| URL: | https://www.googleadservices.com/pagead/aclk?sa=L&ai=Cq4VVZOcoW8inH4G47gSpsb0QtP7cs03Fu4rYpwa7jMOyOBABIJfPqyFgw4SAgJgYoAHJhLzmA8gBCakCG9QHIPZfqT6oAwHIA8MEqgT7AU_Q1cZwIq7VIqP3VKb50qycpBAQLG7MB2nDbXO3EOtvVJxQDgTD79yDeybSSO8iYuHv1Y8zryQtz6wXicnjBudDmG1OcFl3SK0dTnYplieZdQdVpeQgRmG8Js3GlL0Yk-FidiW9u3Uc2LjB6eJidM1tvsaOE1fx88GzmLHlKRVPrVctiaQis1_etQhDJe332zwQSY64sOfgG61hr6vxXtqr1ZVY2uHg9RjoyX5xXrZx7_GDyKAVlC0NWKg-xTY2gVoW61eH5wIg66TOka7rmuovOONW8rOgY5wcYNJhUjfBOEcpKPZAI9rQbTMbA2dtkfUJuCOz7debkTD6oAYugAef-8MZqAeOzhuoB43NG6gH1ckbqAfZyxuoB8_MG6gHpr4bqAeYzhvYBwDSCAkIgOGAcBABGAGxCYccjYHgeQotgAoD2BMM&num=1&cid=CAASPeRohBpD4K_ZZYlKJjFWCTNrMd6mwf-4Mhn_YriO1DadKcaXFyI98oLHjhpuqt3ATE2QNekXGYs9Ok1qOCE&sig=AOD64_1MUJBRZ-o-gO1kTGoAlbCqJ6GEjw&client=ca-pub-3249370012249755&adurl=https://www.pchelpsoft.com/pc-cleaner/lpno-ms/%3Ftracking%3DPH_NO_PP_GO_CO_PCC%26keyword%3D%26campaignID%3DADWORDS&mb=2&bg=!i4iliJBE4pbxZ1-ZYM8CAAAAMlIAAAANmQE0LfCqqUZNH0VpjYXCo2_A7gK93rg_GexnuFnWItyV_nwBn-HljtZ6hKqwBBimruIsOjl80Z9UWM7ZECMbO4x7g-IWKZioGOgZnoBUnuqOogDtxI9qPRaUYi5E9COsrDiFBJgX1T1sX53EW3wbRVrvozJlyEWveXF0PkV-VPfegTlIx1DYjU-7D6V1YDPYKiyxaFmCKlrjS5qYrfe8UdCskInqPgEc7kvwDJa554vSGPlZj629I56sGgWQcYPdWV9H3LLm6gOLlXFtlLLhcQs_UzJWrmulQ9UUG0DnwbbpL6tSK4Pcdpm_r0VwrZO7A187Qofdt_IXQiNaBWeob-Y7nkJtz9Z9LNlZ7MsJKFzEyJpeqO1Y_T2vdoo08nS3c0DHrYg7PWIfZIsQNbkA67Rfwk4hFtw |
| Full analysis: | https://app.any.run/tasks/77452ae8-2bd6-4450-b98a-f9ec8fa6fe0c |
| Verdict: | No threats detected |
| Analysis date: | June 19, 2018, 15:17:03 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MD5: | 72541E7B1E69441EA080067C33CD6895 |
| SHA1: | BC26DB30976FB386BFE4568D1485557B5F30030A |
| SHA256: | 917E223DB4D2F13EDFE8DA378EA402132635A2C9417220BEF48DDAD455C67749 |
| SSDEEP: | 24:2DGx2eAVYzsbHUHktv0nulLAFucjucZrDe4SaMpYeJJwRSslR35aBDvX6S:5xVAVIkl0nuduukuofua8tJJwRS2YBeS |
MALICIOUS
Application was dropped or rewritten from another process
- PC_Cleaner.exe (PID: 2224)
- PC_Cleaner.exe (PID: 4044)
- PCCleaner.exe (PID: 2452)
- PCCNotifications.exe (PID: 3956)
Loads dropped or rewritten executable
- PCCleaner.exe (PID: 2452)
Uses Task Scheduler to run other applications
- PCCleaner.exe (PID: 2452)
Loads the Task Scheduler COM API
- schtasks.exe (PID: 3172)
SUSPICIOUS
Executable content was dropped or overwritten
- msdt.exe (PID: 3244)
- iexplore.exe (PID: 1752)
- iexplore.exe (PID: 452)
- PC_Cleaner.exe (PID: 2224)
- PC_Cleaner.exe (PID: 4044)
- PC_Cleaner.tmp (PID: 3704)
Application launched itself
- software_reporter_tool.exe (PID: 4020)
Reads the Windows organization settings
- PC_Cleaner.tmp (PID: 3704)
Reads Windows owner settings
- PC_Cleaner.tmp (PID: 3704)
Creates files in the program directory
- PCCleaner.exe (PID: 2452)
Modifies files in Chrome extension folder
- chrome.exe (PID: 3632)
Reads Microsoft Outlook installation path
- PCCleaner.exe (PID: 2452)
INFO
Dropped object may contain URL's
- msdt.exe (PID: 3244)
- iexplore.exe (PID: 1752)
- iexplore.exe (PID: 452)
- chrome.exe (PID: 3632)
- PC_Cleaner.tmp (PID: 3704)
- iexplore.exe (PID: 2596)
- chrome.exe (PID: 1528)
- chrome.exe (PID: 2344)
Application launched itself
- chrome.exe (PID: 3632)
- iexplore.exe (PID: 452)
Changes internet zones settings
- iexplore.exe (PID: 452)
Reads Internet Cache Settings
- iexplore.exe (PID: 1752)
- iexplore.exe (PID: 452)
- iexplore.exe (PID: 2596)
Creates files in the user directory
- iexplore.exe (PID: 1752)
- FlashUtil32_27_0_0_187_ActiveX.exe (PID: 308)
- iexplore.exe (PID: 2596)
Loads the Task Scheduler COM API
- software_reporter_tool.exe (PID: 4020)
Reads internet explorer settings
- iexplore.exe (PID: 1752)
- iexplore.exe (PID: 2596)
Application was dropped or rewritten from another process
- PC_Cleaner.tmp (PID: 3704)
- PC_Cleaner.tmp (PID: 1452)
Creates files in the program directory
- PC_Cleaner.tmp (PID: 3704)
Creates a software uninstall entry
- PC_Cleaner.tmp (PID: 3704)
Dropped object may contain Bitcoin addresses
- iexplore.exe (PID: 2596)
Reads settings of System Certificates
- iexplore.exe (PID: 452)
Adds / modifies Windows certificates
- iexplore.exe (PID: 452)
Changes settings of System certificates
- iexplore.exe (PID: 452)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
73
Monitored processes
29
Malicious processes
0
Suspicious processes
4
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 308 | C:\Windows\system32\Macromed\Flash\FlashUtil32_27_0_0_187_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_27_0_0_187_ActiveX.exe | — | svchost.exe | |||||||||||
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 27.0 r0 Exit code: 0 Version: 27,0,0,187 Modules
| |||||||||||||||
| 316 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,15959790620253501748,17657575911046065498,131072 --service-pipe-token=00B546F93A0B85EB7926F5128E96F5E1 --lang=en-US --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=00B546F93A0B85EB7926F5128E96F5E1 --renderer-client-id=13 --mojo-platform-channel-handle=2164 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 61.0.3163.100 Modules
| |||||||||||||||
| 452 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 1400 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,15959790620253501748,17657575911046065498,131072 --service-pipe-token=DE932648D84004852271C5CB97F4A25E --lang=en-US --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=DE932648D84004852271C5CB97F4A25E --renderer-client-id=11 --mojo-platform-channel-handle=1660 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 61.0.3163.100 Modules
| |||||||||||||||
| 1452 | "C:\Users\admin\AppData\Local\Temp\is-5MK3T.tmp\PC_Cleaner.tmp" /SL5="$9027E,3580832,121344,C:\Users\admin\Downloads\PC_Cleaner.exe" | C:\Users\admin\AppData\Local\Temp\is-5MK3T.tmp\PC_Cleaner.tmp | — | PC_Cleaner.exe | |||||||||||
User: admin Integrity Level: MEDIUM Description: Setup/Uninstall Exit code: 0 Version: 51.1052.0.0 Modules
| |||||||||||||||
| 1528 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1596,15959790620253501748,17657575911046065498,131072 --lang=en-US --utility-allowed-dir="C:\Users\admin\AppData\Local\Temp\scoped_dir3632_4173" --service-request-channel-token=147C7E6373444498FF6F08BCE90E1E0A --mojo-platform-channel-handle=1660 --ignored=" --type=renderer " /prefetch:8 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 61.0.3163.100 Modules
| |||||||||||||||
| 1752 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:452 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 1980 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2748 --on-initialized-event-handle=296 --parent-handle=300 /prefetch:6 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 61.0.3163.100 Modules
| |||||||||||||||
| 2096 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,15959790620253501748,17657575911046065498,131072 --service-pipe-token=9AE64D0FF854160E4155CDEB0BA14457 --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=9AE64D0FF854160E4155CDEB0BA14457 --renderer-client-id=6 --mojo-platform-channel-handle=3388 /prefetch:1 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 61.0.3163.100 Modules
| |||||||||||||||
| 2224 | "C:\Users\admin\Downloads\PC_Cleaner.exe" | C:\Users\admin\Downloads\PC_Cleaner.exe | iexplore.exe | ||||||||||||
User: admin Company: PC_Help_Soft Integrity Level: MEDIUM Description: PC Cleaner Exit code: 0 Version: 6.2 Modules
| |||||||||||||||
Total events
26 527
Read events
25 888
Write events
613
Delete events
26
Modification events
| (PID) Process: | (452) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
| Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
| (PID) Process: | (452) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
| (PID) Process: | (452) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | AutoDetect |
Value: 1 | |||
| (PID) Process: | (452) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones |
| Operation: | write | Name: | SecuritySafe |
Value: 1 | |||
| (PID) Process: | (452) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
| Operation: | write | Name: | ProxyEnable |
Value: 0 | |||
| (PID) Process: | (452) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections |
| Operation: | write | Name: | SavedLegacySettings |
Value: 4600000070000000010000000000000000000000000000000000000000000000400C35B347C7D301000000000000000000000000020000001700000000000000FE80000000000000D45917EAB3ED3D860B000000000000001700000000000000FE80000000000000D45917EAB3ED3D860B000000000000001C00000000000000000000000000000000000000000000000000000000000000170000000000000000000000000000000000FFFFC0A8640B000000000000000002000000C0A801640000000000000000000000000000000000000000000000000C00000C37D0000010A73800D8703600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081F800009000230090002300380023000000000000702C000A00000000000000F8412C00 | |||
| (PID) Process: | (452) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active |
| Operation: | write | Name: | {DDBD9CCB-73D3-11E8-B27F-5254004AAD21} |
Value: 0 | |||
| (PID) Process: | (452) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore |
| Operation: | write | Name: | Type |
Value: 4 | |||
| (PID) Process: | (452) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore |
| Operation: | write | Name: | Count |
Value: 5 | |||
| (PID) Process: | (452) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore |
| Operation: | write | Name: | Time |
Value: E2070600020013000F00110018003501 | |||
Executable files
10
Suspicious files
65
Text files
342
Unknown types
27
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 452 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2LKO8ICX\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
| 452 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
| 1752 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat | dat | |
MD5:— | SHA256:— | |||
| 1752 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@www.googleadservices[1].txt | text | |
MD5:— | SHA256:— | |||
| 1752 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat | dat | |
MD5:— | SHA256:— | |||
| 452 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\NDF4D03.tmp | binary | |
MD5:— | SHA256:— | |||
| 1752 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT | smt | |
MD5:— | SHA256:— | |||
| 1752 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WF2FXMJU\dnserror[1] | html | |
MD5:68E03ED57EC741A4AFBBCD11FAB1BDBE | SHA256:1FF3334C3EB27033F8F37029FD72F648EDD4551FCE85FC1F5159FEAEA1439630 | |||
| 452 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2LKO8ICX\favicon[2].png | image | |
MD5:9FB559A691078558E77D6848202F6541 | SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914 | |||
| 1752 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7W7KPD6U\ErrorPageTemplate[1] | text | |
MD5:F4FE1CB77E758E1BA56B8A8EC20417C5 | SHA256:8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
17
TCP/UDP connections
87
DNS requests
56
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
2452 | PCCleaner.exe | GET | — | 217.195.25.242:80 | http://webtools.pchelpsoft.com/install_success.cfm?redirectId=pchelpsoft/pc-cleaner-6.htm | FR | — | — | unknown |
2452 | PCCleaner.exe | GET | 200 | 176.9.2.106:80 | http://dev.techsupport.smartpcupdate.com/build/ONESAFE/PCHS_PCC6 | DE | — | — | malicious |
2452 | PCCleaner.exe | GET | 404 | 104.196.253.185:80 | http://www.pchelpsoft.com/images/build-phone-banners/phone_activation.png | US | — | — | suspicious |
3956 | PCCNotifications.exe | GET | — | 176.9.2.106:80 | http://dev.techsupport.smartpcupdate.com/hash/PCHS | DE | — | — | malicious |
2596 | iexplore.exe | GET | 302 | 216.239.38.21:80 | http://virustotal.com/ | US | — | — | whitelisted |
3632 | chrome.exe | GET | 200 | 23.37.43.27:80 | http://s2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEH7hSm9v7%2FLTfz%2BtZU062rQ%3D | NL | der | 1.71 Kb | whitelisted |
3632 | chrome.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D | US | der | 471 b | whitelisted |
1752 | iexplore.exe | GET | 302 | 217.195.25.242:80 | http://webtools.pchelpsoft.com/download.cfm?tracking=PH_NO_PP_GO_CO_PCC&keyword=&campaignID=ADWORDS&gclid=EAIaIQobChMIyOmVps7f2wIVAZybCh2pWA8CEAEYASAAEgLhaPD_BwE&go=https://dhcppd6c99x6i.cloudfront.net/ph_downloads/PC_Cleaner.exe | FR | text | 83 b | unknown |
3632 | chrome.exe | GET | 200 | 13.107.4.50:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | US | compressed | 52.5 Kb | whitelisted |
2452 | PCCleaner.exe | GET | 200 | 94.130.13.79:80 | http://stats.smartpctools.com/si?p=PCHS_PCC6&b=6.2&c=Apr2018 | DE | text | 18 b | unknown |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
1752 | iexplore.exe | 104.196.253.185:443 | www.pchelpsoft.com | Google Inc. | US | whitelisted |
1752 | iexplore.exe | 172.217.22.98:443 | www.googleadservices.com | Google Inc. | US | whitelisted |
3632 | chrome.exe | 216.58.207.67:443 | www.google.ru | Google Inc. | US | whitelisted |
3632 | chrome.exe | 172.217.18.163:443 | clientservices.googleapis.com | Google Inc. | US | whitelisted |
1752 | iexplore.exe | 216.58.210.10:443 | ajax.googleapis.com | Google Inc. | US | whitelisted |
1752 | iexplore.exe | 23.43.123.92:443 | seal.websecurity.norton.com | Akamai International B.V. | NL | whitelisted |
3632 | chrome.exe | 172.217.18.174:443 | apis.google.com | Google Inc. | US | whitelisted |
1752 | iexplore.exe | 69.58.181.71:443 | extended-validation-ssl.websecurity.symantec.com | VeriSign Infrastructure & Operations | US | unknown |
1752 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
1752 | iexplore.exe | 216.58.205.232:443 | www.googletagmanager.com | Google Inc. | US | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
www.bing.com |
| whitelisted |
www.googleadservices.com |
| whitelisted |
www.pchelpsoft.com |
| suspicious |
clientservices.googleapis.com |
| whitelisted |
www.google.ru |
| whitelisted |
ssl.gstatic.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
ajax.googleapis.com |
| whitelisted |
seal.websecurity.norton.com |
| whitelisted |
apis.google.com |
| whitelisted |