File name:

ccleaner_browser_setup.exe

Full analysis: https://app.any.run/tasks/08ca3186-80ec-41dc-ac76-57bbe09d3404
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: June 02, 2024, 05:43:48
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

B530A1995085B5469E9CBB01B6D91DB9

SHA1:

39D371893915D0E690EBCC2D5A6CA2FEC4ECDC1E

SHA256:

E5506D917ADFB44D12034688C1E1D7C91CE5A88613E92E2A501F26C226D7A7AE

SSDEEP:

98304:P2ul/FrAXjH3qJy6ctlfJ8lPaamqFXTGeZI5M60bdoSWl2/AUxpC1GTYVOJ2va/n:f/u1FzSXmi

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • ccleaner_browser_setup.exe (PID: 6332)
      • aj4F49.exe (PID: 6620)
      • CCleanerBrowserUpdateSetup.exe (PID: 6796)
      • CCleanerBrowserUpdate.exe (PID: 6848)
      • CCleanerBrowserUpdate.exe (PID: 7132)
      • CCleanerBrowserInstaller.exe (PID: 2620)
      • setup.exe (PID: 428)

    • Steals credentials from Web Browsers

      • aj4F49.exe (PID: 6620)
      • CCleanerBrowser.exe (PID: 6184)

    • Actions looks like stealing of personal data

      • aj4F49.exe (PID: 6620)
      • CCleanerBrowser.exe (PID: 6400)
      • CCleanerBrowser.exe (PID: 6184)

    • Changes the autorun value in the registry

      • setup.exe (PID: 428)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • ccleaner_browser_setup.exe (PID: 6332)
      • aj4F49.exe (PID: 6620)
      • CCleanerBrowserUpdateSetup.exe (PID: 6796)
      • CCleanerBrowserUpdate.exe (PID: 6848)
      • CCleanerBrowserInstaller.exe (PID: 2620)
      • setup.exe (PID: 428)

    • The process verifies whether the antivirus software is installed

      • ccleaner_browser_setup.exe (PID: 6332)
      • aj4F49.exe (PID: 6620)

    • Reads the date of Windows installation

      • ccleaner_browser_setup.exe (PID: 6332)
      • CCleanerBrowserUpdate.exe (PID: 6848)

    • Reads security settings of Internet Explorer

      • ccleaner_browser_setup.exe (PID: 6332)
      • aj4F49.exe (PID: 6620)
      • CCleanerBrowserUpdate.exe (PID: 6848)

    • Reads the BIOS version

      • aj4F49.exe (PID: 6620)
      • CCleanerBrowser.exe (PID: 6184)

    • Searches for installed software

      • aj4F49.exe (PID: 6620)
      • setup.exe (PID: 428)
      • CCleanerBrowser.exe (PID: 6184)

    • Checks Windows Trust Settings

      • aj4F49.exe (PID: 6620)

    • Starts itself from another location

      • CCleanerBrowserUpdate.exe (PID: 6848)

    • Disables SEHOP

      • CCleanerBrowserUpdate.exe (PID: 6848)

    • Creates/Modifies COM task schedule object

      • CCleanerBrowserUpdateComRegisterShell64.exe (PID: 6980)
      • CCleanerBrowserUpdateComRegisterShell64.exe (PID: 6956)
      • CCleanerBrowserUpdate.exe (PID: 6928)
      • CCleanerBrowserUpdate.exe (PID: 6848)
      • CCleanerBrowserUpdateComRegisterShell64.exe (PID: 7004)

    • Executes as Windows Service

      • CCleanerBrowserUpdate.exe (PID: 7132)
      • elevation_service.exe (PID: 6528)
      • elevation_service.exe (PID: 7080)

    • Potential Corporate Privacy Violation

      • CCleanerBrowserUpdate.exe (PID: 7132)

    • Process requests binary or script from the Internet

      • CCleanerBrowserUpdate.exe (PID: 7132)

    • Application launched itself

      • setup.exe (PID: 428)
      • CCleanerBrowser.exe (PID: 6184)

    • Creates a software uninstall entry

      • setup.exe (PID: 428)
      • aj4F49.exe (PID: 6620)
      • elevation_service.exe (PID: 6528)

    • Reads Mozilla Firefox installation path

      • CCleanerBrowser.exe (PID: 6184)

  • INFO

    • Process checks computer location settings

      • ccleaner_browser_setup.exe (PID: 6332)
      • aj4F49.exe (PID: 6620)
      • CCleanerBrowserUpdate.exe (PID: 6848)
      • CCleanerBrowser.exe (PID: 6184)
      • CCleanerBrowser.exe (PID: 6472)
      • CCleanerBrowser.exe (PID: 6688)
      • CCleanerBrowser.exe (PID: 6412)

    • Create files in a temporary directory

      • ccleaner_browser_setup.exe (PID: 6332)
      • aj4F49.exe (PID: 6620)
      • CCleanerBrowserUpdate.exe (PID: 7132)
      • CCleanerBrowser.exe (PID: 6184)

    • Checks supported languages

      • ccleaner_browser_setup.exe (PID: 6332)
      • aj4F49.exe (PID: 6620)
      • CCleanerBrowserUpdateSetup.exe (PID: 6796)
      • CCleanerBrowserUpdate.exe (PID: 6848)
      • CCleanerBrowserUpdate.exe (PID: 6896)
      • CCleanerBrowserUpdate.exe (PID: 6928)
      • CCleanerBrowserUpdateComRegisterShell64.exe (PID: 6956)
      • CCleanerBrowserUpdate.exe (PID: 7072)
      • CCleanerBrowserUpdate.exe (PID: 7052)
      • CCleanerBrowserInstaller.exe (PID: 2620)
      • setup.exe (PID: 428)
      • CCleanerBrowserUpdate.exe (PID: 7132)
      • setup.exe (PID: 5060)
      • CCleanerBrowserCrashHandler.exe (PID: 928)
      • CCleanerBrowserCrashHandler64.exe (PID: 3656)
      • CCleanerBrowser.exe (PID: 6184)
      • CCleanerBrowser.exe (PID: 5552)
      • CCleanerBrowser.exe (PID: 6340)
      • CCleanerBrowser.exe (PID: 6416)
      • elevation_service.exe (PID: 6528)
      • CCleanerBrowser.exe (PID: 3040)
      • CCleanerBrowser.exe (PID: 6400)
      • CCleanerBrowser.exe (PID: 6472)
      • CCleanerBrowser.exe (PID: 6412)
      • CCleanerBrowser.exe (PID: 6688)
      • CCleanerBrowserUpdateComRegisterShell64.exe (PID: 6980)
      • CCleanerBrowserUpdateComRegisterShell64.exe (PID: 7004)
      • CCleanerBrowser.exe (PID: 6984)
      • elevation_service.exe (PID: 7080)

    • Reads the computer name

      • ccleaner_browser_setup.exe (PID: 6332)
      • aj4F49.exe (PID: 6620)
      • CCleanerBrowserUpdate.exe (PID: 6848)
      • CCleanerBrowserUpdate.exe (PID: 6896)
      • CCleanerBrowserUpdate.exe (PID: 6928)
      • CCleanerBrowserUpdate.exe (PID: 7052)
      • CCleanerBrowserUpdate.exe (PID: 7072)
      • CCleanerBrowserUpdate.exe (PID: 7132)
      • CCleanerBrowserInstaller.exe (PID: 2620)
      • setup.exe (PID: 428)
      • CCleanerBrowser.exe (PID: 6184)
      • elevation_service.exe (PID: 6528)
      • CCleanerBrowser.exe (PID: 6340)
      • CCleanerBrowser.exe (PID: 6416)
      • CCleanerBrowser.exe (PID: 6400)
      • elevation_service.exe (PID: 7080)

    • Reads Environment values

      • ccleaner_browser_setup.exe (PID: 6332)
      • aj4F49.exe (PID: 6620)
      • CCleanerBrowser.exe (PID: 6184)

    • Checks proxy server information

      • aj4F49.exe (PID: 6620)
      • CCleanerBrowserUpdate.exe (PID: 7052)
      • CCleanerBrowser.exe (PID: 6184)

    • Reads the software policy settings

      • aj4F49.exe (PID: 6620)
      • CCleanerBrowserUpdate.exe (PID: 7052)
      • CCleanerBrowserUpdate.exe (PID: 7132)

    • Reads the machine GUID from the registry

      • aj4F49.exe (PID: 6620)
      • CCleanerBrowserUpdate.exe (PID: 7052)
      • CCleanerBrowserUpdate.exe (PID: 7132)
      • CCleanerBrowser.exe (PID: 6184)
      • CCleanerBrowserUpdate.exe (PID: 6848)

    • Creates files in the program directory

      • CCleanerBrowserUpdateSetup.exe (PID: 6796)
      • CCleanerBrowserUpdate.exe (PID: 6848)
      • CCleanerBrowserUpdate.exe (PID: 7132)
      • CCleanerBrowserInstaller.exe (PID: 2620)
      • setup.exe (PID: 428)
      • aj4F49.exe (PID: 6620)

    • Creates files or folders in the user directory

      • aj4F49.exe (PID: 6620)
      • CCleanerBrowser.exe (PID: 6184)
      • CCleanerBrowser.exe (PID: 6416)

    • Process checks whether UAC notifications are on

      • aj4F49.exe (PID: 6620)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:12:16 00:50:53+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26112
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x350d
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 8.11.8.7423
ProductVersionNumber: 8.11.8.7423
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Arabic
CharacterSet: Windows, Arabic
BuildDate: 19700120T193710
BuildTimestamp: 1712230192
BuildVersion: 8.11.8.7423
CompanyName: Gen Digital Inc.
FileDescription: إعداد CCleaner Browser
FileVersion: 8.11.8.7423
InstallerCommit: 57459b9cdb08ab5ac027a5e3530c97b65adf58fb
InstallerEdition: web
InstallerKeyword: ccleaner-browser
InternalName: CCleaner Browser
JsisCommit: 9787409e632740167533d24081ccbb49791a2fdf
LegalCopyright: حقوق النشر 2017-2024 لشركة Gen Digital Inc.
OmahaVersion: 1.8.1691.6
ProductName: إعداد CCleaner Browser
ProductVersion: 8.11.8.7423
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
146
Monitored processes
29
Malicious processes
9
Suspicious processes
2

Behavior graph

Click at the process to see the details
start ccleaner_browser_setup.exe aj4f49.exe ccleanerbrowserupdatesetup.exe ccleanerbrowserupdate.exe ccleanerbrowserupdate.exe no specs ccleanerbrowserupdate.exe no specs ccleanerbrowserupdatecomregistershell64.exe no specs ccleanerbrowserupdatecomregistershell64.exe no specs ccleanerbrowserupdatecomregistershell64.exe no specs ccleanerbrowserupdate.exe ccleanerbrowserupdate.exe no specs ccleanerbrowserupdate.exe ccleanerbrowserinstaller.exe setup.exe setup.exe no specs ccleanerbrowsercrashhandler.exe no specs ccleanerbrowsercrashhandler64.exe no specs ccleanerbrowser.exe ccleanerbrowser.exe ccleanerbrowser.exe no specs ccleanerbrowser.exe ccleanerbrowser.exe no specs elevation_service.exe no specs ccleanerbrowser.exe no specs ccleanerbrowser.exe no specs ccleanerbrowser.exe ccleanerbrowser.exe no specs ccleanerbrowser.exe no specs elevation_service.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
428"C:\Program Files (x86)\CCleaner Browser\Update\Install\{1E3DB690-2C2F-4D0F-A14A-6ACBC54BDE09}\CR_34241.tmp\setup.exe" --install-archive="C:\Program Files (x86)\CCleaner Browser\Update\Install\{1E3DB690-2C2F-4D0F-A14A-6ACBC54BDE09}\CR_34241.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data=msedge --import-cookies --system-levelC:\Program Files (x86)\CCleaner Browser\Update\Install\{1E3DB690-2C2F-4D0F-A14A-6ACBC54BDE09}\CR_34241.tmp\setup.exe
CCleanerBrowserInstaller.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
CCleaner Browser Installer
Exit code:
0
Version:
124.0.25069.209
Modules
Images
c:\program files (x86)\ccleaner browser\update\install\{1e3db690-2c2f-4d0f-a14a-6acbc54bde09}\cr_34241.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\shell32.dll
928"C:\Program Files (x86)\CCleaner Browser\Update\1.8.1691.6\CCleanerBrowserCrashHandler.exe"C:\Program Files (x86)\CCleaner Browser\Update\1.8.1691.6\CCleanerBrowserCrashHandler.exeCCleanerBrowserUpdate.exe
User:
SYSTEM
Company:
Gen Digital Inc.
Integrity Level:
SYSTEM
Description:
CCleaner Browser Crash Handler
Exit code:
0
Version:
1.8.1691.6
Modules
Images
c:\program files (x86)\ccleaner browser\update\1.8.1691.6\ccleanerbrowsercrashhandler.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\kernel.appcore.dll
c:\windows\syswow64\msvcrt.dll
2620"C:\Program Files (x86)\CCleaner Browser\Update\Install\{1E3DB690-2C2F-4D0F-A14A-6ACBC54BDE09}\CCleanerBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data=msedge --import-cookies --system-levelC:\Program Files (x86)\CCleaner Browser\Update\Install\{1E3DB690-2C2F-4D0F-A14A-6ACBC54BDE09}\CCleanerBrowserInstaller.exe
CCleanerBrowserUpdate.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
CCleaner Browser Installer
Exit code:
0
Version:
124.0.25069.209
Modules
Images
c:\program files (x86)\ccleaner browser\update\install\{1e3db690-2c2f-4d0f-a14a-6acbc54bde09}\ccleanerbrowserinstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\shell32.dll
3040"C:\Program Files\CCleaner Browser\Application\CCleanerBrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2368,i,14622997563314340864,915883252314370159,262144 --variations-seed-version --mojo-platform-channel-handle=2384 /prefetch:8C:\Program Files\CCleaner Browser\Application\CCleanerBrowser.exeCCleanerBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
LOW
Description:
CCleaner Browser
Version:
124.0.25069.209
Modules
Images
c:\program files\ccleaner browser\application\ccleanerbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\ccleaner browser\application\124.0.25069.209\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
3656"C:\Program Files (x86)\CCleaner Browser\Update\1.8.1691.6\CCleanerBrowserCrashHandler64.exe"C:\Program Files (x86)\CCleaner Browser\Update\1.8.1691.6\CCleanerBrowserCrashHandler64.exeCCleanerBrowserUpdate.exe
User:
SYSTEM
Company:
Gen Digital Inc.
Integrity Level:
SYSTEM
Description:
CCleaner Browser Crash Handler
Exit code:
0
Version:
1.8.1691.6
Modules
Images
c:\program files (x86)\ccleaner browser\update\1.8.1691.6\ccleanerbrowsercrashhandler64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
5060"C:\Program Files (x86)\CCleaner Browser\Update\Install\{1E3DB690-2C2F-4D0F-A14A-6ACBC54BDE09}\CR_34241.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\WINDOWS\SystemTemp\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=CCleaner --annotation=ver=124.0.25069.209 --initial-client-data=0x27c,0x280,0x284,0x258,0x288,0x7ff7f4b8a3f0,0x7ff7f4b8a3fc,0x7ff7f4b8a408C:\Program Files (x86)\CCleaner Browser\Update\Install\{1E3DB690-2C2F-4D0F-A14A-6ACBC54BDE09}\CR_34241.tmp\setup.exesetup.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
HIGH
Description:
CCleaner Browser Installer
Exit code:
0
Version:
124.0.25069.209
Modules
Images
c:\program files (x86)\ccleaner browser\update\install\{1e3db690-2c2f-4d0f-a14a-6acbc54bde09}\cr_34241.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\shell32.dll
5552"C:\Program Files\CCleaner Browser\Application\CCleanerBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\CCleaner Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\CCleaner Browser\User Data\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=CCleaner --annotation=ver=124.0.25069.209 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcf5dedc40,0x7ffcf5dedc4c,0x7ffcf5dedc58C:\Program Files\CCleaner Browser\Application\CCleanerBrowser.exe
CCleanerBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
MEDIUM
Description:
CCleaner Browser
Exit code:
1
Version:
124.0.25069.209
Modules
Images
c:\program files\ccleaner browser\application\ccleanerbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\ccleaner browser\application\124.0.25069.209\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
6184CCleanerBrowser.exe --heartbeat --install --create-profileC:\Program Files\CCleaner Browser\Application\CCleanerBrowser.exe
aj4F49.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
MEDIUM
Description:
CCleaner Browser
Version:
124.0.25069.209
Modules
Images
c:\program files\ccleaner browser\application\ccleanerbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\program files\ccleaner browser\application\124.0.25069.209\chrome_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\advapi32.dll
6332"C:\Users\admin\Desktop\ccleaner_browser_setup.exe" C:\Users\admin\Desktop\ccleaner_browser_setup.exe
explorer.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
MEDIUM
Description:
CCleaner Browser Setup
Version:
8.11.8.7423
Modules
Images
c:\users\admin\desktop\ccleaner_browser_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6340"C:\Program Files\CCleaner Browser\Application\CCleanerBrowser.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2060,i,14622997563314340864,915883252314370159,262144 --variations-seed-version --mojo-platform-channel-handle=1980 /prefetch:2C:\Program Files\CCleaner Browser\Application\CCleanerBrowser.exeCCleanerBrowser.exe
User:
admin
Company:
Gen Digital Inc.
Integrity Level:
LOW
Description:
CCleaner Browser
Version:
124.0.25069.209
Modules
Images
c:\program files\ccleaner browser\application\ccleanerbrowser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\ccleaner browser\application\124.0.25069.209\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
Total events
32 213
Read events
28 332
Write events
3 812
Delete events
69

Modification events

(PID) Process:(6332) ccleaner_browser_setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6332) ccleaner_browser_setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6332) ccleaner_browser_setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6332) ccleaner_browser_setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(6620) aj4F49.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Piriform\Browser
Operation:writeName:installer_run_count
Value:
1
(PID) Process:(6620) aj4F49.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\Browser
Operation:writeName:machine_id
Value:
0000B0E1009ABA5E95F7227E57434874
(PID) Process:(6620) aj4F49.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Piriform\Browser
Operation:writeName:machine_id
Value:
0000B0E1009ABA5E95F7227E57434874
(PID) Process:(6620) aj4F49.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6620) aj4F49.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6620) aj4F49.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
179
Suspicious files
49
Text files
33
Unknown types
28

Dropped files

PID
Process
Filename
Type
6332ccleaner_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsf4303.tmp\Midex.dllexecutable
MD5:9ABCA8EC7DCBA32B5A35E99A6618948F
SHA256:8AEC9A09CCCDD201754CEA880AA1DF6FE916A476CE78B9E660C6A25D23588006
6332ccleaner_browser_setup.exeC:\Users\admin\AppData\Local\Temp\aj4F49.exeexecutable
MD5:1C69824F1D98F40BD7E167B394D1D0AE
SHA256:601D1462AF35E7DA88C6B341AC349368247E10B5E5B8B52C7BF5418EA2A03CF6
6332ccleaner_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsf4303.tmp\inetc.dllexecutable
MD5:9CF19AA4356390B35E51A685D7C04F22
SHA256:608A1FE2B363D4D8FE39D5CAEA1BDAFA1E6776387266BEC4846084AA0C3F3925
6332ccleaner_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsf4303.tmp\JsisPlugins.dllexecutable
MD5:5880EA5B4D09B44A9B14C233EE87CD76
SHA256:E5F82BC144D72BFFA89055603C7A20914EB3F31FF77CE6B7BB185D80224D3D30
6332ccleaner_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsf4303.tmp\sciterui.dllexecutable
MD5:46DA14D6F32309ABF7CEFF0B2CD91622
SHA256:0DBF315893BA76CD7FA0F37523C57656E7E93EB81D44E877326CE3C5A43262DD
6332ccleaner_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsf4303.tmp\jsisdl.dllexecutable
MD5:7B0EC617E5A4B5897D39663E4C23DAED
SHA256:38895AE828B8E7EA87372D03FE42D3C4ADC63A371F6E9CF122C7D9FDB111C4ED
6620aj4F49.exeC:\Users\admin\AppData\Local\Temp\nsw52D2.tmp\FF.places.tmp
MD5:
SHA256:
6332ccleaner_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsf4303.tmp\AccessControl.dllexecutable
MD5:E021453DC6C9D91F7AAEE47513730BE3
SHA256:98FE662988D3F3BBC87F3BA9DDF9C1084D74E767FB210FA80FE944AA267019E8
6332ccleaner_browser_setup.exeC:\Users\admin\AppData\Local\Temp\nsf4303.tmp\reboot.dllexecutable
MD5:39172D4D99B5FC3604AFD2B8AFCD0A89
SHA256:8F771BC5EBC8E3F5E15AA88885AED2377BA01772CFFE8D2B9C09A4ED131A3A43
6332ccleaner_browser_setup.exeC:\Users\admin\AppData\Local\Temp\ccleaner-browser-web-tagsbinary
MD5:CA54161A10296C7C2AD5166E829F3420
SHA256:CC631ABF52D3FEF4A80996448901D0AE9233B4329D18EC4149C29F1F136778B0
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
16
TCP/UDP connections
28
DNS requests
10
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
528
svchost.exe
GET
200
2.19.126.133:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
528
svchost.exe
GET
72.246.169.155:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
5140
MoUsoCoreWorker.exe
GET
200
72.246.169.155:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
6620
aj4F49.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
unknown
7132
CCleanerBrowserUpdate.exe
GET
200
2.19.126.203:80
http://browser-update.ccleaner.com/browser-ccb/win/x64/124.0.25069.209/CCleanerBrowserInstaller.exe
unknown
unknown
6620
aj4F49.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAV14ffsm9imej9hicY%2Bl7s%3D
unknown
unknown
6620
aj4F49.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
unknown
GET
200
104.20.87.8:443
https://config.ccleaner.securebrowser.com/engagement?_=1717307190664&browser_language=en-US&browser_name=CCleaner+Browser&browser_version=124.0.25069.209&browser_version_initial=124.0.25069.209&build_timestamp=1715185686&campaign_group_id=100&campaign_id=13001&chrome_brand=GCEB&default_browser=ccleanerbrowser&default_browser_version=124.0.25069.209&group.browser.architecture=x64&group.browser.last_search_timestamp=0&group.browser.vpn_status=false&group.consents.usage_statistics=1&group.environment.midex=97B7721C4994E2556FF6A439510F665D6ACD3D78DD342964D27D61A55DE88B78&initial_country_code=US&initial_default_browser=msedge&initial_default_browser_version=122.0.2365.59&install_admin=1&install_date=20240602&install_timestamp=1717307050&installer_version=8.11.8.7423&last_run_timestamp=0&machine_date=20240602&machine_id=0000b0e1009aba5e95f7227e57434874&machine_timestamp=1717307186&omaha_version=1.8.1691.6&os_architecture=x64&os_build=19045.4046&os_country_code=US&os_edition=Professional&os_language=en-us&os_service_pack=0&os_type=windows&os_version=10.0&run_length=0&run_page_count=0&run_search_count=0&run_source=default&run_stealthmode_page_count=0&schema=17&search_provider_initial=bing&secureline=false&setting_search_default=www.bing.com&user_date=20240602&user_id=aa7d73ea70524fa0906d654189cbebf4&user_timestamp=1717307050&vm=0&launch_logon_timestamp=&disabled_count=0&physical_memory=4&launch_logon_count=0&content_type=autolaunch,browser_prefs,experiment,extension_prefs,desktop_onboarding,messaging,messaging_prefs,search_configuration&run_count=0&heartbeat_trigger_type=install&pro_mode=false&adblock_mode=1
unknown
binary
23.4 Kb
unknown
POST
200
20.189.173.5:443
https://self.events.data.microsoft.com/OneCollector/1.0/
unknown
unknown
GET
200
172.67.29.127:443
https://update.ccleanerbrowser.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromiumcrx&prodchannel=&prodversion=124.0.25069.209&lang=en-US&acceptformat=crx3,puff&userid=aa7d73ea70524fa0906d654189cbebf4&brand=13001&x=id%3Dcom.ccleaner.crx.blacklist%26v%3D0%26installedby%3Dinternal%26uc&x=id%3Dcom.ccleaner.crx.whitelist%26v%3D0%26installedby%3Dinternal%26uc&x=id%3Dcom.ccleaner.crx.forcelist%26v%3D0%26installedby%3Dinternal%26uc&x=id%3Dcom.ccleaner.crx.bookmarks%26v%3D0%26installedby%3Dinternal%26uc
unknown
xml
1.51 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
528
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
239.255.255.250:1900
unknown
1964
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
5140
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
528
svchost.exe
2.19.126.133:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
1964
RUXIMICS.exe
2.19.126.133:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
528
svchost.exe
72.246.169.155:80
www.microsoft.com
AKAMAI-AS
DE
unknown
5140
MoUsoCoreWorker.exe
72.246.169.155:80
www.microsoft.com
AKAMAI-AS
DE
unknown
1964
RUXIMICS.exe
72.246.169.155:80
www.microsoft.com
AKAMAI-AS
DE
unknown
5456
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 2.19.126.133
whitelisted
www.microsoft.com
  • 72.246.169.155
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
stats.securebrowser.com
  • 104.20.87.8
  • 104.20.86.8
unknown
ocsp.digicert.com
  • 192.229.221.95
whitelisted
update.ccleanerbrowser.com
  • 104.22.44.115
  • 104.22.45.115
  • 172.67.29.127
whitelisted
browser-update.ccleaner.com
  • 2.19.126.203
  • 2.19.126.213
whitelisted
self.events.data.microsoft.com
  • 20.42.73.28
whitelisted

Threats

PID
Process
Class
Message
7132
CCleanerBrowserUpdate.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Process
Message
ccleaner_browser_setup.exe
2024-06-02T05:44:04 [libnsis] {000018bc:000018c0} <2:Info> (893f00f663353e48\src\jsis-plugins\plugins\Plugin.cpp:82) JSIS Plugin logging enabled
ccleaner_browser_setup.exe
2024-06-02T05:44:04 [libnsis] {000018bc:000018c0} <4:Error> (893f00f663353e48\src\jsis-plugins\plugins\UtilitiesPlugin\TagData.cpp:85) 0x00000400000715 91aa05bf654a77ad\src\sbplugins\windows\RCData.cpp:62
ccleaner_browser_setup.exe
2024-06-02T05:44:04 [libnsis] {000018bc:000018c0} <1:Debug> (91aa05bf654a77ad\src\sbplugins\windows\RCData.cpp:62) Throwing exception 0x00000400000715
aj4F49.exe
2024-06-02T05:44:06 [libnsis] {000019dc:000019e0} <2:Info> (893f00f663353e48\src\jsis-plugins\plugins\Plugin.cpp:82) JSIS Plugin logging enabled
aj4F49.exe
2024-06-02T05:44:06 [libnsis] {000019dc:000019e0} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:38) Oepn Sqlite DB C:\Users\admin\AppData\Local\Temp\nsw52D2.tmp\CR.History.tmp
aj4F49.exe
2024-06-02T05:44:06 [libnsis] {000019dc:000019e0} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:75) Execute Sqlite query SELECT ((visits.visit_time/1000000)-11644473600) /60 /60 / 24 AS vtime FROM 'visits' WHERE vtime >= 19846 AND vtime <= 19877 GROUP BY vtime
aj4F49.exe
2024-06-02T05:44:06 [libnsis] {000019dc:000019e0} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:38) Oepn Sqlite DB C:\Users\admin\AppData\Local\Temp\nsw52D2.tmp\CR.History.tmp
aj4F49.exe
2024-06-02T05:44:06 [libnsis] {000019dc:000019e0} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:75) Execute Sqlite query SELECT ((visits.visit_time/1000000)-11644473600) /60 /60 / 24 AS vtime FROM 'visits' WHERE vtime >= 19846 AND vtime <= 19877 GROUP BY vtime
aj4F49.exe
2024-06-02T05:44:06 [libnsis] {000019dc:000019e0} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:38) Oepn Sqlite DB C:\Users\admin\AppData\Local\Temp\nsw52D2.tmp\FF.places.tmp
aj4F49.exe
2024-06-02T05:44:06 [libnsis] {000019dc:000019e0} <1:Debug> (6641f181bd7f7928\src\acu\database\Sqlite.cpp:75) Execute Sqlite query SELECT last_visit_date / 1000000 /60 /60 / 24 AS vtime FROM 'moz_places' WHERE vtime >= 19846 AND vtime <= 19877 GROUP BY vtime
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ccleaner_browser_setup.exe