URL:

https://download.ccleaner.com/ccsetup556.exe

Full analysis: https://app.any.run/tasks/f1cdad8e-253e-436a-9006-e0643f929d43
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: April 14, 2019, 20:04:25
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MD5:

1E5194F5ECE9C97C289B2EC5CB7CB30F

SHA1:

936B61CB96FF3F8AB55F5F401805F229C5EA52DB

SHA256:

146109C04B081955AD96A243696E7718BA954E26C6DC85EBE86ADA7E98CE1793

SSDEEP:

3:N8SElvdyZhWARQ7T0Cn:2SKCQXJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • ccsetup556[1].exe (PID: 1336)
      • ccsetup556[1].exe (PID: 2100)
      • nsD055.tmp (PID: 3516)
      • CCUpdate.exe (PID: 1708)
      • CCleaner.exe (PID: 1520)
      • CCUpdate.exe (PID: 3608)
      • CCleaner.exe (PID: 2116)
      • CCleaner.exe (PID: 756)

    • Loads dropped or rewritten executable

      • ccsetup556[1].exe (PID: 2100)
      • CCUpdate.exe (PID: 1708)

    • Actions looks like stealing of personal data

      • ccsetup556[1].exe (PID: 2100)
      • CCleaner.exe (PID: 2116)
      • CCleaner.exe (PID: 756)

    • Changes settings of System certificates

      • ccsetup556[1].exe (PID: 2100)

    • Loads the Task Scheduler COM API

      • CCUpdate.exe (PID: 3608)
      • CCleaner.exe (PID: 1520)
      • CCleaner.exe (PID: 2116)
      • CCleaner.exe (PID: 756)

    • Changes the autorun value in the registry

      • CCleaner.exe (PID: 756)
      • CCleaner.exe (PID: 2116)

    • Downloads executable files from the Internet

      • CCUpdate.exe (PID: 3608)

  • SUSPICIOUS

    • Low-level read access rights to disk partition

      • ccsetup556[1].exe (PID: 2100)
      • CCUpdate.exe (PID: 1708)
      • CCUpdate.exe (PID: 3608)
      • CCleaner.exe (PID: 2116)
      • CCleaner.exe (PID: 756)

    • Adds / modifies Windows certificates

      • ccsetup556[1].exe (PID: 2100)

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 2520)
      • iexplore.exe (PID: 1928)
      • CCUpdate.exe (PID: 3608)
      • ccsetup556[1].exe (PID: 2100)

    • Reads Internet Cache Settings

      • ccsetup556[1].exe (PID: 2100)
      • CCleaner.exe (PID: 2116)

    • Reads internet explorer settings

      • ccsetup556[1].exe (PID: 2100)
      • CCleaner.exe (PID: 2116)
      • CCleaner.exe (PID: 756)

    • Starts application with an unusual extension

      • ccsetup556[1].exe (PID: 2100)

    • Reads the cookies of Mozilla Firefox

      • ccsetup556[1].exe (PID: 2100)
      • CCleaner.exe (PID: 2116)

    • Creates files in the user directory

      • ccsetup556[1].exe (PID: 2100)
      • CCleaner.exe (PID: 2116)
      • CCleaner.exe (PID: 756)

    • Reads the cookies of Google Chrome

      • ccsetup556[1].exe (PID: 2100)
      • CCleaner.exe (PID: 2116)

    • Reads CPU info

      • ccsetup556[1].exe (PID: 2100)
      • CCleaner.exe (PID: 756)
      • CCleaner.exe (PID: 2116)

    • Creates files in the program directory

      • ccsetup556[1].exe (PID: 2100)
      • CCUpdate.exe (PID: 3608)

    • Modifies the open verb of a shell class

      • ccsetup556[1].exe (PID: 2100)

    • Application launched itself

      • CCUpdate.exe (PID: 3608)
      • CCleaner.exe (PID: 2116)

    • Reads Environment values

      • ccsetup556[1].exe (PID: 2100)
      • CCleaner.exe (PID: 756)
      • CCleaner.exe (PID: 2116)

    • Creates a software uninstall entry

      • ccsetup556[1].exe (PID: 2100)

    • Removes files from Windows directory

      • CCleaner.exe (PID: 2116)

  • INFO

    • Changes internet zones settings

      • iexplore.exe (PID: 2520)

    • Creates files in the user directory

      • iexplore.exe (PID: 1928)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 1928)
      • iexplore.exe (PID: 2520)

    • Reads settings of System Certificates

      • CCleaner.exe (PID: 2116)
      • CCleaner.exe (PID: 756)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
46
Monitored processes
11
Malicious processes
5
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start drop and start start drop and start drop and start drop and start drop and start iexplore.exe iexplore.exe ccsetup556[1].exe no specs ccsetup556[1].exe nsd055.tmp no specs ping.exe no specs ccleaner.exe no specs ccupdate.exe ccleaner.exe ccupdate.exe ccleaner.exe

Process information

PID
CMD
Path
Indicators
Parent process
756"C:\Program Files\CCleaner\CCleaner.exe" /monitorC:\Program Files\CCleaner\CCleaner.exe
CCleaner.exe
User:
admin
Company:
Piriform Software Ltd
Integrity Level:
HIGH
Description:
CCleaner
Exit code:
0
Version:
5.56.0.7144
Modules
Images
c:\program files\ccleaner\ccleaner.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
1336"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\ccsetup556[1].exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\ccsetup556[1].exeiexplore.exe
User:
admin
Company:
Piriform Software Ltd
Integrity Level:
MEDIUM
Description:
CCleaner Installer
Exit code:
3221226540
Version:
5.56.0.7144
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\i0488cjo\ccsetup556[1].exe
c:\systemroot\system32\ntdll.dll
1520"C:\Program Files\CCleaner\CCleaner.exe" /createSkipUAC 5.35.6210C:\Program Files\CCleaner\CCleaner.execcsetup556[1].exe
User:
admin
Company:
Piriform Software Ltd
Integrity Level:
HIGH
Description:
CCleaner
Exit code:
0
Version:
5.56.0.7144
Modules
Images
c:\program files\ccleaner\ccleaner.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
1708CCUpdate.exe /emupdater /applydll "C:\Program Files\CCleaner\Setup\0de4e8a6-8d9a-46ad-bd91-629db2cb59fb.dll"C:\Program Files\CCleaner\CCUpdate.exe
CCUpdate.exe
User:
admin
Company:
Piriform Software Ltd
Integrity Level:
HIGH
Description:
CCleaner emergency updater
Exit code:
0
Version:
19.2.566.0
Modules
Images
c:\program files\ccleaner\ccupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
1928"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2520 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2100"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\ccsetup556[1].exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\ccsetup556[1].exe
iexplore.exe
User:
admin
Company:
Piriform Software Ltd
Integrity Level:
HIGH
Description:
CCleaner Installer
Exit code:
3221225547
Version:
5.56.0.7144
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\i0488cjo\ccsetup556[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shell32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
2116"C:\Program Files\CCleaner\CCleaner.exe" C:\Program Files\CCleaner\CCleaner.exe
ccsetup556[1].exe
User:
admin
Company:
Piriform Software Ltd
Integrity Level:
HIGH
Description:
CCleaner
Exit code:
0
Version:
5.56.0.7144
Modules
Images
c:\program files\ccleaner\ccleaner.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
2520"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3492C:\Windows\system32\ping.exe -n 1 -w 5000 www.ccleaner.comC:\Windows\system32\ping.exensD055.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
TCP/IP Ping Command
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\ping.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
3516"C:\Users\admin\AppData\Local\Temp\nstA675.tmp\nsD055.tmp" C:\Windows\system32\ping.exe -n 1 -w 5000 www.ccleaner.comC:\Users\admin\AppData\Local\Temp\nstA675.tmp\nsD055.tmpccsetup556[1].exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\nsta675.tmp\nsd055.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
Total events
5 080
Read events
4 752
Write events
312
Delete events
16

Modification events

(PID) Process:(2520) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2520) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2520) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2520) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(2520) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2520) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2520) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{88BB8167-5EF0-11E9-B63D-5254004A04AF}
Value:
0
(PID) Process:(2520) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(2520) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
1
(PID) Process:(2520) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E307040000000E00140004002800C202
Executable files
133
Suspicious files
35
Text files
78
Unknown types
17

Dropped files

PID
Process
Filename
Type
2520iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
MD5:
SHA256:
2520iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2520iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF4F282D375D21997B.TMP
MD5:
SHA256:
1928iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:
SHA256:
2520iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF80EF71B9892CB151.TMP
MD5:
SHA256:
2520iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{88BB8167-5EF0-11E9-B63D-5254004A04AF}.dat
MD5:
SHA256:
1928iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RDSLDLKH\ccsetup556[1].exeexecutable
MD5:
SHA256:
2520iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{88BB8168-5EF0-11E9-B63D-5254004A04AF}.datbinary
MD5:
SHA256:
1928iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:
SHA256:
1928iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.iniini
MD5:4A3DEB274BB5F0212C2419D3D8D08612
SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
18
DNS requests
21
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3608
CCUpdate.exe
HEAD
200
2.16.106.147:80
http://emupdate.avcdn.net/files/emupdate/pong.txt
unknown
whitelisted
2100
ccsetup556[1].exe
GET
200
151.101.0.64:80
http://service.piriform.com/installcheck.aspx?p=1&v=5.56.7144&vx=5.35.6210&l=1033&b=1&o=6.1W3&g=2&i=1&a=0&e=0&n=ccsetup556[1].exe&id=003&mk=IJR6-W5SV-5KYR-QBZD-6BY4-RN5Z-WAV9-RVK2-VJCA&mx=97B7721C4994E2556FF6A439510F665DB45337A341A47E15F4997584423BF714&gd=f2b18f71-0d46-4a32-87b9-659ca2662cc0
US
text
4 b
whitelisted
3608
CCUpdate.exe
GET
200
5.62.38.20:80
http://ip-info.ff.avast.com/v2/info
NL
text
360 b
whitelisted
1708
CCUpdate.exe
GET
200
5.62.38.20:80
http://ip-info.ff.avast.com/v2/info
NL
text
360 b
whitelisted
3608
CCUpdate.exe
GET
200
2.16.106.185:80
http://ccleaner.tools.avcdn.net/tools/ccleaner/update/updates.xml
unknown
xml
1.55 Kb
whitelisted
2116
CCleaner.exe
GET
200
151.101.2.202:80
http://www.ccleaner.com/auto?a=0&p=cc&v=5.56.7144&l=1033&lk=&mk=IJR6-W5SV-5KYR-QBZD-6BY4-RN5Z-WAV9-RVK2-VJCA&o=6.1W3&au=1&mx=97B7721C4994E2556FF6A439510F665DB45337A341A47E15F4997584423BF714&gd=f2b18f71-0d46-4a32-87b9-659ca2662cc0
US
text
23 b
whitelisted
3608
CCUpdate.exe
GET
200
2.16.106.185:80
http://ccleaner.tools.avcdn.net/tools/ccleaner/update/patches.ini
unknown
ini
170 b
whitelisted
1708
CCUpdate.exe
GET
200
216.58.207.78:80
http://www.google-analytics.com/collect?v=1&tid=UA-58120669-26&t=event&cid=97b7721c4994e2556ff6a439510f665db45337a341a47e15f4997584423bf714&ec=20180910&ea=version&el=5.56.0.7144&ev=0
US
image
35 b
whitelisted
3608
CCUpdate.exe
GET
200
2.16.106.185:80
http://ccleaner.tools.avcdn.net/tools/ccleaner/update/20180205.dll
unknown
executable
469 Kb
whitelisted
1708
CCUpdate.exe
GET
200
216.58.207.78:80
http://www.google-analytics.com/collect?v=1&tid=UA-58120669-26&t=event&cid=97b7721c4994e2556ff6a439510f665db45337a341a47e15f4997584423bf714&ec=20180910&ea=executed&el=1&ev=0
US
image
35 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2520
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
1928
iexplore.exe
13.32.219.75:443
download.ccleaner.com
Amazon.com, Inc.
US
unknown
2100
ccsetup556[1].exe
151.101.0.64:80
service.piriform.com
Fastly
US
whitelisted
2100
ccsetup556[1].exe
5.62.40.204:443
analytics.ff.avast.com
AVAST Software s.r.o.
DE
malicious
1708
CCUpdate.exe
5.62.38.20:80
ip-info.ff.avast.com
AVAST Software s.r.o.
NL
suspicious
2116
CCleaner.exe
151.101.2.202:443
www.ccleaner.com
Fastly
US
suspicious
756
CCleaner.exe
5.62.40.204:443
analytics.ff.avast.com
AVAST Software s.r.o.
DE
malicious
2116
CCleaner.exe
151.101.2.109:443
license.piriform.com
Fastly
US
suspicious
2116
CCleaner.exe
151.101.2.109:80
license.piriform.com
Fastly
US
suspicious
756
CCleaner.exe
151.101.2.109:443
license.piriform.com
Fastly
US
suspicious

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
download.ccleaner.com
  • 13.32.219.75
  • 13.32.219.76
  • 13.32.219.219
  • 13.32.219.236
shared
analytics.ff.avast.com
  • 5.62.40.204
  • 77.234.45.54
whitelisted
www.ccleaner.com
  • 151.101.2.202
  • 151.101.66.202
  • 151.101.130.202
  • 151.101.194.202
whitelisted
service.piriform.com
  • 151.101.0.64
  • 151.101.64.64
  • 151.101.128.64
  • 151.101.192.64
whitelisted
shepherd.ff.avast.com
  • 5.62.40.202
  • 5.62.40.201
whitelisted
ip-info.ff.avast.com
  • 5.62.38.21
  • 5.62.38.20
whitelisted
emupdate.avcdn.net
  • 2.16.106.187
  • 2.16.106.147
whitelisted
ccleaner.tools.avcdn.net
  • 2.16.106.178
  • 2.16.106.185
whitelisted
www.google-analytics.com
  • 216.58.207.78
whitelisted

Threats

PID
Process
Class
Message
1928
iexplore.exe
Generic Protocol Command Decode
SURICATA STREAM excessive retransmissions
3608
CCUpdate.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
2116
CCleaner.exe
Misc activity
SUSPICIOUS [PTsecurity] Bundled.Toolbar.Google potentially unsafe
Process
Message
CCleaner.exe
self.ready
CCleaner.exe
OnData Not UsingRemoteContent OnData ShowUpsell=0 ShowCross=0 ShowTip=true
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://download.ccleaner.com/ccsetup556.exe