File name:

2025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exe

Full analysis: https://app.any.run/tasks/6322df05-ac00-42ee-8245-21bf7539aff5
Verdict: Malicious activity
Analysis date: July 08, 2025, 17:10:41
OS: Windows 10 Professional (build: 19044, 64 bit)
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
MD5:

97F2F2AFD634C8EF5A64BFF6932EE70F

SHA1:

89D435995D4B8ADA05BDCA49EAE8F234E4785D96

SHA256:

B6E40765196198B433AA07E987E19F7B1656B4F85629D86521BAB563158C6AFE

SSDEEP:

98304:oBQZwTljJhgtCq/bTpc+Kx11OdQORoD7Mo1xSS6PNAs9qL3iDHU0gE/EtMJTVz9l:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • ICCProxy.exe (PID: 3580)
      • ICCProxy.exe (PID: 5920)

  • SUSPICIOUS

    • Executes as Windows Service

      • ICCProxy.exe (PID: 5920)

    • Executable content was dropped or overwritten

      • 2025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exe (PID: 2116)

  • INFO

    • The sample compiled with english language support

      • 2025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exe (PID: 2116)

    • Checks supported languages

      • 2025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exe (PID: 2116)
      • ICCProxy.exe (PID: 3580)
      • ICCProxy.exe (PID: 5920)

    • Reads the computer name

      • 2025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exe (PID: 2116)
      • ICCProxy.exe (PID: 3580)
      • ICCProxy.exe (PID: 5920)

    • Creates files in the program directory

      • 2025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exe (PID: 2116)

    • Reads the software policy settings

      • slui.exe (PID: 236)

    • Checks proxy server information

      • slui.exe (PID: 236)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:04:26 00:28:08+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 266240
InitializedDataSize: 1101824
UninitializedDataSize: -
EntryPoint: 0x2a8f8
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.4.3.0
ProductVersionNumber: 1.4.3.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Intel Corporation
FileDescription: Intel(R) Installation Framework
FileVersion: 1, 4, 3, 0
InternalName: ICCS
LegalCopyright: Copyright 2011, Intel Corporation
LegalTrademarks: Intel Corporation
OriginalFileName: Setup.exe
ProductName: Intel(R) Installation Framework
ProductVersion: 1, 4, 3, 0
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
137
Monitored processes
5
Malicious processes
1
Suspicious processes
2

Behavior graph

Click at the process to see the details
start 2025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exe iccproxy.exe no specs iccproxy.exe no specs slui.exe 2025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
236C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2116"C:\Users\admin\Desktop\2025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exe" C:\Users\admin\Desktop\2025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exe
explorer.exe
User:
admin
Company:
Intel Corporation
Integrity Level:
HIGH
Description:
Intel(R) Installation Framework
Exit code:
0
Version:
1, 4, 3, 0
Modules
Images
c:\users\admin\desktop\2025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
3580"C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe" /serviceC:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe2025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exe
User:
admin
Company:
Intel Corporation
Integrity Level:
HIGH
Description:
Intel(R) Integrated Clock Controller Service - Intel(R) ICCS
Exit code:
0
Version:
1.0.0.1
Modules
Images
c:\program files (x86)\intel\intel(r) integrated clock controller service\iccproxy.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\setupapi.dll
5920"C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe"C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exeservices.exe
User:
SYSTEM
Company:
Intel Corporation
Integrity Level:
SYSTEM
Description:
Intel(R) Integrated Clock Controller Service - Intel(R) ICCS
Version:
1.0.0.1
Modules
Images
c:\program files (x86)\intel\intel(r) integrated clock controller service\iccproxy.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\setupapi.dll
c:\windows\syswow64\msvcrt.dll
6720"C:\Users\admin\Desktop\2025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exe" C:\Users\admin\Desktop\2025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exeexplorer.exe
User:
admin
Company:
Intel Corporation
Integrity Level:
MEDIUM
Description:
Intel(R) Installation Framework
Exit code:
3221226540
Version:
1, 4, 3, 0
Modules
Images
c:\users\admin\desktop\2025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
Total events
3 590
Read events
3 565
Write events
24
Delete events
1

Modification events

(PID) Process:(2116) 2025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Intel\ICCS\Uninstall
Operation:writeName:service0
Value:
operation=stoponuninstall
(PID) Process:(2116) 2025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Intel\ICCS\Uninstall
Operation:writeName:process0
Value:
bin=C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(PID) Process:(2116) 2025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Intel\ICCS\Uninstall
Operation:writeName:Folder0
Value:
path=C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service
(PID) Process:(2116) 2025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Intel\ICCS\Uninstall
Operation:writeName:File0
Value:
path=C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\uninstall\en-US\license.txt
(PID) Process:(2116) 2025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Intel\ICCS\Uninstall
Operation:writeName:File1
Value:
path=C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\uninstall\en-US\setup.exe.dll
(PID) Process:(2116) 2025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Intel\ICCS\Uninstall
Operation:writeName:Folder1
Value:
path=C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\uninstall
(PID) Process:(2116) 2025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Intel\ICCS\Uninstall
Operation:writeName:File2
Value:
path=C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(PID) Process:(3580) ICCProxy.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ICCProxy.EXE
Operation:writeName:AppID
Value:
{3163A299-B985-4140-A820-57D8351EFCA1}
(PID) Process:(3580) ICCProxy.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3163A299-B985-4140-A820-57D8351EFCA1}
Operation:delete valueName:LocalService
Value:
(PID) Process:(3580) ICCProxy.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3163A299-B985-4140-A820-57D8351EFCA1}
Operation:writeName:LocalService
Value:
ICCS
Executable files
7
Suspicious files
1
Text files
5
Unknown types
2

Dropped files

PID
Process
Filename
Type
21162025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exeC:\Windows\Temp\IIF598A.tmp\ICC_PROXY\ICCProxy.idltext
MD5:DFB337A2AD88CF5A19F07F1966CCB136
SHA256:192EA1EA959049323D04AB4E39B8C239B705B49B2F11EF9AF11B8A975E1641E2
21162025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exeC:\Windows\Temp\IIF598A.tmp\ICC_PROXY\icc_fw_simulator.initext
MD5:53713862D71A02E3FD1B0056F213CBFE
SHA256:2087DADD7A03EA23ECBAACFCA67E62976266401415513D2ECE8B6C3B3C0C49C2
21162025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exeC:\Windows\Temp\IIF598A.tmp\ICC_PROXY\IccLibProxyTypes.htext
MD5:D402E0D94284CAFFF6B51AD6F0562AB4
SHA256:DB53B10CC8A6D83D52658C5CBA1E064A4A0E9966F40A72BD88C96DFA3CE53048
21162025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exeC:\Windows\Temp\IIF598A.tmp\ICC_PROXY\icc_fw_simulator.exeexecutable
MD5:62567FDABC7AD2BB0DC034114BDB47DF
SHA256:7794A957E788EDE96C4F921DCA124FE87E5FD7457B529BA7FA1784C12BABF383
21162025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exeC:\Windows\Temp\IIF598A.tmp\ICC_PROXY\icc_fw_simulator_lock_mask.bindbf
MD5:C2BE42D61A7D64CD197D5220FDA69B5B
SHA256:E868A3C0941C7E82FE7C42617CBD3C332C46614A4EB25A160BE5D9379F6E5402
21162025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exeC:\Windows\Temp\IIF598A.tmp\Setup.if2binary
MD5:CDD2F4F9C3B30AF6003F32B742583A9E
SHA256:D65FF4B61D3D376E3D8741D695B5D983229B09203F9198819A3A385AB72FAAB3
21162025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exeC:\Windows\Temp\IIF598A.tmp\setup.exeexecutable
MD5:D5D8F72D7A485D9842227652773384E2
SHA256:8EC5CD1C2AEE10C05660297D0FCB6FF35BE9977A7FFBF2AD8B7265F2D7A7CCDC
21162025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exeC:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exeexecutable
MD5:83FF82FE209E7997067B375DAD6CF23D
SHA256:E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F1102928B320795091
21162025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exeC:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\uninstall\en-US\setup.exe.dllexecutable
MD5:A3E690614D940CEA53AA1084674D6F93
SHA256:86F97668B5F2EFE0C67C049A60F0E781C2A2D3DE1E3C752816DA9D24B30058B7
21162025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exeC:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\uninstall\en-US\license.txttext
MD5:BAE997FC4AA16952D2B4D00D455B767F
SHA256:E34BA4F8D3BBA4C68BC0BA941A3CC6424F0E81D6BD883B4D424BC363B3386AA2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
20
DNS requests
7
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
2.16.168.114:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1164
RUXIMICS.exe
GET
200
2.16.168.114:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1164
RUXIMICS.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1268
svchost.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
500
40.91.76.224:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
whitelisted
POST
500
40.91.76.224:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1268
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1164
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
2.16.168.114:80
crl.microsoft.com
Akamai International B.V.
RU
whitelisted
1164
RUXIMICS.exe
2.16.168.114:80
crl.microsoft.com
Akamai International B.V.
RU
whitelisted
1268
svchost.exe
2.16.253.202:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
1164
RUXIMICS.exe
2.16.253.202:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
1268
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 20.73.194.208
whitelisted
google.com
  • 172.217.16.206
whitelisted
crl.microsoft.com
  • 2.16.168.114
  • 2.16.168.124
whitelisted
www.microsoft.com
  • 2.16.253.202
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted
self.events.data.microsoft.com
  • 13.89.178.26
whitelisted

Threats

PID
Process
Class
Message
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
2025-07-08_97f2f2afd634c8ef5a64bff6932ee70f_elex_gcleaner_stop.exe