com
  • 2.19.122.202
  • 2.19.122.201
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
msedge.api.cdp.microsoft.com
  • 20.7.47.135
whitelisted
self.events.data.microsoft.com
  • 20.50.73.10
whitelisted
ctldl.windowsupdate.com
  • 199.232.210.172
  • 199.232.214.172
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
msedge.f.tlu.dl.delivery.mp.microsoft.com
  • 199.232.214.172
  • 199.232.210.172
whitelisted

Threats

PID
Process
Class
Message
2040
setup.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
884
svchost.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Process
Message
setup.exe
Unable to open device 'CFOSSPEED$D'.
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
cFosSpeed 12.50.2525.exe