| File name: | visus808.zip |
| Full analysis: | https://app.any.run/tasks/a4347a94-51dd-406f-96bc-eafbce71726d |
| Verdict: | Malicious activity |
| Threats: | Ransomware is a type of malicious software that locks users out of their system or data using different methods to force them to pay a ransom. Most often, such programs encrypt files on an infected machine and demand a fee to be paid in exchange for the decryption key. Additionally, such programs can be used to steal sensitive information from the compromised computer and even conduct DDoS attacks against affected organizations to pressure them into paying. |
| Analysis date: | November 28, 2023, 12:23:26 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Tags: | |
| Indicators: | |
| MIME: | application/zip |
| File info: | Zip archive data, at least v2.0 to extract |
| MD5: | EB299415A6E71BD37D445E98846818A4 |
| SHA1: | 4280920B500E17B8CBFCECC898D9558901A6A436 |
| SHA256: | 042C1EEC17FE3E40D8029DFBD6054AB13C51AE7ABE81CA6D77DFEDE1FBE6DD1E |
| SSDEEP: | 98304:ZFkoTFiR9vHMjMcKCvmJGs3Q+bmTKfKBls38V/LsTdmZPNPnpakNTOjZw4oVbhYK:HMs5w4LKAdg+tZZjr/ |
MALICIOUS
Drops the executable file immediately after the start
- setup.exe (PID: 2432)
- Setup1.exe (PID: 2204)
- Setup.exe (PID: 4076)
- CCleaner.exe (PID: 1864)
- CCleaner.exe (PID: 2940)
- msiexec.exe (PID: 3364)
Create files in the Startup directory
- setup.exe (PID: 2432)
Creates a writable file in the system directory
- setup.exe (PID: 2432)
Actions looks like stealing of personal data
- CCleaner.exe (PID: 1864)
- CCleaner.exe (PID: 2940)
Steals credentials from Web Browsers
- CCleaner.exe (PID: 1864)
- CCleaner.exe (PID: 2940)
SUSPICIOUS
Creates files like ransomware instruction
- WinRAR.exe (PID: 2692)
Process drops legitimate windows executable
- WinRAR.exe (PID: 2692)
- setup.exe (PID: 2432)
- Setup.exe (PID: 4076)
Searches for installed software
- Setup1.exe (PID: 2204)
- dllhost.exe (PID: 2892)
- Setup.exe (PID: 4076)
- CCleaner.exe (PID: 2940)
- CCleaner.exe (PID: 1864)
Reads settings of System Certificates
- Setup.exe (PID: 4076)
- CCleaner.exe (PID: 2940)
- CCleaner.exe (PID: 1864)
Checks Windows Trust Settings
- Setup.exe (PID: 4076)
- CCleaner.exe (PID: 2940)
- CCleaner.exe (PID: 1864)
Reads security settings of Internet Explorer
- Setup.exe (PID: 4076)
- CCleaner.exe (PID: 2940)
- CCleaner.exe (PID: 1864)
Reads the Internet Settings
- Setup.exe (PID: 4076)
- CCleaner.exe (PID: 3912)
- CCleaner.exe (PID: 3540)
- CCleaner.exe (PID: 2940)
- CCleaner.exe (PID: 1864)
Executes as Windows Service
- VSSVC.exe (PID: 3716)
Application launched itself
- CCleaner.exe (PID: 3912)
- CCleaner.exe (PID: 3540)
Reads Internet Explorer settings
- CCleaner.exe (PID: 1864)
- CCleaner.exe (PID: 2940)
Reads the Windows owner or organization settings
- msiexec.exe (PID: 3364)
Reads Microsoft Outlook installation path
- CCleaner.exe (PID: 1864)
- CCleaner.exe (PID: 2940)
INFO
Reads the computer name
- wmpnscfg.exe (PID: 2848)
- setup.exe (PID: 2432)
- Setup1.exe (PID: 2204)
- visustin.exe (PID: 3856)
- CCleaner.exe (PID: 3540)
- CCleaner.exe (PID: 3912)
- Setup.exe (PID: 4076)
- CCleaner.exe (PID: 1864)
- msiexec.exe (PID: 3364)
- CCleaner.exe (PID: 2940)
- msiexec.exe (PID: 2584)
- wmpnscfg.exe (PID: 4956)
Manual execution by a user
- wmpnscfg.exe (PID: 2848)
- setup.exe (PID: 1444)
- setup.exe (PID: 2432)
- visustin.exe (PID: 3856)
- WINWORD.EXE (PID: 2316)
- WINWORD.EXE (PID: 3288)
- WINWORD.EXE (PID: 3624)
- CCleaner.exe (PID: 3912)
- CCleaner.exe (PID: 3540)
- msedge.exe (PID: 3008)
- AcroRd32.exe (PID: 148)
- wmpnscfg.exe (PID: 4956)
Checks supported languages
- wmpnscfg.exe (PID: 2848)
- setup.exe (PID: 2432)
- Setup1.exe (PID: 2204)
- Setup.exe (PID: 4076)
- visustin.exe (PID: 3856)
- CCleaner.exe (PID: 3540)
- CCleaner.exe (PID: 3912)
- msiexec.exe (PID: 3364)
- CCleaner.exe (PID: 2940)
- CCleaner.exe (PID: 1864)
- msiexec.exe (PID: 2584)
- wmpnscfg.exe (PID: 4956)
Reads the machine GUID from the registry
- wmpnscfg.exe (PID: 2848)
- Setup1.exe (PID: 2204)
- visustin.exe (PID: 3856)
- Setup.exe (PID: 4076)
- CCleaner.exe (PID: 1864)
- CCleaner.exe (PID: 2940)
- msiexec.exe (PID: 3364)
- msiexec.exe (PID: 2584)
- wmpnscfg.exe (PID: 4956)
Drops the executable file immediately after the start
- WinRAR.exe (PID: 2692)
- RdrCEF.exe (PID: 448)
Create files in a temporary directory
- setup.exe (PID: 2432)
- Setup1.exe (PID: 2204)
- visustin.exe (PID: 3856)
- Setup.exe (PID: 4076)
Creates files or folders in the user directory
- setup.exe (PID: 2432)
- visustin.exe (PID: 3856)
- CCleaner.exe (PID: 2940)
- CCleaner.exe (PID: 1864)
Creates files in the program directory
- Setup1.exe (PID: 2204)
- CCleaner.exe (PID: 1864)
Reads Microsoft Office registry keys
- Setup.exe (PID: 4076)
- msiexec.exe (PID: 3364)
Reads Environment values
- CCleaner.exe (PID: 3540)
- CCleaner.exe (PID: 3912)
- CCleaner.exe (PID: 2940)
- CCleaner.exe (PID: 1864)
Reads CPU info
- CCleaner.exe (PID: 2940)
- CCleaner.exe (PID: 1864)
Reads product name
- CCleaner.exe (PID: 1864)
- CCleaner.exe (PID: 2940)
Application launched itself
- msedge.exe (PID: 3008)
- msiexec.exe (PID: 3364)
- AcroRd32.exe (PID: 148)
- RdrCEF.exe (PID: 448)
Checks proxy server information
- CCleaner.exe (PID: 2940)
- CCleaner.exe (PID: 1864)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .zip | | | ZIP compressed archive (100) |
|---|
EXIF
ZIP
| ZipRequiredVersion: | 20 |
|---|---|
| ZipBitFlag: | - |
| ZipCompression: | Deflated |
| ZipModifyDate: | 2016:11:05 11:07:26 |
| ZipCRC: | 0x2e912f1d |
| ZipCompressedSize: | 3798 |
| ZipUncompressedSize: | 9775 |
| ZipFileName: | license.txt |
Total processes
102
Monitored processes
43
Malicious processes
8
Suspicious processes
1
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 148 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | explorer.exe | ||||||||||||
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe Acrobat Reader DC Exit code: 0 Version: 20.13.20064.405839 Modules
| |||||||||||||||
| 448 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | AcroRd32.exe | ||||||||||||
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe RdrCEF Exit code: 0 Version: 20.13.20064.405839 Modules
| |||||||||||||||
| 1088 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1156,1453779040297304358,3571996932041001642,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=11667735053350490858 --mojo-platform-channel-handle=1212 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | — | RdrCEF.exe | |||||||||||
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe RdrCEF Exit code: 1 Version: 20.13.20064.405839 Modules
| |||||||||||||||
| 1364 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1156,1453779040297304358,3571996932041001642,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-gpu-compositing --lang=en-US --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7995584911506000907 --renderer-client-id=6 --mojo-platform-channel-handle=1500 --allow-no-sandbox-job /prefetch:1 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | — | RdrCEF.exe | |||||||||||
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe RdrCEF Exit code: 0 Version: 20.13.20064.405839 Modules
| |||||||||||||||
| 1416 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2276 --field-trial-handle=1400,i,2376815059249479714,4443376142882865717,131072 /prefetch:1 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
| 1444 | "C:\Users\admin\Desktop\setup.exe" | C:\Users\admin\Desktop\setup.exe | — | explorer.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Setup Bootstrap for Visual Basic Setup Toolkit Exit code: 3221226540 Version: 6.00.9782 Modules
| |||||||||||||||
| 1612 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xdc,0x5db9f598,0x5db9f5a8,0x5db9f5b4 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
| 1864 | "C:\Program Files\CCleaner\CCleaner.exe" /uac | C:\Program Files\CCleaner\CCleaner.exe | CCleaner.exe | ||||||||||||
User: admin Company: Piriform Software Ltd Integrity Level: HIGH Description: CCleaner Exit code: 0 Version: 6.14.0.10584 Modules
| |||||||||||||||
| 1948 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1156,1453779040297304358,3571996932041001642,131072 --disable-features=NetworkService,VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/20.13.20064 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAADgACAgAQAAAAAAAAAAAGAAAAAAABAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=11855406857659894090 --mojo-platform-channel-handle=1208 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2 | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | — | RdrCEF.exe | |||||||||||
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe RdrCEF Exit code: 1 Version: 20.13.20064.405839 Modules
| |||||||||||||||
| 1992 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1400,i,2376815059249479714,4443376142882865717,131072 /prefetch:1 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
Total events
69 230
Read events
68 124
Write events
777
Delete events
329
Modification events
| (PID) Process: | (2692) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\17F\52C64B7E |
| Operation: | write | Name: | LanguageList |
Value: en-US | |||
| (PID) Process: | (2692) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
| (PID) Process: | (2692) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
| (PID) Process: | (2692) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 0 |
Value: C:\Users\admin\Desktop\phacker.zip | |||
| (PID) Process: | (2692) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | name |
Value: 120 | |||
| (PID) Process: | (2692) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | size |
Value: 80 | |||
| (PID) Process: | (2692) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | type |
Value: 120 | |||
| (PID) Process: | (2692) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | mtime |
Value: 100 | |||
| (PID) Process: | (2848) wmpnscfg.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{4D7A1E58-76A4-4897-A544-BEC7FEE9603E}\{54CF9944-C7E5-40EF-8CDC-DCEB6F9A20E9} |
| Operation: | delete key | Name: | (default) |
Value: | |||
| (PID) Process: | (2848) wmpnscfg.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{4D7A1E58-76A4-4897-A544-BEC7FEE9603E} |
| Operation: | delete key | Name: | (default) |
Value: | |||
Executable files
77
Suspicious files
1 107
Text files
64
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2692 | WinRAR.exe | C:\Users\admin\Desktop\visustin.CAB | — | |
MD5:— | SHA256:— | |||
| 2432 | setup.exe | C:\WINDOWS\visustin.CAB | — | |
MD5:— | SHA256:— | |||
| 2692 | WinRAR.exe | C:\Users\admin\Desktop\license.txt | text | |
MD5:546A53E96B0BBE94985BD6626432B557 | SHA256:80140057227CF732E3482A8606E7FB15EAD226EC79D3D52C78BF27B4B864218A | |||
| 2432 | setup.exe | C:\WINDOWS\ST6UNST.000 | text | |
MD5:9940604D92C6460226F33C3EFF667846 | SHA256:A60E84F4CE6F1FC0742D797571F89FB9D329603BDC0C4021E20ABF1E4729F5C6 | |||
| 2432 | setup.exe | C:\WINDOWS\temp.000 | executable | |
MD5:231B64E93495E236493CAD77D1E79BA3 | SHA256:1690431CD28081BFBF186CA92600B1AD73E2F70CFA2D00E338D15A36A035D57A | |||
| 2432 | setup.exe | C:\WINDOWS\SETUP.LST | ini | |
MD5:6580BE5EA8BA136D2EE1F7C0FF500A4F | SHA256:739A6715E47830833BAB9F16AFB1E926E7EFDF39E314A175B96B38B255A2D96A | |||
| 2692 | WinRAR.exe | C:\Users\admin\Desktop\Setup.Lst | ini | |
MD5:6580BE5EA8BA136D2EE1F7C0FF500A4F | SHA256:739A6715E47830833BAB9F16AFB1E926E7EFDF39E314A175B96B38B255A2D96A | |||
| 2432 | setup.exe | C:\Users\admin\AppData\Local\Temp\msftqws.pdw\st6unst.exe | executable | |
MD5:231B64E93495E236493CAD77D1E79BA3 | SHA256:1690431CD28081BFBF186CA92600B1AD73E2F70CFA2D00E338D15A36A035D57A | |||
| 2432 | setup.exe | C:\Windows\ST6UNST.EXE | executable | |
MD5:231B64E93495E236493CAD77D1E79BA3 | SHA256:1690431CD28081BFBF186CA92600B1AD73E2F70CFA2D00E338D15A36A035D57A | |||
| 2692 | WinRAR.exe | C:\Users\admin\Desktop\readme.txt | text | |
MD5:6AE9CA54BDE195082C74D5DEE012A7CA | SHA256:2C707D563FC9F556F0D7FC6DD62088849DBDEF2CEFE7E196E651434F8D9C6EB5 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
24
TCP/UDP connections
67
DNS requests
69
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
2940 | CCleaner.exe | GET | 200 | 2.19.126.75:80 | http://ncc.avast.com/ncc.txt | unknown | text | 26 b | unknown |
1864 | CCleaner.exe | GET | 200 | 2.19.126.75:80 | http://ncc.avast.com/ncc.txt | unknown | text | 26 b | unknown |
2940 | CCleaner.exe | GET | 200 | 87.248.204.0:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c14e5796731a36d8 | unknown | compressed | 4.66 Kb | unknown |
1864 | CCleaner.exe | GET | 200 | 87.248.204.0:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3a2ec6c4922a44de | unknown | compressed | 4.66 Kb | unknown |
2940 | CCleaner.exe | GET | 200 | 87.248.204.0:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9e0a7fd0850e2c5a | unknown | compressed | 4.66 Kb | unknown |
2940 | CCleaner.exe | GET | 200 | 142.250.186.163:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | unknown | binary | 1.41 Kb | unknown |
2940 | CCleaner.exe | GET | 200 | 142.250.186.163:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIAjrICMzZli2TN25s%3D | unknown | binary | 724 b | unknown |
2940 | CCleaner.exe | GET | 200 | 142.250.186.163:80 | http://ocsp.pki.goog/s/gts1d4/HCBR1rPY_zA/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSMBFDqU0NJQdZdEGU3bkhj0FoRrQQUJeIYDrJXkZQq5dRdhpCD3lOzuJICEQCuJrycnyDuAAkjSCsH18s3 | unknown | binary | 472 b | unknown |
1864 | CCleaner.exe | GET | 200 | 87.248.204.0:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?7104e14b84309bfd | unknown | compressed | 4.66 Kb | unknown |
1864 | CCleaner.exe | GET | 200 | 87.248.204.0:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?1227cc0b93237e48 | unknown | compressed | 4.66 Kb | unknown |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
868 | svchost.exe | 95.101.148.135:80 | armmf.adobe.com | Akamai International B.V. | NL | unknown |
1864 | CCleaner.exe | 2.19.126.75:80 | ncc.avast.com | Akamai International B.V. | DE | unknown |
2940 | CCleaner.exe | 2.19.126.75:80 | ncc.avast.com | Akamai International B.V. | DE | unknown |
3008 | msedge.exe | 239.255.255.250:1900 | — | — | — | unknown |
2940 | CCleaner.exe | 34.117.223.223:443 | analytics.ff.avast.com | GOOGLE-CLOUD-PLATFORM | US | unknown |
1864 | CCleaner.exe | 34.117.223.223:443 | analytics.ff.avast.com | GOOGLE-CLOUD-PLATFORM | US | unknown |
3720 | msedge.exe | 13.107.42.16:443 | config.edge.skype.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | unknown |
3720 | msedge.exe | 204.79.197.203:443 | ntp.msn.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | unknown |
DNS requests
Domain | IP | Reputation |
|---|---|---|
armmf.adobe.com |
| whitelisted |
ncc.avast.com |
| whitelisted |
analytics.ff.avast.com |
| whitelisted |
config.edge.skype.com |
| whitelisted |
ntp.msn.com |
| whitelisted |
edge.microsoft.com |
| whitelisted |
assets.msn.com |
| whitelisted |
deff.nelreports.net |
| whitelisted |
img-s-msn-com.akamaized.net |
| whitelisted |
sb.scorecardresearch.com |
| shared |
Threats
Process | Message |
|---|---|
CCleaner.exe | [2023-11-28 12:26:44.251] [error ] [settings ] [ 2940: 2132] [6000C4: 356] Failed to get program directory
Exception: Unable to determine program folder of product 'piriform-cc'!
Code: 0x000000c0 (192)
|
CCleaner.exe | [2023-11-28 12:26:44.266] [error ] [settings ] [ 1864: 3848] [6000C4: 356] Failed to get program directory
Exception: Unable to determine program folder of product 'piriform-cc'!
Code: 0x000000c0 (192)
|
CCleaner.exe | Failed to open log file 'C:\Program Files\CCleaner' |
CCleaner.exe | Failed to open log file 'C:\Program Files\CCleaner' |
CCleaner.exe | OnLanguage - en
|
CCleaner.exe | OnLanguage - en
|
CCleaner.exe | [2023-11-28 12:26:46.579] [error ] [settings ] [ 2940: 3196] [9434E9: 359] Failed to get program directory
Exception: Unable to determine program folder of product 'piriform-cc'!
Code: 0x000000c0 (192)
|
CCleaner.exe | [2023-11-28 12:26:46.594] [error ] [settings ] [ 1864: 3036] [9434E9: 359] Failed to get program directory
Exception: Unable to determine program folder of product 'piriform-cc'!
Code: 0x000000c0 (192)
|
CCleaner.exe | [2023-11-28 12:26:46.626] [error ] [Burger ] [ 2940: 3196] [FDA25D: 244] [23.1.806.0] [BurgerReporter.cpp] [244] asw::standalone_svc::BurgerReporter::BurgerSwitch: Could not read property BURGER_SETTINGS_PANCAKE_HOSTNAME (0x00000003)
|
CCleaner.exe | [2023-11-28 12:26:46.626] [error ] [Burger ] [ 2940: 3196] [FDA25D: 244] [23.1.806.0] [BurgerReporter.cpp] [244] asw::standalone_svc::BurgerReporter::BurgerSwitch: Could not read property BURGER_SETTINGS_PANCAKE_HOSTNAME (0x00000003)
|