File name:

MyCleanPCInstall.exe

Full analysis: https://app.any.run/tasks/546084f4-7b09-440c-9001-7077f6847d41
Verdict: Malicious activity
Analysis date: October 23, 2023, 13:38:41
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

D338C0E31C09E523FDF58BEB7BFF7C3D

SHA1:

747A74B3C42939115BF963EC49E1056A765F036B

SHA256:

C285206A068A08F5F9E3E794CB5C2C893C0A0EB92CF3A96CB387149639BC13B1

SSDEEP:

196608:uRAcvsAST2T47y2K1cm2oBYx19MxaAsYa+XxLBBQ8Xw7yN2obeTdHkKX0zRO1/C+:uRAcvsAST37JK1W19MxaOl8zob0Z10zc

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • MyCleanPCInstall.exe (PID: 2888)
      • msiexec.exe (PID: 3760)
      • msiexec.exe (PID: 3076)
      • msiexec.exe (PID: 2612)
      • InstAct.exe (PID: 3852)
      • InstAct.exe (PID: 3640)
      • InstAct.exe (PID: 3240)
      • MyCleanPC.exe (PID: 1840)

    • Drops the executable file immediately after the start

      • msiexec.exe (PID: 1940)
      • MyCleanPCInstall.exe (PID: 2888)

    • Application was dropped or rewritten from another process

      • InstAct.exe (PID: 3852)
      • InstAct.exe (PID: 3640)
      • InstAct.exe (PID: 3240)
      • MyCleanPC.exe (PID: 1840)
      • updater.exe (PID: 4008)
      • updater.exe (PID: 3304)

    • Actions looks like stealing of personal data

      • MyCleanPC.exe (PID: 1840)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • MyCleanPCInstall.exe (PID: 2888)
      • msiexec.exe (PID: 1940)

    • Reads settings of System Certificates

      • MyCleanPCInstall.exe (PID: 2888)
      • MyCleanPCInstall.exe (PID: 3672)
      • InstAct.exe (PID: 3852)
      • MyCleanPC.exe (PID: 1840)
      • InstAct.exe (PID: 3640)
      • InstAct.exe (PID: 3240)

    • Checks Windows Trust Settings

      • MyCleanPCInstall.exe (PID: 2888)
      • MyCleanPCInstall.exe (PID: 3672)
      • msiexec.exe (PID: 1940)
      • MyCleanPC.exe (PID: 1840)

    • Reads security settings of Internet Explorer

      • MyCleanPCInstall.exe (PID: 2888)
      • MyCleanPCInstall.exe (PID: 3672)
      • MyCleanPC.exe (PID: 1840)

    • Reads the Windows owner or organization settings

      • MyCleanPCInstall.exe (PID: 2888)
      • MyCleanPCInstall.exe (PID: 3672)

    • Reads Internet Explorer settings

      • MyCleanPCInstall.exe (PID: 2888)

    • Reads the Internet Settings

      • MyCleanPCInstall.exe (PID: 2888)
      • InstAct.exe (PID: 3852)
      • InstAct.exe (PID: 3240)
      • msiexec.exe (PID: 3760)
      • MyCleanPC.exe (PID: 1840)
      • InstAct.exe (PID: 3640)
      • updater.exe (PID: 4008)
      • updater.exe (PID: 3304)

    • Application launched itself

      • MyCleanPCInstall.exe (PID: 2888)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 1940)

    • Executes as Windows Service

      • VSSVC.exe (PID: 1880)

    • Reads browser cookies

      • MyCleanPC.exe (PID: 1840)

  • INFO

    • Reads the computer name

      • MyCleanPCInstall.exe (PID: 2888)
      • msiexec.exe (PID: 1940)
      • msiexec.exe (PID: 3760)
      • wmpnscfg.exe (PID: 3252)
      • MyCleanPCInstall.exe (PID: 3672)
      • msiexec.exe (PID: 2612)
      • InstAct.exe (PID: 3852)
      • msiexec.exe (PID: 3076)
      • InstAct.exe (PID: 3640)
      • InstAct.exe (PID: 3240)
      • MyCleanPC.exe (PID: 1840)
      • updater.exe (PID: 4008)
      • updater.exe (PID: 3304)

    • Checks supported languages

      • MyCleanPCInstall.exe (PID: 2888)
      • msiexec.exe (PID: 1940)
      • msiexec.exe (PID: 3760)
      • wmpnscfg.exe (PID: 3252)
      • MyCleanPCInstall.exe (PID: 3672)
      • msiexec.exe (PID: 2612)
      • msiexec.exe (PID: 3076)
      • InstAct.exe (PID: 3852)
      • InstAct.exe (PID: 3240)
      • InstAct.exe (PID: 3640)
      • MyCleanPC.exe (PID: 1840)
      • updater.exe (PID: 4008)
      • updater.exe (PID: 3304)

    • Reads Environment values

      • MyCleanPCInstall.exe (PID: 2888)
      • MyCleanPCInstall.exe (PID: 3672)
      • InstAct.exe (PID: 3852)
      • InstAct.exe (PID: 3240)
      • MyCleanPC.exe (PID: 1840)
      • updater.exe (PID: 4008)
      • InstAct.exe (PID: 3640)
      • updater.exe (PID: 3304)

    • Reads the machine GUID from the registry

      • MyCleanPCInstall.exe (PID: 2888)
      • msiexec.exe (PID: 1940)
      • msiexec.exe (PID: 3760)
      • wmpnscfg.exe (PID: 3252)
      • MyCleanPCInstall.exe (PID: 3672)
      • msiexec.exe (PID: 2612)
      • msiexec.exe (PID: 3076)
      • InstAct.exe (PID: 3852)
      • InstAct.exe (PID: 3240)
      • InstAct.exe (PID: 3640)
      • MyCleanPC.exe (PID: 1840)
      • updater.exe (PID: 4008)
      • updater.exe (PID: 3304)

    • Creates files or folders in the user directory

      • MyCleanPCInstall.exe (PID: 2888)
      • MyCleanPC.exe (PID: 1840)

    • Application launched itself

      • msiexec.exe (PID: 1940)
      • msedge.exe (PID: 2964)
      • msedge.exe (PID: 3744)

    • Create files in a temporary directory

      • MyCleanPCInstall.exe (PID: 2888)
      • msiexec.exe (PID: 1940)
      • msiexec.exe (PID: 2612)
      • msiexec.exe (PID: 3076)
      • MyCleanPC.exe (PID: 1840)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 3252)
      • msedge.exe (PID: 3744)

    • Creates files in the program directory

      • InstAct.exe (PID: 3852)

    • Checks proxy server information

      • updater.exe (PID: 4008)
      • updater.exe (PID: 3304)

    • Drops the executable file immediately after the start

      • msedge.exe (PID: 3744)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

ProductVersion: 4.0.8
ProductName: MyCleanPC
OriginalFileName: MyCleanPCSetup.exe
LegalCopyright: RealDefense LLC
InternalName: MyCleanPCSetup
FileVersion: 4.0.8
FileDescription: MyCleanPC Installer
CompanyName: RealDefense LLC
CharacterSet: Unicode
LanguageCode: English (U.S.)
FileSubtype: -
ObjectFileType: Dynamic link library
FileOS: Win32
FileFlags: Debug
FileFlagsMask: 0x003f
ProductVersionNumber: 4.0.8.0
FileVersionNumber: 4.0.8.0
Subsystem: Windows GUI
SubsystemVersion: 6
ImageVersion: -
OSVersion: 6
EntryPoint: 0x1901c4
UninitializedDataSize: -
InitializedDataSize: 971264
CodeSize: 2130432
LinkerVersion: 14.29
PEType: PE32
ImageFileCharacteristics: Executable, Large address aware, 32-bit
TimeStamp: 2021:10:20 08:23:58+00:00
MachineType: Intel 386 or later, and compatibles
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
86
Monitored processes
44
Malicious processes
10
Suspicious processes
2

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start mycleanpcinstall.exe msiexec.exe no specs msiexec.exe no specs wmpnscfg.exe no specs mycleanpcinstall.exe no specs msiexec.exe msiexec.exe instact.exe instact.exe instact.exe mycleanpc.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs updater.exe updater.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs SPPSurrogate no specs vssvc.exe no specs mycleanpcinstall.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
124"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1352 --field-trial-handle=1288,i,8519902402971081387,4976715717955626985,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
444"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x687cf598,0x687cf5a8,0x687cf5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
940"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3404 --field-trial-handle=1224,i,3590902179242535730,9724067822958670817,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcrt.dll
1024"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4392 --field-trial-handle=1224,i,3590902179242535730,9724067822958670817,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1372"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 --field-trial-handle=1224,i,3590902179242535730,9724067822958670817,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1840"C:\Program Files\MyCleanPC\MyCleanPC.exe" afterinstallpopup "C:\Users\admin\AppData\Local\Temp\MyCleanPCInstall.exe"C:\Program Files\MyCleanPC\MyCleanPC.exe
msiexec.exe
User:
admin
Company:
RealDefense LLC
Integrity Level:
HIGH
Description:
MyCleanPC
Exit code:
0
Version:
4.0.8.0
Modules
Images
c:\program files\mycleanpc\mycleanpc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcrt.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1880C:\Windows\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1920"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2340 --field-trial-handle=1224,i,3590902179242535730,9724067822958670817,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\cryptbase.dll
1940C:\Windows\system32\msiexec.exe /VC:\Windows\System32\msiexec.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2216C:\Windows\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}C:\Windows\System32\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
COM Surrogate
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\dllhost.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\user32.dll
c:\windows\system32\ole32.dll
Total events
29 347
Read events
29 152
Write events
179
Delete events
16

Modification events

(PID) Process:(2888) MyCleanPCInstall.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3252) wmpnscfg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{2A7544CC-6D05-471D-B751-25332D48F4C5}\{D6C04945-BEBB-4C63-A585-DAAEEB0BEEC4}
Operation:delete keyName:(default)
Value:
(PID) Process:(3252) wmpnscfg.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{2A7544CC-6D05-471D-B751-25332D48F4C5}
Operation:delete keyName:(default)
Value:
(PID) Process:(3252) wmpnscfg.exeKey:HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health\{FF153215-C542-4A36-9C4F-DEB8F727644F}
Operation:delete keyName:(default)
Value:
(PID) Process:(2888) MyCleanPCInstall.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2888) MyCleanPCInstall.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2888) MyCleanPCInstall.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2888) MyCleanPCInstall.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3672) MyCleanPCInstall.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1940) msiexec.exeKey:HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
77
Suspicious files
169
Text files
102
Unknown types
0

Dropped files

PID
Process
Filename
Type
2888MyCleanPCInstall.exeC:\Users\admin\AppData\Roaming\MyCleanPC\MyCleanPC 4.0.8\install\decoder.dllexecutable
MD5:30343886ACDCA1773F2D33F6449A122D
SHA256:89C295DBB0882B7EDEB06B058324459B461944719D008C40BAD1075AA0BF94D8
2888MyCleanPCInstall.exeC:\Users\admin\AppData\Roaming\MyCleanPC\MyCleanPC 4.0.8\install\47F0247\InstAct.exeexecutable
MD5:D52E8D3413DC9A1906AE4E4E87792FCC
SHA256:FE649A37F0D1612F5A306CB338438DD83EF76D185F8E01755023F4F78BD3C5B8
2888MyCleanPCInstall.exeC:\Users\admin\AppData\Roaming\MyCleanPC\MyCleanPC 4.0.8\install\47F0247\x64\DT.exeexecutable
MD5:7F6875D240FFFEE21F2C30D41E1DAD79
SHA256:D392AA2D15C8D7DA45F6EECD727DEBB9EC7E15249B28BFF5DD4766FB03EF8292
2888MyCleanPCInstall.exeC:\Users\admin\AppData\Roaming\MyCleanPC\MyCleanPC 4.0.8\install\47F0247\geckodriver.exeexecutable
MD5:494DB342049B9D7DEFA511E95DBD21E8
SHA256:255C9D3571C86841213F49B26D176A6AD440BE8C720E3C2D9226076ADF4F603D
2888MyCleanPCInstall.exeC:\Users\admin\AppData\Roaming\MyCleanPC\MyCleanPC 4.0.8\install\47F0247\x86\DT.exeexecutable
MD5:BE0A2F886A510DAC31B60E585EA4B99E
SHA256:E82990A3AD2AB0AB53B60CF0563C2A96CB5C8DCBFEB7E6D526FBCD7C38E3A83B
2888MyCleanPCInstall.exeC:\Users\admin\AppData\Roaming\MyCleanPC\MyCleanPC 4.0.8\install\47F0247\MyCleanPC.exeexecutable
MD5:E0F87CFA2323F151A2650B9E3BEDBEF5
SHA256:ADC82DA642B1B13CAA49FC90FDAED901F6D1629E9A67ABE41BF4821DDBCEB125
2888MyCleanPCInstall.exeC:\Users\admin\AppData\Roaming\MyCleanPC\MyCleanPC 4.0.8\install\47F0247\BouncyCastle.Crypto.dllexecutable
MD5:F6ACFC2EF76DF363194225B462026F78
SHA256:1E21EE3D2B3E0831E60F4A9B4A4133D0A1F3940DB19B37310A2A3CE85B61E28B
2888MyCleanPCInstall.exeC:\Users\admin\AppData\Roaming\MyCleanPC\MyCleanPC 4.0.8\install\47F0247\Newtonsoft.Json.dllexecutable
MD5:8AE5CF88709E707506F1B3113073E2B9
SHA256:2243078C48C76C1D44390B775FFD73E61C700E3B807204F2AF72287785DE1651
2888MyCleanPCInstall.exeC:\Users\admin\AppData\Roaming\MyCleanPC\MyCleanPC 4.0.8\install\47F0247\Papirkurv.dllexecutable
MD5:E5D5009C6B1AFC2A4FC3B758F7900363
SHA256:116B486FC926C38256CB81B69071BCE05CE142FB801568B805C7B6718727F862
2888MyCleanPCInstall.exeC:\Users\admin\AppData\Roaming\MyCleanPC\MyCleanPC 4.0.8\install\47F0247\DC.dllexecutable
MD5:0F84E7485FC8119736949A272D64A9F1
SHA256:CB6EA95BB1C47325EF48ED997E059705CDDA6D94CACB65B4FD33E33307641635
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
113
DNS requests
139
Threats
15

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3304
updater.exe
GET
404
149.210.194.253:80
http://mcpi.helpverify.info/setups/registry/mycleanpc/s/updates.txt
unknown
html
282 b
unknown
4008
updater.exe
GET
404
149.210.194.253:80
http://mcpi.helpverify.info/setups/registry/mycleanpc/s/updates.txt
unknown
html
282 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2656
svchost.exe
239.255.255.250:1900
whitelisted
3852
InstAct.exe
149.210.194.253:443
mcpi.helpverify.info
Signet B.V.
NL
unknown
4
System
192.168.100.255:138
whitelisted
1840
MyCleanPC.exe
149.210.194.253:443
mcpi.helpverify.info
Signet B.V.
NL
unknown
3240
InstAct.exe
149.210.194.253:443
mcpi.helpverify.info
Signet B.V.
NL
unknown
3640
InstAct.exe
149.210.194.253:443
mcpi.helpverify.info
Signet B.V.
NL
unknown
3744
msedge.exe
239.255.255.250:1900
whitelisted
1372
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1372
msedge.exe
20.105.95.163:443
nav-edge.smartscreen.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown

DNS requests

Domain
IP
Reputation
mcpi.helpverify.info
  • 149.210.194.253
unknown
www.mycleanpc.com
  • 108.138.26.16
  • 108.138.26.9
  • 108.138.26.113
  • 108.138.26.35
unknown
config.edge.skype.com
  • 13.107.42.16
whitelisted
nav-edge.smartscreen.microsoft.com
  • 20.105.95.163
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
  • 131.253.33.239
  • 13.107.22.239
whitelisted
data-edge.smartscreen.microsoft.com
  • 51.104.176.40
whitelisted
fonts.googleapis.com
  • 142.251.140.74
whitelisted
cdnjs.cloudflare.com
  • 104.17.24.14
  • 104.17.25.14
whitelisted
code.jquery.com
  • 151.101.194.137
  • 151.101.130.137
  • 151.101.2.137
  • 151.101.66.137
whitelisted
sealserver.trustwave.com
  • 2.17.100.168
  • 2.17.100.201
unknown

Threats

PID
Process
Class
Message
1372
msedge.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard Low Port)
1372
msedge.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard Low Port)
1372
msedge.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)
1372
msedge.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)
1372
msedge.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard Low Port)
1372
msedge.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard Low Port)
1372
msedge.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)
1372
msedge.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard Low Port)
1372
msedge.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard Low Port)
1372
msedge.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard Low Port)
2 ETPRO signatures available at the full report
Process
Message
msiexec.exe
Logger::SetLogFile( C:\Users\admin\AppData\Roaming\Caphyon\Advanced Installer\AI_ResourceCleaner.log ) while OLD path is:
msiexec.exe
Logger::SetLogFile( C:\Users\admin\AppData\Roaming\Caphyon\Advanced Installer\AI_ResourceCleaner.log ) while OLD path is:
msiexec.exe
Logger::SetLogFile( C:\Users\admin\AppData\Roaming\Caphyon\Advanced Installer\AI_ResourceCleaner.log ) while OLD path is:
msiexec.exe
Logger::SetLogFile( C:\Users\admin\AppData\Roaming\Caphyon\Advanced Installer\AI_ResourceCleaner.log ) while OLD path is:
msiexec.exe
Logger::SetLogFile( C:\Users\admin\AppData\Roaming\Caphyon\Advanced Installer\AI_ResourceCleaner.log ) while OLD path is:
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
MyCleanPCInstall.exe