URL:

https://bits.avcdn.net/productfamily_CCLEANER/insttype_FREE/platform_WIN_PIR/installertype_ONLINE/build_RELEASE/cookie_mmm_ccl_012_999_a7j_m

Full analysis: https://app.any.run/tasks/33a010db-6630-4183-962d-7833c630be64
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: October 22, 2023, 17:10:01
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
SHA1:

88764FF7DD13CA5393ECC0131AFEB82289872F8A

SHA256:

40C4F8BFB2F71C3B1F92263C6899B9B4E9FB3E4697D1DDDFC6C17B8CE9FEA621

SSDEEP:

3:N8T9/AR4aQGRDaoe9yLtLggOiKes3bVOX1p7hGKFjIx4u6E86I:2TahTRWoPt5dWbVOX1pNdT1L6I

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • ccsetup617.exe (PID: 3448)
      • ccsetup617.exe (PID: 3172)
      • CCUpdate.exe (PID: 3356)
      • CCUpdate.exe (PID: 2296)

    • Steals credentials from Web Browsers

      • taskhost.exe (PID: 3304)
      • taskhost.exe (PID: 2432)
      • CCleaner.exe (PID: 3632)
      • ccsetup617.exe (PID: 3448)
      • taskhost.exe (PID: 3900)
      • CCleaner.exe (PID: 1016)

    • Actions looks like stealing of personal data

      • ccsetup617.exe (PID: 3448)
      • CCleaner.exe (PID: 3632)
      • CCleaner.exe (PID: 1016)

    • Drops the executable file immediately after the start

      • ccsetup617.exe (PID: 3448)
      • CCUpdate.exe (PID: 3356)
      • CCleaner.exe (PID: 1016)

    • Loads dropped or rewritten executable

      • CCUpdate.exe (PID: 2296)
      • CCleaner.exe (PID: 1016)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • ccsetup617.exe (PID: 3448)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • ccsetup617.exe (PID: 3448)

    • Reads settings of System Certificates

      • ccsetup617.exe (PID: 3448)
      • CCUpdate.exe (PID: 3356)
      • CCleaner.exe (PID: 3632)
      • CCUpdate.exe (PID: 2296)
      • CCleaner.exe (PID: 1016)

    • Reads Internet Explorer settings

      • ccsetup617.exe (PID: 3448)
      • CCleaner.exe (PID: 1016)

    • Executes as Windows Service

      • taskhost.exe (PID: 2432)
      • taskhost.exe (PID: 3304)
      • taskhost.exe (PID: 3900)

    • Reads the Internet Settings

      • taskhost.exe (PID: 2432)
      • taskhost.exe (PID: 3304)
      • ccsetup617.exe (PID: 3448)
      • CCleaner.exe (PID: 1016)
      • taskhost.exe (PID: 3900)

    • Searches for installed software

      • ccsetup617.exe (PID: 3448)
      • CCleaner.exe (PID: 3632)
      • CCleaner.exe (PID: 1016)

    • Reads browser cookies

      • ccsetup617.exe (PID: 3448)

    • Reads security settings of Internet Explorer

      • ccsetup617.exe (PID: 3448)
      • CCleaner.exe (PID: 1016)

    • Reads Microsoft Outlook installation path

      • ccsetup617.exe (PID: 3448)

    • Checks Windows Trust Settings

      • ccsetup617.exe (PID: 3448)
      • CCleaner.exe (PID: 1016)

    • Creates a software uninstall entry

      • ccsetup617.exe (PID: 3448)

    • Application launched itself

      • CCUpdate.exe (PID: 3356)

    • Process requests binary or script from the Internet

      • CCUpdate.exe (PID: 3356)

    • The process verifies whether the antivirus software is installed

      • CCleaner.exe (PID: 1016)

    • Starts application from unusual location

      • CCleaner.exe (PID: 1016)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3820)
      • msedge.exe (PID: 3860)
      • msedge.exe (PID: 1280)

    • Drops the executable file immediately after the start

      • iexplore.exe (PID: 3124)

    • The process uses the downloaded file

      • iexplore.exe (PID: 3820)

    • Reads the computer name

      • ccsetup617.exe (PID: 3448)
      • CCUpdate.exe (PID: 3356)
      • CCleaner.exe (PID: 3632)
      • CCUpdate.exe (PID: 2296)
      • CCleaner.exe (PID: 1016)

    • Create files in a temporary directory

      • ccsetup617.exe (PID: 3448)

    • Checks supported languages

      • ccsetup617.exe (PID: 3448)
      • CCleaner.exe (PID: 3632)
      • CCUpdate.exe (PID: 3356)
      • CCUpdate.exe (PID: 2296)
      • CCleaner.exe (PID: 1016)

    • Loads dropped or rewritten executable

      • ccsetup617.exe (PID: 3448)

    • Reads the machine GUID from the registry

      • ccsetup617.exe (PID: 3448)
      • CCUpdate.exe (PID: 3356)
      • CCleaner.exe (PID: 3632)
      • CCUpdate.exe (PID: 2296)
      • CCleaner.exe (PID: 1016)

    • Reads product name

      • ccsetup617.exe (PID: 3448)
      • CCleaner.exe (PID: 1016)

    • Reads Environment values

      • ccsetup617.exe (PID: 3448)
      • CCleaner.exe (PID: 3632)
      • CCleaner.exe (PID: 1016)

    • Reads CPU info

      • ccsetup617.exe (PID: 3448)
      • CCleaner.exe (PID: 3632)
      • CCleaner.exe (PID: 1016)

    • Creates files or folders in the user directory

      • ccsetup617.exe (PID: 3448)
      • taskhost.exe (PID: 2432)
      • taskhost.exe (PID: 3304)
      • CCleaner.exe (PID: 1016)
      • taskhost.exe (PID: 3900)

    • Checks proxy server information

      • ccsetup617.exe (PID: 3448)
      • CCleaner.exe (PID: 1016)

    • Creates files in the program directory

      • CCleaner.exe (PID: 3632)
      • CCUpdate.exe (PID: 3356)
      • CCleaner.exe (PID: 1016)

    • Manual execution by a user

      • msedge.exe (PID: 1280)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
79
Monitored processes
34
Malicious processes
9
Suspicious processes
0

Behavior graph

Click at the process to see the details
start drop and start iexplore.exe iexplore.exe ccsetup617.exe no specs ccsetup617.exe taskhost.exe taskhost.exe ccleaner.exe ccupdate.exe ccupdate.exe msedge.exe no specs ccleaner.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs taskhost.exe

Process information

PID
CMD
Path
Indicators
Parent process
280"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1512 --field-trial-handle=1328,i,990149124611301481,13331472562546146914,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\windows\system32\kernel32.dll
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
460"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1636 --field-trial-handle=1328,i,990149124611301481,13331472562546146914,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
812"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1464 --field-trial-handle=1328,i,990149124611301481,13331472562546146914,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
844"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3364 --field-trial-handle=1328,i,990149124611301481,13331472562546146914,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1016"C:\Program Files\CCleaner\CCleaner.exe" C:\Program Files\CCleaner\CCleaner.exe
ccsetup617.exe
User:
admin
Company:
Piriform Software Ltd
Integrity Level:
HIGH
Description:
CCleaner
Exit code:
0
Version:
6.17.0.10746
Modules
Images
c:\program files\ccleaner\ccleaner.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
1044"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1328,i,990149124611301481,13331472562546146914,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1080"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1420 --field-trial-handle=1360,i,17598589594660247260,6002417337699496881,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\sechost.dll
1280"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0C:\Program Files\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1556"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3640 --field-trial-handle=1328,i,990149124611301481,13331472562546146914,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
2296CCUpdate.exe /emupdater /applydll "C:\Program Files\CCleaner\Setup\8503e515-ca0d-4f7a-a8ab-857f367990f2.dll"C:\Program Files\CCleaner\CCUpdate.exe
CCUpdate.exe
User:
admin
Company:
Piriform Software Ltd
Integrity Level:
HIGH
Description:
CCleaner CCleaner emergency updater
Exit code:
0
Version:
23.3.12.0
Modules
Images
c:\program files\ccleaner\ccupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\advapi32.dll
Total events
56 692
Read events
56 253
Write events
365
Delete events
74

Modification events

(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000056010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
147
Suspicious files
221
Text files
95
Unknown types
0

Dropped files

PID
Process
Filename
Type
3124iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\ccsetup617.exe.prxysyd.partial
MD5:
SHA256:
3820iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\ccsetup617.exe
MD5:
SHA256:
3124iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\ccsetup617[1].exeexecutable
MD5:7A15BD5C24D5656A5AC8F2FB91E4AD6A
SHA256:70936489CC7D88FBA4737235560D0E4901E160174043589F02A944268B2A5D6B
3124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:9CEE4A4A05F4DB9EA07F65EB91EA4934
SHA256:169BA95E4C306B8C2C5EC5B1A5CBB34A6147ACF831012E324BED73D66B0F4D48
3124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04binary
MD5:92AB4986D3E69742C0EED803AEC91584
SHA256:5E80E3F391BDC86D7F0D73B78C07A89223555777075334E1AAABAB12A0AF94B4
3124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
SHA256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
3124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04binary
MD5:C181D7DBD32DFB207CF5167FA671EA22
SHA256:860BEA1C239B933B297F939D3B5A2604B043A626468E9AB5ED3C736FB7A3A708
3820iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776binary
MD5:8761D8CF2E90FD1D6AE690013BA77D5A
SHA256:C3B34D5D937929262C5FB874EA352A4B8982CBBFAE866209876D26B5F0AEA6FB
3820iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xmlxml
MD5:CBD0581678FA40F0EDCBC7C59E0CAD10
SHA256:159BD4343F344A08F6AF3B716B6FA679859C1BD1D7030D26FF5EF0255B86E1D9
3820iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776binary
MD5:808EFFA7EE0AF968F15725990BF7B751
SHA256:48C3DADB0CAC49675B3EB0D46C8031CCB63D386774E4C46A1C1909129DEE8C27
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
27
TCP/UDP connections
112
DNS requests
129
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3124
iexplore.exe
GET
200
8.253.95.121:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?44b7f016ec3320f4
unknown
compressed
4.66 Kb
3356
CCUpdate.exe
GET
200
23.50.131.80:80
http://ccleaner.tools.avcdn.net/tools/ccleaner/update/updates.xml
unknown
xml
1.59 Kb
2296
CCUpdate.exe
GET
200
142.250.186.78:80
http://www.google-analytics.com/collect?v=1&tid=UA-58120669-26&t=event&cid=97b7721c4994e2556ff6a439510f665df3233a637833016fda6b2d652a6fc9cd&ec=20180910&ea=executed&el=1&ev=0
unknown
image
35 b
1016
CCleaner.exe
GET
200
23.50.131.77:80
http://ncc.avast.com/ncc.txt
unknown
text
26 b
2296
CCUpdate.exe
GET
200
142.250.186.78:80
http://www.google-analytics.com/collect?v=1&tid=UA-58120669-26&t=event&cid=97b7721c4994e2556ff6a439510f665df3233a637833016fda6b2d652a6fc9cd&ec=20180910&ea=version&el=6.17.0.10746&ev=0
unknown
image
35 b
2296
CCUpdate.exe
GET
200
142.250.186.78:80
http://www.google-analytics.com/collect?v=1&tid=UA-58120669-26&t=event&cid=97b7721c4994e2556ff6a439510f665df3233a637833016fda6b2d652a6fc9cd&ec=20180910&ea=version_check&el=0&ev=0
unknown
image
35 b
3124
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?1258361c79ec4a7a
unknown
compressed
4.66 Kb
3124
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
binary
471 b
3448
ccsetup617.exe
GET
200
142.250.186.35:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCiqTpRpOc3bRIUpkAuvtnV
unknown
binary
472 b
3820
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
binary
471 b
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3124
iexplore.exe
23.197.94.235:443
AKAMAI-AS
US
unknown
3124
iexplore.exe
8.253.95.121:80
ctldl.windowsupdate.com
LEVEL3
US
unknown
3124
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
STACKPATH-CDN
US
unknown
3124
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
unknown
4
System
192.168.100.255:137
unknown
2656
svchost.exe
239.255.255.250:1900
unknown
4
System
192.168.100.255:138
unknown
3820
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
EDGECAST
US
unknown
3820
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
unknown
3448
ccsetup617.exe
34.117.223.223:443
analytics.avcdn.net
GOOGLE-CLOUD-PLATFORM
US
unknown

DNS requests

Domain
IP
Reputation
ctldl.windowsupdate.com
  • 8.253.95.121
  • 8.253.207.121
  • 8.241.9.126
  • 67.27.234.126
  • 67.27.159.254
  • 209.197.3.8
unknown
ocsp.digicert.com
  • 192.229.221.95
unknown
iecvlist.microsoft.com
  • 152.199.19.161
unknown
r20swj13mr.microsoft.com
  • 152.199.19.161
unknown
analytics.avcdn.net
  • 34.117.223.223
unknown
ipm-provider.ff.avast.com
  • 34.111.24.1
unknown
ieonline.microsoft.com
  • 204.79.197.200
unknown
go.microsoft.com
  • 23.35.238.131
unknown
www.msn.com
  • 204.79.197.203
unknown
analytics.ff.avast.com
  • 34.117.223.223
unknown

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
4 ETPRO signatures available at the full report
Process
Message
CCleaner.exe
Failed to open log file 'C:\Program Files\CCleaner'
CCleaner.exe
[2023-10-22 17:11:38.034] [error ] [lil ] [ 3632: 2680] [000000: 0] ~ubNfVZ3SJpLT7uYoqxlGy7r0Fn2Vzw==
CCleaner.exe
[2023-10-22 17:11:38.034] [error ] [lif_utils ] [ 3632: 2680] [000000: 0] ~/acaZ4nLaoDU4qJstxgPyLy6G3KI1DiegfunPr8GStG4pg==
CCleaner.exe
[2023-10-22 17:11:38.034] [error ] [lil ] [ 3632: 2680] [000000: 0] ~/ZEHcJnLPo7O5fxsrQ5b0K30GGaV32qO0qurLbAPTtGypgYzjNo4hszusimsYQ+F/fRfM9ybaseBq+Zs/ksPhf30XzPcm2rHgavmbP5LD4X99F8z3Jtqx4Gr5mz+Sw+F/fRfM9ybaseBq+Zs/ktsyrmxRTPMw3rXkbv2fOtcD43l41Y=
CCleaner.exe
Failed to open log file 'C:\Program Files\CCleaner'
CCleaner.exe
OnLanguage - en
CCleaner.exe
[2023-10-22 17:11:40.581] [error ] [Burger ] [ 1016: 1980] [904E07: 253] [23.2.1118.0] [BurgerReporter.cpp] [253] asw::standalone_svc::BurgerReporter::BurgerSwitch: Could not read property BURGER_SETTINGS_PANCAKE_HOSTNAME (0x00000003)
CCleaner.exe
[2023-10-22 17:11:40.581] [error ] [Burger ] [ 1016: 1980] [904E07: 253] [23.2.1118.0] [BurgerReporter.cpp] [253] asw::standalone_svc::BurgerReporter::BurgerSwitch: Could not read property BURGER_SETTINGS_PANCAKE_HOSTNAME (0x00000003)
CCleaner.exe
file:///tis/optimizer.tis(1112) : warning :'await' should be used only inside 'async' or 'event'
CCleaner.exe
startCheckingLicense()
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://bits.avcdn.net/productfamily_CCLEANER/insttype_FREE/platform_WIN_PIR/installertype_ONLINE/build_RELEASE/cookie_mmm_ccl_012_999_a7j_m