File name:

clumsy.exe

Full analysis: https://app.any.run/tasks/227e3498-edad-4670-8fdb-a5aff3a58e54
Verdict: Malicious activity
Analysis date: May 16, 2024, 04:44:44
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
evasion
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

63301223A62C1378E9C47A9F5734D9FF

SHA1:

441F81B8DB2576210791D0D6DD041574C98E76A9

SHA256:

0E3CE3C421D86E16CF996FD537F290BE1135A856E24F5AFB1F7C3BCAC2DE7DCA

SSDEEP:

49152:CSuRPQICzaJ+MoLrtKqYbrt29JwU+ugvhtxEIrch/mUc:CSuRPQxzaJ+ZtKqYbrt2TKugptxEIrch

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • clumsy.exe (PID: 3980)
      • CCleaner.exe (PID: 308)

    • Actions looks like stealing of personal data

      • CCleaner.exe (PID: 308)

    • Steals credentials from Web Browsers

      • CCleaner.exe (PID: 308)

  • SUSPICIOUS

    • The process executes via Task Scheduler

      • CCleaner.exe (PID: 308)

    • Reads Internet Explorer settings

      • CCleaner.exe (PID: 308)

    • Executable content was dropped or overwritten

      • CCleaner.exe (PID: 308)

    • Checks Windows Trust Settings

      • CCleaner.exe (PID: 308)

    • Reads security settings of Internet Explorer

      • CCleaner.exe (PID: 308)

    • Reads settings of System Certificates

      • CCleaner.exe (PID: 308)

    • Reads the Internet Settings

      • CCleaner.exe (PID: 308)

    • Searches for installed software

      • CCleaner.exe (PID: 308)

    • Reads the date of Windows installation

      • CCleaner.exe (PID: 308)

    • Reads Microsoft Outlook installation path

      • CCleaner.exe (PID: 308)

    • Checks for external IP

      • CCleaner.exe (PID: 308)

  • INFO

    • Checks supported languages

      • CCleaner.exe (PID: 1292)
      • CCleaner.exe (PID: 308)
      • wmpnscfg.exe (PID: 2332)

    • Reads Environment values

      • CCleaner.exe (PID: 308)
      • CCleaner.exe (PID: 1292)

    • Manual execution by a user

      • explorer.exe (PID: 4008)
      • CCleaner.exe (PID: 1292)
      • wmpnscfg.exe (PID: 2332)

    • Reads CPU info

      • CCleaner.exe (PID: 308)

    • Reads the computer name

      • CCleaner.exe (PID: 308)
      • CCleaner.exe (PID: 1292)
      • wmpnscfg.exe (PID: 2332)

    • Reads the machine GUID from the registry

      • CCleaner.exe (PID: 308)

    • Reads product name

      • CCleaner.exe (PID: 308)

    • Creates files in the program directory

      • CCleaner.exe (PID: 308)

    • Reads the software policy settings

      • CCleaner.exe (PID: 308)

    • Checks proxy server information

      • CCleaner.exe (PID: 308)

    • Creates files or folders in the user directory

      • CCleaner.exe (PID: 308)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:01:12 13:36:59+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 905216
InitializedDataSize: 723968
UninitializedDataSize: -
EntryPoint: 0x1150
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
5
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start clumsy.exe no specs explorer.exe no specs ccleaner.exe no specs ccleaner.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
308"C:\Program Files\CCleaner\CCleaner.exe" /uacC:\Program Files\CCleaner\CCleaner.exe
taskeng.exe
User:
admin
Company:
Piriform Software Ltd
Integrity Level:
HIGH
Description:
CCleaner
Version:
6.14.0.10584
Modules
Images
c:\program files\ccleaner\ccleaner.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\nsi.dll
c:\windows\system32\advapi32.dll
1292"C:\Program Files\CCleaner\CCleaner.exe" C:\Program Files\CCleaner\CCleaner.exeexplorer.exe
User:
admin
Company:
Piriform Software Ltd
Integrity Level:
MEDIUM
Description:
CCleaner
Exit code:
0
Version:
6.14.0.10584
Modules
Images
c:\program files\ccleaner\ccleaner.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\nsi.dll
c:\windows\system32\advapi32.dll
2332"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3980"C:\Users\admin\AppData\Local\Temp\clumsy.exe" C:\Users\admin\AppData\Local\Temp\clumsy.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221225781
Modules
Images
c:\users\admin\appdata\local\temp\clumsy.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
4008"C:\Windows\explorer.exe" C:\Windows\explorer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
16 564
Read events
16 325
Write events
166
Delete events
73

Modification events

(PID) Process:(308) CCleaner.exeKey:HKEY_CURRENT_USER\Software\Piriform\CCleaner
Operation:writeName:DAST
Value:
05/16/2024 05:45:42
(PID) Process:(308) CCleaner.exeKey:HKEY_CURRENT_USER\Software\Piriform\CCleaner
Operation:writeName:T8062
Value:
0
(PID) Process:(308) CCleaner.exeKey:HKEY_CURRENT_USER\Software\Piriform\CCleaner
Operation:writeName:UpdateBackground
Value:
0
(PID) Process:(308) CCleaner.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(308) CCleaner.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates
Operation:delete valueName:9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Value:
(PID) Process:(308) CCleaner.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
0F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D80300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB6200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(308) CCleaner.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
1400000001000000140000005D6CA352CEFC713CBBC5E21F663C3639FD19D4D70300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB60F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D8200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(308) CCleaner.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates\9F6134C5FA75E4FDDE631B232BE961D6D4B97DB6
Operation:writeName:Blob
Value:
190000000100000010000000BCC80DAA2F98A4692805BFF4CBB372EB0F00000001000000200000009065F32AFC2CFEA7F452D2D6BE94D20C877EFC1C05433D9935696193FDCC05D80300000001000000140000009F6134C5FA75E4FDDE631B232BE961D6D4B97DB61400000001000000140000005D6CA352CEFC713CBBC5E21F663C3639FD19D4D7200000000100000047030000308203433082022BA00302010202147327B7C17D5AE708EF73F1F45A79D78B4E99A29F300D06092A864886F70D01010B05003031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C084469676943657274301E170D3233303932393130353030335A170D3339303530383130353030335A3031310B3009060355040613025553310F300D06035504080C06426F73746F6E3111300F060355040A0C08446967694365727430820122300D06092A864886F70D01010105000382010F003082010A0282010100D91B7A55548F44F3E97C493153B75B055695736B184640D7335A2E6218083B5A1BEE2695209350E57A3EB76FBC604CB3B250DF3D9D0C560D1FBDFE30108D233A3C555100BE1A3F8E543C0B253E06E91B6D5F9CB3A093009BC8B4D3A0EB19DB59E56DA7E3D637847970D6C2AEB4A1FCF3896A7C080FE68759BAA62E6AAA8B7C7CBDA176DDC72F8D259A16D3469E31F19D2959904611D730D7D26FCFED789A0C49698FDFABF3F6727D08C61A073BB11E85C96486D49B0E0D38364C008A5EB964F8813C5DF004F9E76D2F8DB90702D800032674959BF0DF823785419101CEA928A10ACBAE7E48FE19202F3CB7BCF416476D17CB64C5570FCED443BD75D9F2C632FF0203010001A3533051301D0603551D0E041604145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7301F0603551D230418301680145D6CA352CEFC713CBBC5E21F663C3639FD19D4D7300F0603551D130101FF040530030101FF300D06092A864886F70D01010B05000382010100AF2218E4CA18144728FCC76EA14958061522FD4A018BED1A4BFCC5CCE70BC6AE9DF7D3795C9A010D53628E2B6E7C10D6B07E53546235A5EE480E5A434E312154BF1E39AAC27D2C18D4F41CBBECFE4538CEF93EF62C17D187A7F720F4A9478410D09620C9F8B293B5786A5440BC0743B7B7753CF66FBA498B7E083BC267597238DC031B9BB131F997D9B8164AAED0D6E328420E53E1969DA6CD035078179677A7177BB2BF9C87CF592910CD380E8501B92040A39469C782BA383BEAE498C060FCC7C429BC10B7B6B7A0659C9BE03DC13DB46C638CF5E3B22A303726906DC8DD91C64501EBFC282A3A497EC430CACC066EE4BF9C5C8F2F2A05D0C1921A9E3E85E3
(PID) Process:(308) CCleaner.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
Operation:writeName:SystemRestorePointCreationFrequency
Value:
0
(PID) Process:(308) CCleaner.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:CCleaner PostInstall
Value:
Executable files
3
Suspicious files
23
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
308CCleaner.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\NHFLEY7KD7YBAM9USC3I.temp
MD5:
SHA256:
308CCleaner.exeC:\Program Files\CCleaner\gcapi_1715834743308.dllexecutable
MD5:F637D5D3C3A60FDDB5DD397556FE9B1D
SHA256:641B843CB6EE7538EC267212694C9EF0616B9AC9AB14A0ABD7CF020678D50B02
308CCleaner.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04binary
MD5:0415E1902DD2DCD188C4D36FBEE8C211
SHA256:37A61D154F32DC8EF4624BA2378C5105F5A8FC7ADB57A75AFBBD1409F5E37E98
308CCleaner.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ed7a5cc3cca8d52a.customDestinations-msbinary
MD5:CBF0F52AC6FD7A2E9D8EB64B2B6728C7
SHA256:20391105004D39625A5AD6A200F58BB8B71A99159AD1A18D1F8FCC9432B8D572
308CCleaner.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:75A0E07427F7B9386337F839F948407B
SHA256:5779F78D4AB02FCB91B29CD6D79F8DCE6D776BE256128DE81CD37D36312FE05A
308CCleaner.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_45E3C223BCF135987E4038FB6B0DBA13binary
MD5:037AE8164352CA91E80AD33054D1906D
SHA256:07C018EB07002663D5248DAA8A65EAF587955E3DB45735E7E3AC9CB13D7D664E
308CCleaner.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\73A7CE7FFE428EB1CC2BC9DB2A18258F_88F92F570A1D460860966FDAC0BB5D34binary
MD5:13B56F6CDF76FDA23ED87078D3C1ED1E
SHA256:2A6596740563FC70044BD25E328A640050368A5D25CD83289854D38CBDA26813
308CCleaner.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\54FEBB76D3CE3919B47C90576AFBACB9_69772B4E79B356474E49AA786E9D5935der
MD5:8723194141D44094F8BEEBB1EEA8A5EA
SHA256:6B763B77849CFA1BEA20635F2423402D7F129FD9401601A6413F3A1B88262707
308CCleaner.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8C261816D8553C1624AEA5E26C220698_DE9FE93EB8DF628AD4953838AEE1237Abinary
MD5:146571977510F48691F048C777C8864E
SHA256:642A1936E61ADB2D4A51FE8FA77755D92AC6040BF4326211A474262123111CE9
308CCleaner.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\info[1].jsonbinary
MD5:724CF622117ED898581B76A1B8279659
SHA256:7880862B6A6D07F393B82C7438E5A921F47D66EC484BA2F437A82517A545EF69
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
19
DNS requests
15
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
308
CCleaner.exe
GET
200
2.16.164.40:80
http://ncc.avast.com/ncc.txt
unknown
unknown
308
CCleaner.exe
GET
304
95.101.54.121:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6471a0cca3c363e0
unknown
unknown
308
CCleaner.exe
GET
304
95.101.54.113:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6672a0c11ac37db6
unknown
unknown
308
CCleaner.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
unknown
308
CCleaner.exe
GET
200
142.250.181.227:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
unknown
308
CCleaner.exe
GET
200
142.250.181.227:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIAjrICMzZli2TN25s%3D
unknown
unknown
308
CCleaner.exe
GET
200
142.250.181.227:80
http://ocsp.pki.goog/s/gts1d4/5DxBwTCF08g/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSMBFDqU0NJQdZdEGU3bkhj0FoRrQQUJeIYDrJXkZQq5dRdhpCD3lOzuJICEHfd%2BYJXFoj1CbMBkm%2FoAe4%3D
unknown
unknown
308
CCleaner.exe
GET
200
142.250.181.227:80
http://ocsp.pki.goog/s/gts1d4/gnsqRwyByMM/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSMBFDqU0NJQdZdEGU3bkhj0FoRrQQUJeIYDrJXkZQq5dRdhpCD3lOzuJICEQDjr%2FaO77sJZwqcOJfYDI%2Fi
unknown
unknown
308
CCleaner.exe
GET
200
142.250.181.227:80
http://ocsp.pki.goog/s/gts1d4/m3EFeOCs-5c/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSMBFDqU0NJQdZdEGU3bkhj0FoRrQQUJeIYDrJXkZQq5dRdhpCD3lOzuJICEDOmEiBDLf4mCj1dhVB77ps%3D
unknown
unknown
308
CCleaner.exe
GET
200
142.250.181.227:80
http://ocsp.pki.goog/s/gts1d4/cNag_9NZQXw/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSMBFDqU0NJQdZdEGU3bkhj0FoRrQQUJeIYDrJXkZQq5dRdhpCD3lOzuJICEQCDWDmf4XmFvBJNZm86rLoj
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
unknown
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
308
CCleaner.exe
2.16.164.40:80
ncc.avast.com
Akamai International B.V.
NL
unknown
308
CCleaner.exe
34.117.223.223:443
analytics.ff.avast.com
GOOGLE-CLOUD-PLATFORM
US
unknown
308
CCleaner.exe
34.149.149.62:443
ip-info.ff.avast.com
GOOGLE
US
unknown
308
CCleaner.exe
34.160.176.28:443
shepherd.ff.avast.com
GOOGLE
US
unknown
308
CCleaner.exe
2.19.225.128:443
www.ccleaner.com
AKAMAI-AS
FR
unknown
308
CCleaner.exe
95.101.54.121:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
308
CCleaner.exe
95.101.54.113:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
ncc.avast.com
  • 2.16.164.40
  • 2.16.164.65
whitelisted
analytics.ff.avast.com
  • 34.117.223.223
whitelisted
ip-info.ff.avast.com
  • 34.149.149.62
whitelisted
www.ccleaner.com
  • 2.19.225.128
whitelisted
shepherd.ff.avast.com
  • 34.160.176.28
whitelisted
ipm-provider.ff.avast.com
  • 34.111.24.1
whitelisted
ctldl.windowsupdate.com
  • 95.101.54.113
  • 95.101.54.121
whitelisted
ocsp.pki.goog
  • 142.250.181.227
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
ipmcdn.avast.com
  • 23.199.222.253
whitelisted

Threats

PID
Process
Class
Message
1088
svchost.exe
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
308
CCleaner.exe
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
Process
Message
CCleaner.exe
[2024-05-16 04:45:42.517] [error ] [settings ] [ 308: 304] [6000C4: 356] Failed to get program directory Exception: Unable to determine program folder of product 'piriform-cc'! Code: 0x000000c0 (192)
CCleaner.exe
Failed to open log file 'C:\Program Files\CCleaner'
CCleaner.exe
OnLanguage - en
CCleaner.exe
[2024-05-16 04:45:43.813] [error ] [settings ] [ 308: 1660] [9434E9: 359] Failed to get program directory Exception: Unable to determine program folder of product 'piriform-cc'! Code: 0x000000c0 (192)
CCleaner.exe
[2024-05-16 04:45:43.845] [error ] [Burger ] [ 308: 1660] [FDA25D: 244] [23.1.806.0] [BurgerReporter.cpp] [244] asw::standalone_svc::BurgerReporter::BurgerSwitch: Could not read property BURGER_SETTINGS_PANCAKE_HOSTNAME (0x00000003)
CCleaner.exe
[2024-05-16 04:45:43.845] [error ] [Burger ] [ 308: 1660] [FDA25D: 244] [23.1.806.0] [BurgerReporter.cpp] [244] asw::standalone_svc::BurgerReporter::BurgerSwitch: Could not read property BURGER_SETTINGS_PANCAKE_HOSTNAME (0x00000003)
CCleaner.exe
startCheckingLicense()
CCleaner.exe
OnLanguage - en
CCleaner.exe
OnLanguage - en
CCleaner.exe
OnLanguage - en
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
clumsy.exe