File name:

PCOptimizerProInstaller.exe

Full analysis: https://app.any.run/tasks/b3b4e199-2f61-436f-881e-1d7f6593f000
Verdict: Malicious activity
Analysis date: January 02, 2024, 11:29:58
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

18B260587BA339E9C7C7A5391F8E1EA1

SHA1:

CDC5712885EF58CD571D4CC83A19586FC9C4F8ED

SHA256:

5FDA13B6AFE0FA71A5F742ECE8AA2C74B3E2DE4E08010456BE25E1D4E0AE2DC1

SSDEEP:

98304:8Ulup+qd6vrrOx5MWO8TJgZ8Ca2faBn/ccZvy0THh3R5cn6iLsBiZkv5a19uZRA0:/JWRiMGrIhiwHHB

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • PCOptimizerProSetup_STD.exe (PID: 316)

    • Steals credentials from Web Browsers

      • PCOptimizerPro.exe (PID: 2056)

    • Starts CMD.EXE for commands execution

      • FlashUtil32_32_0_0_453_ActiveX.exe (PID: 3276)

    • Actions looks like stealing of personal data

      • PCOptimizerPro.exe (PID: 2056)

  • SUSPICIOUS

    • Adds/modifies Windows certificates

      • PCOptimizerProSetup_STD.exe (PID: 316)

    • Reads the Internet Settings

      • StartApps.exe (PID: 1540)
      • PCOptimizerProSetup_STD.exe (PID: 316)
      • PCOptimizerPro.exe (PID: 2056)

    • The process creates files with name similar to system file names

      • PCOptimizerProSetup_STD.exe (PID: 316)

    • Reads security settings of Internet Explorer

      • PCOptimizerProSetup_STD.exe (PID: 316)
      • PCOptimizerPro.exe (PID: 2056)

    • Reads settings of System Certificates

      • PCOptimizerProSetup_STD.exe (PID: 316)
      • PCOptimizerPro.exe (PID: 2056)

    • Checks Windows Trust Settings

      • PCOptimizerProSetup_STD.exe (PID: 316)
      • PCOptimizerPro.exe (PID: 2056)

    • Searches for installed software

      • PCOptimizerPro.exe (PID: 2056)

  • INFO

    • Drops the executable file immediately after the start

      • PCOptimizerProInstaller.exe (PID: 2256)
      • PCOptimizerProSetup_STD.exe (PID: 316)
      • PCOptimizerPro.exe (PID: 2056)

    • Checks supported languages

      • PCOptimizerProSetup_STD.exe (PID: 316)
      • PCOptimizerProInstaller.exe (PID: 2256)
      • PCOptimizerPro.exe (PID: 2056)
      • StartApps.exe (PID: 1540)

    • Reads the computer name

      • PCOptimizerProInstaller.exe (PID: 2256)
      • PCOptimizerProSetup_STD.exe (PID: 316)
      • StartApps.exe (PID: 1540)
      • PCOptimizerPro.exe (PID: 2056)

    • Create files in a temporary directory

      • PCOptimizerProInstaller.exe (PID: 2256)
      • PCOptimizerProSetup_STD.exe (PID: 316)
      • PCOptimizerPro.exe (PID: 2056)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • PCOptimizerProSetup_STD.exe (PID: 316)

    • Creates files in the program directory

      • PCOptimizerProSetup_STD.exe (PID: 316)
      • PCOptimizerPro.exe (PID: 2056)

    • Reads CPU info

      • PCOptimizerPro.exe (PID: 2056)

    • Checks proxy server information

      • PCOptimizerProSetup_STD.exe (PID: 316)
      • PCOptimizerPro.exe (PID: 2056)

    • Creates files or folders in the user directory

      • PCOptimizerProSetup_STD.exe (PID: 316)

    • Process drops legitimate windows executable

      • PCOptimizerProSetup_STD.exe (PID: 316)

    • Reads the machine GUID from the registry

      • PCOptimizerProSetup_STD.exe (PID: 316)
      • PCOptimizerPro.exe (PID: 2056)

    • Reads the Internet Settings

      • explorer.exe (PID: 2644)
      • explorer.exe (PID: 712)

    • Application launched itself

      • msedge.exe (PID: 2368)
      • msedge.exe (PID: 2100)

    • Manual execution by a user

      • msedge.exe (PID: 2368)

    • Checks transactions between databases Windows and Oracle

      • explorer.exe (PID: 2644)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | NSIS - Nullsoft Scriptable Install System (94.8)
.exe | Win32 Executable MS Visual C++ (generic) (3.4)
.dll | Win32 Dynamic Link Library (generic) (0.7)
.exe | Win32 Executable (generic) (0.5)
.exe | Generic Win/DOS Executable (0.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:12:05 23:50:46+01:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 23552
InitializedDataSize: 119808
UninitializedDataSize: 1024
EntryPoint: 0x323c
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 8.1.1.5
ProductVersionNumber: 8.1.1.5
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Windows, Latin1
Comments: PC Optimizer Pro Nothing optimize your PC better for more details visit http://www.pcoptmizerpro.com
CompanyName: Xportsoft.com
FileDescription: PC Optimizer Pro
FileVersion: 8.1.1.5
InternalName: PC Optimizer Pro Nothing optimize your PC better
LegalCopyright: (c) Xportsoft Technologies. All rights reserved.
LegalTrademarks: Xportsoft Technoliges Pvt.. Ltd.
OriginalFileName: PC Optimizer Pro
ProductName: PC Optimizer Pro
ProductVersion: 8.1.1.5
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
86
Monitored processes
36
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start pcoptimizerproinstaller.exe pcoptimizerprosetup_std.exe regsvr32.exe startapps.exe no specs pcoptimizerpro.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs explorer.exe no specs explorer.exe no specs winrar.exe no specs explorer.exe no specs explorer.exe no specs Copy/Move/Rename/Delete/Link Object no specs optionalfeatures.exe no specs flashutil32_32_0_0_453_activex.exe cmd.exe no specs pcoptimizerproinstaller.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
124"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3972 --field-trial-handle=1320,i,6470912064041849882,10234944010473882968,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
316C:\Users\admin\AppData\Local\Temp\PCOptimizerProSetup_STD.exeC:\Users\admin\AppData\Local\Temp\PCOptimizerProSetup_STD.exe
PCOptimizerProInstaller.exe
User:
admin
Company:
Xportsoft.com
Integrity Level:
HIGH
Description:
PC Optimizer Pro
Exit code:
0
Version:
8.1.1.5
Modules
Images
c:\users\admin\appdata\local\temp\pcoptimizerprosetup_std.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
696"C:\Windows\explorer.exe" C:\ProgramData\PC Optimizer Pro\Send LogsC:\Windows\explorer.exePCOptimizerPro.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
712C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -EmbeddingC:\Windows\explorer.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1168"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3988 --field-trial-handle=1320,i,6470912064041849882,10234944010473882968,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1196C:\Windows\system32\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}C:\Windows\System32\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
COM Surrogate
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1540"C:\Program Files\PC Optimizer Pro\StartApps.exe" "C:\Program Files\PC Optimizer Pro\PCOptimizerPro.exe"C:\Program Files\PC Optimizer Pro\StartApps.exePCOptimizerProSetup_STD.exe
User:
admin
Company:
Xportsoft Technologies
Integrity Level:
HIGH
Description:
Starting up the applicaiton
Exit code:
3221225547
Version:
1.0.0.9
Modules
Images
c:\program files\pc optimizer pro\startapps.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1588regsvr32.exe /s "C:\Program Files\PC Optimizer Pro\PCOptProCtxMenu.dll" C:\Windows\System32\regsvr32.exe
PCOptimizerProSetup_STD.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2040"C:\Users\admin\Desktop\PCOptimizerProInstaller.exe" C:\Users\admin\Desktop\PCOptimizerProInstaller.exeexplorer.exe
User:
admin
Company:
Xportsoft.com
Integrity Level:
MEDIUM
Description:
PC Optimizer Pro
Exit code:
3221226540
Version:
8.1.1.5
Modules
Images
c:\users\admin\desktop\pcoptimizerproinstaller.exe
c:\windows\system32\ntdll.dll
2056"C:\Program Files\PC Optimizer Pro\PCOptimizerPro.exe" C:\Program Files\PC Optimizer Pro\PCOptimizerPro.exe
StartApps.exe
User:
admin
Company:
Xportsoft Technologies
Integrity Level:
HIGH
Description:
Nothing optimize your PC better
Exit code:
0
Version:
8, 1, 1, 5
Modules
Images
c:\program files\pc optimizer pro\pcoptimizerpro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
Total events
30 753
Read events
29 830
Write events
751
Delete events
172

Modification events

(PID) Process:(1588) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{203ABD21-41F1-4F1B-BAE3-D6A89A90D239}\InprocServer32
Operation:delete keyName:(default)
Value:
(PID) Process:(1588) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{203ABD21-41F1-4F1B-BAE3-D6A89A90D239}
Operation:delete keyName:(default)
Value:
(PID) Process:(1588) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\PCProCtxMenu
Operation:delete keyName:(default)
Value:
(PID) Process:(1588) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\PCProCtxMenu
Operation:delete keyName:(default)
Value:
(PID) Process:(316) PCOptimizerProSetup_STD.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(316) PCOptimizerProSetup_STD.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(316) PCOptimizerProSetup_STD.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(316) PCOptimizerProSetup_STD.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(316) PCOptimizerProSetup_STD.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(316) PCOptimizerProSetup_STD.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
17
Suspicious files
81
Text files
46
Unknown types
0

Dropped files

PID
Process
Filename
Type
2256PCOptimizerProInstaller.exeC:\Users\admin\AppData\Local\Temp\PCOptimizerProSetup_STD64.exeexecutable
MD5:C2CDE1DA39413DADA6C7C9DB4C99E87C
SHA256:D81533938FF5404BBE45E253482491C8945F35A889679A4089D5ABF85BE49E06
2256PCOptimizerProInstaller.exeC:\Users\admin\AppData\Local\Temp\nss2DC.tmp\GetVersion.dllexecutable
MD5:5264F7D6D89D1DC04955CFB391798446
SHA256:7D76C7DD8F7CD5A87E0118DACB434DB3971A049501E22A5F4B947154621AB3D4
316PCOptimizerProSetup_STD.exeC:\Program Files\PC Optimizer Pro\PCOptProTrays.exeexecutable
MD5:07620F7070822382499FCE646F0E98B3
SHA256:CBEBDD99EF4C6DC900DB575A873D412355582DC48B4A1F43EEA1EAF7E3A26314
316PCOptimizerProSetup_STD.exeC:\Program Files\PC Optimizer Pro\data.xmlxml
MD5:AC4169805E1CAA0BB68CD6E9F494134F
SHA256:DB58F7626A3E7E32EE0622CFFE522F394971CD2709AA5E87B9B1A8FF12084CA9
316PCOptimizerProSetup_STD.exeC:\Users\admin\AppData\Local\Temp\nsx349.tmp\GetVersion.dllexecutable
MD5:5264F7D6D89D1DC04955CFB391798446
SHA256:7D76C7DD8F7CD5A87E0118DACB434DB3971A049501E22A5F4B947154621AB3D4
2256PCOptimizerProInstaller.exeC:\Users\admin\AppData\Local\Temp\PCOptimizerProSetup_STD.exeexecutable
MD5:7ECCAB7E72A91A90DCCC0CC7D6D09061
SHA256:49C0AA6FDEF05441488EE80F50BEAAB8F55C3C01882CBEA51650F1075ED80C80
316PCOptimizerProSetup_STD.exeC:\Users\admin\AppData\Local\Temp\nsx349.tmp\System.dllexecutable
MD5:C17103AE9072A06DA581DEC998343FC1
SHA256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
316PCOptimizerProSetup_STD.exeC:\Users\admin\AppData\Local\Temp\nsx349.tmp\modern-header.bmpimage
MD5:2E9AD88F5A52C0CBDBE3D4FD93DCF6CC
SHA256:D31D0DA901EDA4A56BC1AA899F69BA90CC2B8338AE382CEFA088DDFDBCA41A58
316PCOptimizerProSetup_STD.exeC:\Users\admin\AppData\Local\Temp\nsx349.tmp\nsDialogs.dllexecutable
MD5:C10E04DD4AD4277D5ADC951BB331C777
SHA256:E31AD6C6E82E603378CB6B80E67D0E0DCD9CF384E1199AC5A65CB4935680021A
316PCOptimizerProSetup_STD.exeC:\Program Files\PC Optimizer Pro\StartApps.exeexecutable
MD5:2A90679E095F703BA3E19A27995F80AE
SHA256:73EBA3C5F70A11B5C190F10ACBF34269DB07388705D983332C08206F472F1740
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
11
TCP/UDP connections
33
DNS requests
30
Threats
5

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
316
PCOptimizerProSetup_STD.exe
GET
301
50.63.8.124:80
http://www.pcoptimizerpro.com/site/admin/instcnt.aspx?bit=32&tid=STD&OS=Windows%207&IP=192.168.100.36&compid=010000003800
unknown
html
261 b
unknown
316
PCOptimizerProSetup_STD.exe
GET
200
172.64.149.23:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
unknown
binary
1.42 Kb
unknown
316
PCOptimizerProSetup_STD.exe
GET
200
23.53.41.250:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c458062541512d33
unknown
compressed
4.66 Kb
unknown
316
PCOptimizerProSetup_STD.exe
GET
200
104.18.38.233:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEGxVq9vQB5LHnQcM2BGe1r8%3D
unknown
binary
2.18 Kb
unknown
2056
PCOptimizerPro.exe
GET
301
50.63.8.124:80
http://www.pcoptimizerpro.com/admin/isrenewed.aspx?bitver=32&h=&uq=12A9866C77DE&uq1=12A9866C77DE&uq2=88342E000000&tid=STD
unknown
html
265 b
unknown
2056
PCOptimizerPro.exe
GET
301
50.63.8.124:80
http://www.pcoptimizerpro.com/admin/showongui.aspx?bit=32&tid=STD&lang=EN
unknown
html
205 b
unknown
2056
PCOptimizerPro.exe
GET
301
50.63.8.124:80
http://www.pcoptimizerpro.com/admin/islivechat.aspx?bit=32&tid=STD&lang=EN
unknown
html
206 b
unknown
2648
msedge.exe
GET
301
50.63.8.124:80
http://www.pcoptimizerpro.com/ordernow.aspx?bit=32&tid=STD
unknown
html
186 b
unknown
3276
FlashUtil32_32_0_0_453_ActiveX.exe
GET
404
23.48.23.54:80
http://fpdownload2.macromedia.com/get/flashplayer/update/current/install/version.xml32.0.0.453~installVector=21&previousVersion=32.0.0.453&pProc=pcoptimizerpro.exe&lang=en&cpuWordLength=32&playerType=ax&os=win&osVer=13&isDebug=0
unknown
html
424 b
unknown
2056
PCOptimizerPro.exe
GET
301
50.63.8.124:80
http://www.pcoptimizerpro.com/admin/islivechat.aspx?bit=32&tid=STD&lang=EN
unknown
html
206 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
316
PCOptimizerProSetup_STD.exe
50.63.8.124:80
www.pcoptimizerpro.com
GO-DADDY-COM-LLC
US
unknown
316
PCOptimizerProSetup_STD.exe
50.63.8.124:443
www.pcoptimizerpro.com
GO-DADDY-COM-LLC
US
unknown
316
PCOptimizerProSetup_STD.exe
23.53.41.250:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
316
PCOptimizerProSetup_STD.exe
172.64.149.23:80
ocsp.comodoca.com
CLOUDFLARENET
US
unknown
316
PCOptimizerProSetup_STD.exe
104.18.38.233:80
ocsp.comodoca.com
CLOUDFLARENET
shared
2056
PCOptimizerPro.exe
50.63.8.124:80
www.pcoptimizerpro.com
GO-DADDY-COM-LLC
US
unknown

DNS requests

Domain
IP
Reputation
www.pcoptimizerpro.com
  • 50.63.8.124
unknown
ctldl.windowsupdate.com
  • 23.53.41.250
  • 23.53.42.67
  • 23.53.42.66
  • 23.53.42.25
  • 23.53.41.243
  • 23.53.42.43
whitelisted
ocsp.comodoca.com
  • 172.64.149.23
  • 104.18.38.233
whitelisted
ocsp.usertrust.com
  • 104.18.38.233
  • 172.64.149.23
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
nav-edge.smartscreen.microsoft.com
  • 20.105.95.163
whitelisted
data-edge.smartscreen.microsoft.com
  • 20.105.95.163
whitelisted
postnav-edge.smartscreen.microsoft.com
  • 20.103.180.120
whitelisted
www.bing.com
  • 104.126.37.168
  • 104.126.37.177
  • 104.126.37.176
  • 104.126.37.162
  • 104.126.37.186
  • 104.126.37.171
  • 104.126.37.160
  • 104.126.37.153
  • 104.126.37.161
  • 92.123.104.47
  • 92.123.104.38
  • 92.123.104.33
  • 92.123.104.50
  • 92.123.104.51
  • 92.123.104.52
  • 92.123.104.31
  • 92.123.104.46
  • 92.123.104.43
whitelisted

Threats

PID
Process
Class
Message
316
PCOptimizerProSetup_STD.exe
A Network Trojan was detected
ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer)
316
PCOptimizerProSetup_STD.exe
Misc activity
ET INFO Observed ZeroSSL SSL/TLS Certificate
2056
PCOptimizerPro.exe
A Network Trojan was detected
ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer)
2056
PCOptimizerPro.exe
Misc activity
ET INFO Observed ZeroSSL SSL/TLS Certificate
2648
msedge.exe
Misc activity
ET INFO Observed ZeroSSL SSL/TLS Certificate
Process
Message
regsvr32.exe
HKCR { NoRemove CLSID { ForceRemove {203ABD21-41F1-4F1B-BAE3-D6A89A90D239} = s 'PCProCtxMenu Class' { InprocServer32 = s 'C:\Program Files\PC Optimizer Pro\PCOptProCtxMenu.dll' { val ThreadingModel = s 'Apartment' } } } NoRemove * { NoRemove ShellEx { NoRemove ContextMenuHandlers { ForceRemove PCProCtxMenu = s '{203ABD21-41F1-4F1B-BAE3-D6A89A90D239}' } } } NoRemove lnkfile { NoRemove ShellEx { NoRemove ContextMenuHandlers { ForceRemove PCProCtxMenu = s '{203ABD21-41F1-4F1B-BAE3-D6A89A90D239}' } } } }
regsvr32.exe
HKCR { NoRemove CLSID { ForceRemove {203ABD21-41F1-4F1B-BAE3-D6A89A90D239} = s 'PCProCtxMenu Class' { InprocServer32 = s 'C:\Program Files\PC Optimizer Pro\PCOptProCtxMenu.dll' { val ThreadingModel = s 'Apartment' } } } NoRemove * { NoRemove ShellEx { NoRemove ContextMenuHandlers { ForceRemove PCProCtxMenu = s '{203ABD21-41F1-4F1B-BAE3-D6A89A90D239}' } } } NoRemove lnkfile { NoRemove ShellEx { NoRemove ContextMenuHandlers { ForceRemove PCProCtxMenu = s '{203ABD21-41F1-4F1B-BAE3-D6A89A90D239}' } } } }
PCOptimizerProSetup_STD.exe
strData:0584476389
PCOptimizerProSetup_STD.exe
Initial:Hqa77l1daY
PCOptimizerProSetup_STD.exe
Target:4GKIk
PCOptimizerProSetup_STD.exe
Target:Hqa77l1daY4GKIk
PCOptimizerPro.exe
20180827
PCOptimizerPro.exe
20190923
PCOptimizerPro.exe
20190923
PCOptimizerPro.exe
20230706
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
PCOptimizerProInstaller.exe