URL:

https://bits.avcdn.net/productfamily_CCLEANER/insttype_FREE/platform_WIN_PIR/installertype_ONLINE/build_RELEASE/cookie_mmm_ccl_012_999_a7j_m

Full analysis: https://app.any.run/tasks/33a010db-6630-4183-962d-7833c630be64
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: October 22, 2023, 17:10:01
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
SHA1:

88764FF7DD13CA5393ECC0131AFEB82289872F8A

SHA256:

40C4F8BFB2F71C3B1F92263C6899B9B4E9FB3E4697D1DDDFC6C17B8CE9FEA621

SSDEEP:

3:N8T9/AR4aQGRDaoe9yLtLggOiKes3bVOX1p7hGKFjIx4u6E86I:2TahTRWoPt5dWbVOX1pNdT1L6I

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • ccsetup617.exe (PID: 3448)
      • ccsetup617.exe (PID: 3172)
      • CCUpdate.exe (PID: 3356)
      • CCUpdate.exe (PID: 2296)

    • Steals credentials from Web Browsers

      • taskhost.exe (PID: 2432)
      • taskhost.exe (PID: 3304)
      • CCleaner.exe (PID: 3632)
      • ccsetup617.exe (PID: 3448)
      • taskhost.exe (PID: 3900)
      • CCleaner.exe (PID: 1016)

    • Actions looks like stealing of personal data

      • CCleaner.exe (PID: 3632)
      • ccsetup617.exe (PID: 3448)
      • CCleaner.exe (PID: 1016)

    • Drops the executable file immediately after the start

      • CCUpdate.exe (PID: 3356)
      • ccsetup617.exe (PID: 3448)
      • CCleaner.exe (PID: 1016)

    • Loads dropped or rewritten executable

      • CCUpdate.exe (PID: 2296)
      • CCleaner.exe (PID: 1016)

  • SUSPICIOUS

    • Searches for installed software

      • ccsetup617.exe (PID: 3448)
      • CCleaner.exe (PID: 3632)
      • CCleaner.exe (PID: 1016)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • ccsetup617.exe (PID: 3448)

    • The process creates files with name similar to system file names

      • ccsetup617.exe (PID: 3448)

    • Reads settings of System Certificates

      • ccsetup617.exe (PID: 3448)
      • CCUpdate.exe (PID: 3356)
      • CCleaner.exe (PID: 3632)
      • CCUpdate.exe (PID: 2296)
      • CCleaner.exe (PID: 1016)

    • Reads Internet Explorer settings

      • ccsetup617.exe (PID: 3448)
      • CCleaner.exe (PID: 1016)

    • Executes as Windows Service

      • taskhost.exe (PID: 2432)
      • taskhost.exe (PID: 3304)
      • taskhost.exe (PID: 3900)

    • Reads the Internet Settings

      • ccsetup617.exe (PID: 3448)
      • taskhost.exe (PID: 2432)
      • taskhost.exe (PID: 3304)
      • CCleaner.exe (PID: 1016)
      • taskhost.exe (PID: 3900)

    • Reads browser cookies

      • ccsetup617.exe (PID: 3448)

    • Checks Windows Trust Settings

      • ccsetup617.exe (PID: 3448)
      • CCleaner.exe (PID: 1016)

    • Reads Microsoft Outlook installation path

      • ccsetup617.exe (PID: 3448)

    • Reads security settings of Internet Explorer

      • ccsetup617.exe (PID: 3448)
      • CCleaner.exe (PID: 1016)

    • Creates a software uninstall entry

      • ccsetup617.exe (PID: 3448)

    • Application launched itself

      • CCUpdate.exe (PID: 3356)

    • Process requests binary or script from the Internet

      • CCUpdate.exe (PID: 3356)

    • The process verifies whether the antivirus software is installed

      • CCleaner.exe (PID: 1016)

    • Starts application from unusual location

      • CCleaner.exe (PID: 1016)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3820)
      • msedge.exe (PID: 3860)
      • msedge.exe (PID: 1280)

    • The process uses the downloaded file

      • iexplore.exe (PID: 3820)

    • Drops the executable file immediately after the start

      • iexplore.exe (PID: 3124)

    • Reads the computer name

      • ccsetup617.exe (PID: 3448)
      • CCleaner.exe (PID: 3632)
      • CCUpdate.exe (PID: 3356)
      • CCUpdate.exe (PID: 2296)
      • CCleaner.exe (PID: 1016)

    • Checks supported languages

      • ccsetup617.exe (PID: 3448)
      • CCUpdate.exe (PID: 3356)
      • CCleaner.exe (PID: 3632)
      • CCUpdate.exe (PID: 2296)
      • CCleaner.exe (PID: 1016)

    • Create files in a temporary directory

      • ccsetup617.exe (PID: 3448)

    • Reads Environment values

      • ccsetup617.exe (PID: 3448)
      • CCleaner.exe (PID: 3632)
      • CCleaner.exe (PID: 1016)

    • Reads CPU info

      • ccsetup617.exe (PID: 3448)
      • CCleaner.exe (PID: 3632)
      • CCleaner.exe (PID: 1016)

    • Reads the machine GUID from the registry

      • ccsetup617.exe (PID: 3448)
      • CCUpdate.exe (PID: 3356)
      • CCleaner.exe (PID: 3632)
      • CCUpdate.exe (PID: 2296)
      • CCleaner.exe (PID: 1016)

    • Reads product name

      • ccsetup617.exe (PID: 3448)
      • CCleaner.exe (PID: 1016)

    • Loads dropped or rewritten executable

      • ccsetup617.exe (PID: 3448)

    • Checks proxy server information

      • ccsetup617.exe (PID: 3448)
      • CCleaner.exe (PID: 1016)

    • Creates files or folders in the user directory

      • taskhost.exe (PID: 2432)
      • taskhost.exe (PID: 3304)
      • ccsetup617.exe (PID: 3448)
      • CCleaner.exe (PID: 1016)
      • taskhost.exe (PID: 3900)

    • Creates files in the program directory

      • CCUpdate.exe (PID: 3356)
      • CCleaner.exe (PID: 3632)
      • CCleaner.exe (PID: 1016)

    • Manual execution by a user

      • msedge.exe (PID: 1280)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
79
Monitored processes
34
Malicious processes
9
Suspicious processes
0

Behavior graph

Click at the process to see the details
start drop and start iexplore.exe iexplore.exe ccsetup617.exe no specs ccsetup617.exe taskhost.exe taskhost.exe ccleaner.exe ccupdate.exe ccupdate.exe msedge.exe no specs ccleaner.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs taskhost.exe

Process information

PID
CMD
Path
Indicators
Parent process
280"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1512 --field-trial-handle=1328,i,990149124611301481,13331472562546146914,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\windows\system32\kernel32.dll
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
460"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1636 --field-trial-handle=1328,i,990149124611301481,13331472562546146914,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
812"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1464 --field-trial-handle=1328,i,990149124611301481,13331472562546146914,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
844"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3364 --field-trial-handle=1328,i,990149124611301481,13331472562546146914,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1016"C:\Program Files\CCleaner\CCleaner.exe" C:\Program Files\CCleaner\CCleaner.exe
ccsetup617.exe
User:
admin
Company:
Piriform Software Ltd
Integrity Level:
HIGH
Description:
CCleaner
Exit code:
0
Version:
6.17.0.10746
Modules
Images
c:\program files\ccleaner\ccleaner.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
1044"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1328,i,990149124611301481,13331472562546146914,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1080"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1420 --field-trial-handle=1360,i,17598589594660247260,6002417337699496881,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\sechost.dll
1280"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0C:\Program Files\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1556"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3640 --field-trial-handle=1328,i,990149124611301481,13331472562546146914,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
2296CCUpdate.exe /emupdater /applydll "C:\Program Files\CCleaner\Setup\8503e515-ca0d-4f7a-a8ab-857f367990f2.dll"C:\Program Files\CCleaner\CCUpdate.exe
CCUpdate.exe
User:
admin
Company:
Piriform Software Ltd
Integrity Level:
HIGH
Description:
CCleaner CCleaner emergency updater
Exit code:
0
Version:
23.3.12.0
Modules
Images
c:\program files\ccleaner\ccupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\advapi32.dll
Total events
56 692
Read events
56 253
Write events
365
Delete events
74

Modification events

(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000056010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3820) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
147
Suspicious files
221
Text files
95
Unknown types
0

Dropped files

PID
Process
Filename
Type
3124iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\ccsetup617.exe.prxysyd.partial
MD5:
SHA256:
3820iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\ccsetup617.exe
MD5:
SHA256:
3124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04binary
MD5:92AB4986D3E69742C0EED803AEC91584
SHA256:5E80E3F391BDC86D7F0D73B78C07A89223555777075334E1AAABAB12A0AF94B4
3124iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\ccsetup617[1].exeexecutable
MD5:7A15BD5C24D5656A5AC8F2FB91E4AD6A
SHA256:70936489CC7D88FBA4737235560D0E4901E160174043589F02A944268B2A5D6B
3124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:9CEE4A4A05F4DB9EA07F65EB91EA4934
SHA256:169BA95E4C306B8C2C5EC5B1A5CBB34A6147ACF831012E324BED73D66B0F4D48
3124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
SHA256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
3820iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776binary
MD5:808EFFA7EE0AF968F15725990BF7B751
SHA256:48C3DADB0CAC49675B3EB0D46C8031CCB63D386774E4C46A1C1909129DEE8C27
3124iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04binary
MD5:C181D7DBD32DFB207CF5167FA671EA22
SHA256:860BEA1C239B933B297F939D3B5A2604B043A626468E9AB5ED3C736FB7A3A708
3820iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776binary
MD5:8761D8CF2E90FD1D6AE690013BA77D5A
SHA256:C3B34D5D937929262C5FB874EA352A4B8982CBBFAE866209876D26B5F0AEA6FB
3820iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\urlblockindex[1].binbinary
MD5:FA518E3DFAE8CA3A0E495460FD60C791
SHA256:775853600060162C4B4E5F883F9FD5A278E61C471B3EE1826396B6D129499AA7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
27
TCP/UDP connections
112
DNS requests
129
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3356
CCUpdate.exe
HEAD
200
23.50.131.76:80
http://emupdate.avcdn.net/files/emupdate/pong.txt
unknown
unknown
3112
msedge.exe
GET
301
2.19.225.128:80
http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0
unknown
unknown
3124
iexplore.exe
GET
200
209.197.3.8:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?1258361c79ec4a7a
unknown
compressed
4.66 Kb
unknown
3820
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
binary
471 b
unknown
2296
CCUpdate.exe
GET
200
142.250.186.78:80
http://www.google-analytics.com/collect?v=1&tid=UA-58120669-26&t=event&cid=97b7721c4994e2556ff6a439510f665df3233a637833016fda6b2d652a6fc9cd&ec=20180910&ea=executed&el=1&ev=0
unknown
image
35 b
unknown
3448
ccsetup617.exe
GET
200
142.250.186.35:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIAjrICMzZli2TN25s%3D
unknown
binary
724 b
unknown
3820
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
binary
471 b
unknown
3448
ccsetup617.exe
GET
200
142.250.186.35:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
unknown
binary
724 b
unknown
3448
ccsetup617.exe
GET
200
142.250.186.35:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
binary
1.41 Kb
unknown
3356
CCUpdate.exe
GET
200
23.50.131.80:80
http://ccleaner.tools.avcdn.net/tools/ccleaner/update/patches.ini
unknown
text
170 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3124
iexplore.exe
23.197.94.235:443
AKAMAI-AS
US
unknown
3124
iexplore.exe
8.253.95.121:80
ctldl.windowsupdate.com
LEVEL3
US
unknown
3124
iexplore.exe
209.197.3.8:80
ctldl.windowsupdate.com
STACKPATH-CDN
US
whitelisted
3124
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:137
whitelisted
2656
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
3820
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
EDGECAST
US
whitelisted
3820
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
3448
ccsetup617.exe
34.117.223.223:443
analytics.avcdn.net
GOOGLE-CLOUD-PLATFORM
US
unknown

DNS requests

Domain
IP
Reputation
ctldl.windowsupdate.com
  • 8.253.95.121
  • 8.253.207.121
  • 8.241.9.126
  • 67.27.234.126
  • 67.27.159.254
  • 209.197.3.8
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
analytics.avcdn.net
  • 34.117.223.223
unknown
ipm-provider.ff.avast.com
  • 34.111.24.1
whitelisted
ieonline.microsoft.com
  • 204.79.197.200
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
www.msn.com
  • 204.79.197.203
whitelisted
analytics.ff.avast.com
  • 34.117.223.223
whitelisted

Threats

PID
Process
Class
Message
3356
CCUpdate.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
4 ETPRO signatures available at the full report
Process
Message
CCleaner.exe
Failed to open log file 'C:\Program Files\CCleaner'
CCleaner.exe
[2023-10-22 17:11:38.034] [error ] [lil ] [ 3632: 2680] [000000: 0] ~ubNfVZ3SJpLT7uYoqxlGy7r0Fn2Vzw==
CCleaner.exe
[2023-10-22 17:11:38.034] [error ] [lif_utils ] [ 3632: 2680] [000000: 0] ~/acaZ4nLaoDU4qJstxgPyLy6G3KI1DiegfunPr8GStG4pg==
CCleaner.exe
[2023-10-22 17:11:38.034] [error ] [lil ] [ 3632: 2680] [000000: 0] ~/ZEHcJnLPo7O5fxsrQ5b0K30GGaV32qO0qurLbAPTtGypgYzjNo4hszusimsYQ+F/fRfM9ybaseBq+Zs/ksPhf30XzPcm2rHgavmbP5LD4X99F8z3Jtqx4Gr5mz+Sw+F/fRfM9ybaseBq+Zs/ktsyrmxRTPMw3rXkbv2fOtcD43l41Y=
CCleaner.exe
Failed to open log file 'C:\Program Files\CCleaner'
CCleaner.exe
OnLanguage - en
CCleaner.exe
[2023-10-22 17:11:40.581] [error ] [Burger ] [ 1016: 1980] [904E07: 253] [23.2.1118.0] [BurgerReporter.cpp] [253] asw::standalone_svc::BurgerReporter::BurgerSwitch: Could not read property BURGER_SETTINGS_PANCAKE_HOSTNAME (0x00000003)
CCleaner.exe
[2023-10-22 17:11:40.581] [error ] [Burger ] [ 1016: 1980] [904E07: 253] [23.2.1118.0] [BurgerReporter.cpp] [253] asw::standalone_svc::BurgerReporter::BurgerSwitch: Could not read property BURGER_SETTINGS_PANCAKE_HOSTNAME (0x00000003)
CCleaner.exe
file:///tis/optimizer.tis(1112) : warning :'await' should be used only inside 'async' or 'event'
CCleaner.exe
startCheckingLicense()
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://bits.avcdn.net/productfamily_CCLEANER/insttype_FREE/platform_WIN_PIR/installertype_ONLINE/build_RELEASE/cookie_mmm_ccl_012_999_a7j_m