File name:

MinecraftInstaller (1).msi

Full analysis: https://app.any.run/tasks/736e02a8-10ff-4bc4-8eae-8d45dcbc114f
Verdict: Malicious activity
Analysis date: May 09, 2024, 11:53:15
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
generated-doc
evasion
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Minecraft Launcher, Author: Mojang, Keywords: Installer, Comments: This installer database contains the logic and data required to install Minecraft Launcher., Template: Intel;1033, Revision Number: {BC990100-219F-4A7E-BCD6-B88F054547B7}, Create Time/Date: Tue Feb 13 23:03:12 2024, Last Saved Time/Date: Tue Feb 13 23:03:12 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.9.1006.0), Security: 2
MD5:

02D7F8E22149E154487F2FDDDFCEC8C5

SHA1:

390019B5F2C24F14DD398AB4BA8BEF0183A923AF

SHA256:

D9618862A64DA8A5C86F2C9CDE65B48AB92FF8BBC14D5F3C7946539A44E2DB17

SSDEEP:

98304:RezMF/MeIPrST1vMe5clIIoN2KIZd0O99oU1aikVB8VBlMo/tIB:6y

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • msiexec.exe (PID: 3992)
      • msiexec.exe (PID: 4040)
      • MinecraftLauncher.exe (PID: 1928)
      • MinecraftLauncher.exe (PID: 1332)
      • NativeUpdater.exe (PID: 2464)
      • CCleaner.exe (PID: 3016)
      • MinecraftLauncher.exe (PID: 2696)

    • Actions looks like stealing of personal data

      • CCleaner.exe (PID: 3016)

    • Steals credentials from Web Browsers

      • CCleaner.exe (PID: 3016)

  • SUSPICIOUS

    • Executes as Windows Service

      • VSSVC.exe (PID: 820)

    • Checks Windows Trust Settings

      • msiexec.exe (PID: 4040)
      • CCleaner.exe (PID: 3016)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 4040)

    • Reads the Internet Settings

      • msiexec.exe (PID: 4092)
      • MinecraftLauncher.exe (PID: 1928)
      • MinecraftLauncher.exe (PID: 1332)
      • LabyMod3_Installer.exe (PID: 2380)
      • MinecraftLauncher.exe (PID: 2696)
      • MinecraftLauncher.exe (PID: 2792)
      • MinecraftLauncher.exe (PID: 2880)
      • MinecraftLauncher.exe (PID: 2936)
      • CCleaner.exe (PID: 3016)

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 4092)
      • LabyMod3_Installer.exe (PID: 2380)
      • CCleaner.exe (PID: 3016)

    • Executable content was dropped or overwritten

      • MinecraftLauncher.exe (PID: 1928)
      • MinecraftLauncher.exe (PID: 1332)
      • NativeUpdater.exe (PID: 2464)
      • CCleaner.exe (PID: 3016)
      • MinecraftLauncher.exe (PID: 2696)

    • Process drops legitimate windows executable

      • MinecraftLauncher.exe (PID: 1332)

    • Reads settings of System Certificates

      • LabyMod3_Installer.exe (PID: 2380)
      • CCleaner.exe (PID: 3016)

    • Reads Microsoft Outlook installation path

      • LabyMod3_Installer.exe (PID: 2380)
      • CCleaner.exe (PID: 3016)

    • Reads Internet Explorer settings

      • LabyMod3_Installer.exe (PID: 2380)
      • CCleaner.exe (PID: 3016)

    • The process executes via Task Scheduler

      • CCleaner.exe (PID: 3016)

    • Searches for installed software

      • CCleaner.exe (PID: 3016)

    • Reads the date of Windows installation

      • CCleaner.exe (PID: 3016)

    • Checks for external IP

      • CCleaner.exe (PID: 3016)

  • INFO

    • Reads the computer name

      • msiexec.exe (PID: 4040)
      • msiexec.exe (PID: 4092)
      • msiexec.exe (PID: 1836)
      • msiexec.exe (PID: 2244)
      • MinecraftLauncher.exe (PID: 1928)
      • MinecraftLauncher.exe (PID: 1332)
      • wmpnscfg.exe (PID: 2188)
      • MinecraftLauncher.exe (PID: 2696)
      • LabyMod3_Installer.exe (PID: 2380)
      • MinecraftLauncher.exe (PID: 2792)
      • MinecraftLauncher.exe (PID: 2880)
      • MinecraftLauncher.exe (PID: 2936)
      • CCleaner.exe (PID: 3012)
      • CCleaner.exe (PID: 3016)

    • Checks supported languages

      • msiexec.exe (PID: 4040)
      • msiexec.exe (PID: 4092)
      • msiexec.exe (PID: 1836)
      • MinecraftLauncher.exe (PID: 1928)
      • msiexec.exe (PID: 2244)
      • wmpnscfg.exe (PID: 2188)
      • NativeUpdater.exe (PID: 2464)
      • MinecraftLauncher.exe (PID: 1332)
      • MinecraftLauncher.exe (PID: 2696)
      • LabyMod3_Installer.exe (PID: 2380)
      • MinecraftLauncher.exe (PID: 2792)
      • MinecraftLauncher.exe (PID: 2880)
      • MinecraftLauncher.exe (PID: 2936)
      • CCleaner.exe (PID: 3012)
      • CCleaner.exe (PID: 3016)

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 4040)
      • msiexec.exe (PID: 4092)
      • msiexec.exe (PID: 2244)
      • msiexec.exe (PID: 1836)
      • LabyMod3_Installer.exe (PID: 2380)
      • CCleaner.exe (PID: 3016)

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 3992)

    • Reads the software policy settings

      • msiexec.exe (PID: 3992)
      • msiexec.exe (PID: 4040)
      • LabyMod3_Installer.exe (PID: 2380)
      • CCleaner.exe (PID: 3016)

    • Application launched itself

      • msiexec.exe (PID: 4040)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 4040)
      • msiexec.exe (PID: 3992)

    • Create files in a temporary directory

      • msiexec.exe (PID: 4040)

    • Reads Environment values

      • MinecraftLauncher.exe (PID: 1928)
      • MinecraftLauncher.exe (PID: 1332)
      • LabyMod3_Installer.exe (PID: 2380)
      • MinecraftLauncher.exe (PID: 2792)
      • MinecraftLauncher.exe (PID: 2880)
      • MinecraftLauncher.exe (PID: 2696)
      • MinecraftLauncher.exe (PID: 2936)
      • CCleaner.exe (PID: 3016)
      • CCleaner.exe (PID: 3012)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 4040)

    • Creates files or folders in the user directory

      • MinecraftLauncher.exe (PID: 1928)
      • MinecraftLauncher.exe (PID: 1332)
      • NativeUpdater.exe (PID: 2464)
      • LabyMod3_Installer.exe (PID: 2380)
      • MinecraftLauncher.exe (PID: 2696)
      • CCleaner.exe (PID: 3016)

    • Creates files in the program directory

      • MinecraftLauncher.exe (PID: 1928)
      • CCleaner.exe (PID: 3016)

    • Reads product name

      • MinecraftLauncher.exe (PID: 1928)
      • MinecraftLauncher.exe (PID: 1332)
      • MinecraftLauncher.exe (PID: 2792)
      • MinecraftLauncher.exe (PID: 2880)
      • MinecraftLauncher.exe (PID: 2696)
      • MinecraftLauncher.exe (PID: 2936)
      • CCleaner.exe (PID: 3016)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2188)
      • LabyMod3_Installer.exe (PID: 2612)
      • MinecraftLauncher.exe (PID: 2696)
      • LabyMod3_Installer.exe (PID: 2380)
      • MinecraftLauncher.exe (PID: 2792)
      • MinecraftLauncher.exe (PID: 2936)
      • MinecraftLauncher.exe (PID: 2880)
      • CCleaner.exe (PID: 3012)

    • Checks proxy server information

      • LabyMod3_Installer.exe (PID: 2380)
      • CCleaner.exe (PID: 3016)

    • Reads CPU info

      • CCleaner.exe (PID: 3016)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Windows Installer (95.3)
.doc | Microsoft Word document (old ver.) (3.2)
.msi | Microsoft Installer (100)

EXIF

FlashPix

CodePage: Windows Latin 1 (Western European)
Title: Installation Database
Subject: Minecraft Launcher
Author: Mojang
Keywords: Installer
Comments: This installer database contains the logic and data required to install Minecraft Launcher.
Template: Intel;1033
RevisionNumber: {BC990100-219F-4A7E-BCD6-B88F054547B7}
CreateDate: 2024:02:13 23:03:12
ModifyDate: 2024:02:13 23:03:12
Pages: 200
Words: 2
Software: Windows Installer XML Toolset (3.9.1006.0)
Security: Read-only recommended
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
62
Monitored processes
18
Malicious processes
8
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msiexec.exe msiexec.exe msiexec.exe no specs vssvc.exe no specs msiexec.exe no specs msiexec.exe no specs minecraftlauncher.exe nativeupdater.exe minecraftlauncher.exe wmpnscfg.exe no specs labymod3_installer.exe no specs labymod3_installer.exe minecraftlauncher.exe minecraftlauncher.exe no specs minecraftlauncher.exe no specs minecraftlauncher.exe no specs ccleaner.exe no specs ccleaner.exe

Process information

PID
CMD
Path
Indicators
Parent process
820C:\Windows\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1332MinecraftLauncher.exeC:\Program Files\Minecraft Launcher\MinecraftLauncher.exe
NativeUpdater.exe
User:
admin
Company:
Mojang
Integrity Level:
MEDIUM
Description:
Minecraft Launcher
Exit code:
4294967295
Version:
1.0.1.0
Modules
Images
c:\program files\minecraft launcher\minecraftlauncher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\webio.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1836C:\Windows\system32\MsiExec.exe -Embedding 9FCE00B653FC7DA7ADD424B5428A7BFCC:\Windows\System32\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1928"C:\Program Files\Minecraft Launcher\MinecraftLauncher.exe" C:\Program Files\Minecraft Launcher\MinecraftLauncher.exe
msiexec.exe
User:
admin
Company:
Mojang
Integrity Level:
MEDIUM
Description:
Minecraft Launcher
Exit code:
0
Version:
1.0.1.0
Modules
Images
c:\program files\minecraft launcher\minecraftlauncher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\webio.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2188"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2244C:\Windows\system32\MsiExec.exe -Embedding 4930C4A181712734C1A4D91B63D47424 E Global\MSI0000C:\Windows\System32\msiexec.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2380"C:\Users\admin\Desktop\LabyMod3_Installer.exe" C:\Users\admin\Desktop\LabyMod3_Installer.exe
explorer.exe
User:
admin
Company:
LabyMedia GmbH
Integrity Level:
HIGH
Description:
LabyMod Windows Installer
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\labymod3_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
2464tools\NativeUpdater.exe MinecraftLauncher.exe "C:\Program Files\Minecraft Launcher\update_files\Minecraft.exe"C:\Program Files\Minecraft Launcher\tools\NativeUpdater.exe
MinecraftLauncher.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\program files\minecraft launcher\tools\nativeupdater.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
2612"C:\Users\admin\Desktop\LabyMod3_Installer.exe" C:\Users\admin\Desktop\LabyMod3_Installer.exeexplorer.exe
User:
admin
Company:
LabyMedia GmbH
Integrity Level:
MEDIUM
Description:
LabyMod Windows Installer
Exit code:
3221226540
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\labymod3_installer.exe
c:\windows\system32\ntdll.dll
2696"C:\Program Files\Minecraft Launcher\MinecraftLauncher.exe" C:\Program Files\Minecraft Launcher\MinecraftLauncher.exe
explorer.exe
User:
admin
Company:
Mojang
Integrity Level:
MEDIUM
Description:
Minecraft Launcher
Version:
1.0.1.0
Modules
Images
c:\program files\minecraft launcher\minecraftlauncher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\webio.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
39 312
Read events
38 707
Write events
519
Delete events
86

Modification events

(PID) Process:(3992) msiexec.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(4040) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
400000000000000060E7208F07A2DA01C80F00003C080000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(4040) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
400000000000000060E7208F07A2DA01C80F00003C080000D0070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(4040) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:writeName:LastIndex
Value:
75
(PID) Process:(4040) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Enter)
Value:
4000000000000000DA05E28F07A2DA01C80F00003C080000D3070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(4040) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
Operation:writeName:IDENTIFY (Enter)
Value:
40000000000000003468E48F07A2DA01C80F000048010000E803000001000000000000000000000061CA131198F4EB448402A217EE17DC500000000000000000
(PID) Process:(820) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
Operation:writeName:IDENTIFY (Enter)
Value:
40000000000000009CF1ED8F07A2DA013403000058080000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
(PID) Process:(820) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
Operation:writeName:IDENTIFY (Enter)
Value:
40000000000000009CF1ED8F07A2DA01340300000C040000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
(PID) Process:(820) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
Operation:writeName:IDENTIFY (Enter)
Value:
40000000000000009CF1ED8F07A2DA01340300005C040000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
(PID) Process:(820) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
Operation:writeName:IDENTIFY (Enter)
Value:
40000000000000009CF1ED8F07A2DA01340300009C080000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
Executable files
28
Suspicious files
108
Text files
15
Unknown types
0

Dropped files

PID
Process
Filename
Type
4040msiexec.exeC:\System Volume Information\SPP\snapshot-2
MD5:
SHA256:
4040msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
4040msiexec.exeC:\Windows\Installer\{6A960B34-5197-49DE-AC60-1177DFE24976}\minecraft.icoimage
MD5:1D4B0CC64CAFCBC3E70ADFC5DAA2F627
SHA256:57E3C89D247B4E2E419AE0F9DD3DA075AF8C73281DE26179EF04C1F2C0EF37E2
4040msiexec.exeC:\Users\admin\AppData\Local\Temp\~DF6FF556B48B0B6CBB.TMPgmc
MD5:F3B055A227BBD3A130A82DE9679F8824
SHA256:F75A3206E76C34551C7088A52E00C9BA91A019B94EB89AA98039B667E717314E
4040msiexec.exeC:\Windows\Installer\MSIC8D4.tmpexecutable
MD5:785EE78478D43F00870E91FA96B94646
SHA256:B8665993CD5F7224E35C122A5C1965F8C4F2B4D9D41F75160B515E66F9AFFC53
4040msiexec.exeC:\Windows\Installer\10bde3.msiexecutable
MD5:02D7F8E22149E154487F2FDDDFCEC8C5
SHA256:D9618862A64DA8A5C86F2C9CDE65B48AB92FF8BBC14D5F3C7946539A44E2DB17
4040msiexec.exeC:\Windows\Installer\MSIC6CE.tmpexecutable
MD5:785EE78478D43F00870E91FA96B94646
SHA256:B8665993CD5F7224E35C122A5C1965F8C4F2B4D9D41F75160B515E66F9AFFC53
4040msiexec.exeC:\Program Files\Minecraft Launcher\MinecraftLauncher.exeexecutable
MD5:11A4BCD0C92D0D973847450BBE46C6BB
SHA256:6CBF77AD3D9C53860A353C9580C49AC81E6D26C93394347371454DF6CF3F2AB6
4040msiexec.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher\Minecraft Launcher.lnklnk
MD5:7588A3E6CDEA1519718D2D0B091A8572
SHA256:B46431959413F2FD75C4CC448BC49CE2DFB54E5255B170AAED87D6A48F5FE5DE
4040msiexec.exeC:\Windows\Installer\MSIC670.tmpexecutable
MD5:785EE78478D43F00870E91FA96B94646
SHA256:B8665993CD5F7224E35C122A5C1965F8C4F2B4D9D41F75160B515E66F9AFFC53
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
38
DNS requests
19
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3016
CCleaner.exe
GET
304
2.16.206.9:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c6edc4b380ebe5f0
unknown
unknown
3016
CCleaner.exe
GET
304
2.16.206.9:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e4f8fac48adaf893
unknown
unknown
3016
CCleaner.exe
GET
304
2.16.206.9:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?49a7627e42f233c7
unknown
unknown
3016
CCleaner.exe
GET
200
142.250.181.227:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
unknown
3016
CCleaner.exe
GET
200
2.16.206.68:80
http://ncc.avast.com/ncc.txt
unknown
unknown
3016
CCleaner.exe
GET
200
142.250.181.227:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIAjrICMzZli2TN25s%3D
unknown
unknown
3016
CCleaner.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
unknown
3016
CCleaner.exe
GET
200
142.250.181.227:80
http://ocsp.pki.goog/s/gts1d4/5DxBwTCF08g/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSMBFDqU0NJQdZdEGU3bkhj0FoRrQQUJeIYDrJXkZQq5dRdhpCD3lOzuJICEHfd%2BYJXFoj1CbMBkm%2FoAe4%3D
unknown
unknown
3016
CCleaner.exe
GET
200
142.250.181.227:80
http://ocsp.pki.goog/s/gts1d4/gnsqRwyByMM/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSMBFDqU0NJQdZdEGU3bkhj0FoRrQQUJeIYDrJXkZQq5dRdhpCD3lOzuJICEQDjr%2FaO77sJZwqcOJfYDI%2Fi
unknown
unknown
3016
CCleaner.exe
GET
200
142.250.181.227:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEAFWoeiRoD5nEA9wbC%2FqWOc%3D
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
1928
MinecraftLauncher.exe
35.186.247.156:443
sentry.io
GOOGLE
US
unknown
1928
MinecraftLauncher.exe
13.107.246.65:443
redstone-launcher.mojang.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1332
MinecraftLauncher.exe
13.107.246.65:443
redstone-launcher.mojang.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1332
MinecraftLauncher.exe
35.186.247.156:443
sentry.io
GOOGLE
US
unknown
2380
LabyMod3_Installer.exe
104.26.14.222:443
dl.labymod.net
CLOUDFLARENET
US
unknown
2380
LabyMod3_Installer.exe
13.107.246.65:443
redstone-launcher.mojang.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2696
MinecraftLauncher.exe
35.186.247.156:443
sentry.io
GOOGLE
US
unknown

DNS requests

Domain
IP
Reputation
redstone-launcher.mojang.com
  • 13.107.246.65
  • 13.107.213.65
unknown
sentry.io
  • 35.186.247.156
whitelisted
dl.labymod.net
  • 104.26.14.222
  • 104.26.15.222
  • 172.67.69.112
unknown
launcher.mojang.com
  • 13.107.246.65
  • 13.107.213.65
whitelisted
ncc.avast.com
  • 2.16.206.68
  • 2.16.206.80
whitelisted
analytics.ff.avast.com
  • 34.117.223.223
whitelisted
www.ccleaner.com
  • 23.213.165.38
whitelisted
ipm-provider.ff.avast.com
  • 34.111.24.1
whitelisted
shepherd.ff.avast.com
  • 34.160.176.28
whitelisted
ip-info.ff.avast.com
  • 34.149.149.62
whitelisted

Threats

PID
Process
Class
Message
1088
svchost.exe
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
3016
CCleaner.exe
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
Process
Message
CCleaner.exe
[2024-05-09 11:55:38.218] [error ] [settings ] [ 3016: 3040] [6000C4: 356] Failed to get program directory Exception: Unable to determine program folder of product 'piriform-cc'! Code: 0x000000c0 (192)
CCleaner.exe
Failed to open log file 'C:\Program Files\CCleaner'
CCleaner.exe
OnLanguage - en
CCleaner.exe
[2024-05-09 11:55:39.421] [error ] [settings ] [ 3016: 3112] [9434E9: 359] Failed to get program directory Exception: Unable to determine program folder of product 'piriform-cc'! Code: 0x000000c0 (192)
CCleaner.exe
[2024-05-09 11:55:39.452] [error ] [Burger ] [ 3016: 3112] [FDA25D: 244] [23.1.806.0] [BurgerReporter.cpp] [244] asw::standalone_svc::BurgerReporter::BurgerSwitch: Could not read property BURGER_SETTINGS_PANCAKE_HOSTNAME (0x00000003)
CCleaner.exe
[2024-05-09 11:55:39.452] [error ] [Burger ] [ 3016: 3112] [FDA25D: 244] [23.1.806.0] [BurgerReporter.cpp] [244] asw::standalone_svc::BurgerReporter::BurgerSwitch: Could not read property BURGER_SETTINGS_PANCAKE_HOSTNAME (0x00000003)
CCleaner.exe
startCheckingLicense()
CCleaner.exe
OnLanguage - en
CCleaner.exe
OnLanguage - en
CCleaner.exe
OnLanguage - en
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
MinecraftInstaller (1).msi