URL:

https://minecraft.sooftware.com/windows/download

Full analysis: https://app.any.run/tasks/fb454de9-3be9-4b79-960d-b568423a371d
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: March 28, 2026, 06:32:24
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
evasion
stealer
Indicators:
MD5:

90B46C13861A2685F48077D6986AE7D4

SHA1:

EC8085BB281B8C92EF04D920C52D7EB66A16F57F

SHA256:

F45B15A835E6945A6858B1CDAE4CFE110E096E005FB73F70F3C183E66460AA55

SSDEEP:

3:N8LUozXEiMjKM:24ozTpM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • CCleaner64.exe (PID: 1048)

  • SUSPICIOUS

    • Reads the date of Windows installation

      • CCleaner64.exe (PID: 8948)
      • CCleaner64.exe (PID: 7916)

    • Application launched itself

      • CCleaner64.exe (PID: 8948)
      • CCleaner64.exe (PID: 7916)

    • Executable content was dropped or overwritten

      • CCleaner64.exe (PID: 7916)
      • CCleaner64.exe (PID: 1048)

    • Reads Internet Explorer settings

      • CCleaner64.exe (PID: 7916)
      • CCleaner64.exe (PID: 1048)

    • Searches for installed software

      • CCleaner64.exe (PID: 7916)
      • CCleaner64.exe (PID: 1048)
      • CCleaner64.exe (PID: 9540)

    • Checks for external IP

      • CCleaner64.exe (PID: 7916)
      • CCleaner64.exe (PID: 1048)

    • The process verifies whether the antivirus software is installed

      • CCleaner64.exe (PID: 7916)
      • CCleaner64.exe (PID: 1048)

    • Possible stealing of VPN data

      • CCleaner64.exe (PID: 1048)
      • CCleaner64.exe (PID: 7916)

    • Potential Corporate Privacy Violation

      • CCleaner64.exe (PID: 1048)
      • CCleaner64.exe (PID: 7916)

    • The process executes via Task Scheduler

      • CCleaner.exe (PID: 9500)

  • INFO

    • Application launched itself

      • chrome.exe (PID: 2876)
      • msedge.exe (PID: 7740)
      • msedge.exe (PID: 2392)
      • firefox.exe (PID: 7976)
      • firefox.exe (PID: 7268)
      • chrome.exe (PID: 9684)
      • chrome.exe (PID: 10020)
      • chrome.exe (PID: 9524)
      • chrome.exe (PID: 10140)
      • chrome.exe (PID: 9784)
      • chrome.exe (PID: 10208)
      • chrome.exe (PID: 9876)
      • chrome.exe (PID: 9112)

    • Reads the computer name

      • identity_helper.exe (PID: 2164)
      • identity_helper.exe (PID: 7924)
      • CCleaner64.exe (PID: 8948)
      • CCleaner64.exe (PID: 7916)
      • CCleaner64.exe (PID: 1048)
      • CCleaner64.exe (PID: 6952)
      • CCleaner.exe (PID: 9500)
      • CCleaner64.exe (PID: 9540)

    • Checks supported languages

      • identity_helper.exe (PID: 7924)
      • identity_helper.exe (PID: 2164)
      • CCleaner64.exe (PID: 8948)
      • CCleaner64.exe (PID: 1048)
      • CCleaner64.exe (PID: 6952)
      • CCleaner.exe (PID: 9500)
      • CCleaner64.exe (PID: 7916)
      • CCleaner64.exe (PID: 9540)

    • Manual execution by a user

      • msedge.exe (PID: 7740)
      • msedge.exe (PID: 4916)
      • notepad.exe (PID: 9032)
      • notepad.exe (PID: 9072)
      • firefox.exe (PID: 7976)
      • chrome.exe (PID: 9112)
      • chrome.exe (PID: 9684)
      • chrome.exe (PID: 10020)
      • chrome.exe (PID: 9876)
      • chrome.exe (PID: 9524)
      • chrome.exe (PID: 10140)
      • chrome.exe (PID: 9784)
      • CCleaner64.exe (PID: 8948)
      • chrome.exe (PID: 10208)
      • CCleaner64.exe (PID: 6952)

    • Reads Environment values

      • identity_helper.exe (PID: 2164)
      • identity_helper.exe (PID: 7924)
      • CCleaner64.exe (PID: 8948)
      • CCleaner64.exe (PID: 1048)
      • CCleaner64.exe (PID: 6952)
      • CCleaner64.exe (PID: 7916)
      • CCleaner.exe (PID: 9500)
      • CCleaner64.exe (PID: 9540)

    • Reads security settings of Internet Explorer

      • notepad.exe (PID: 9072)
      • notepad.exe (PID: 9032)
      • CCleaner64.exe (PID: 8948)
      • CCleaner64.exe (PID: 7916)
      • CCleaner64.exe (PID: 1048)

    • Launching a file from the Downloads directory

      • chrome.exe (PID: 2876)

    • Reads the machine GUID from the registry

      • CCleaner64.exe (PID: 7916)
      • CCleaner64.exe (PID: 1048)
      • CCleaner64.exe (PID: 9540)

    • Reads product name

      • CCleaner64.exe (PID: 7916)
      • CCleaner64.exe (PID: 1048)

    • Reads CPU info

      • CCleaner64.exe (PID: 7916)
      • CCleaner64.exe (PID: 9540)
      • CCleaner64.exe (PID: 1048)

    • The sample compiled with english language support

      • CCleaner64.exe (PID: 7916)
      • CCleaner64.exe (PID: 1048)
      • chrome.exe (PID: 7624)
      • firefox.exe (PID: 7268)

    • Launching a file from a Registry key

      • CCleaner64.exe (PID: 1048)

    • Creates files or folders in the user directory

      • CCleaner64.exe (PID: 7916)
      • CCleaner64.exe (PID: 1048)

    • Detects AutoHotkey samples (YARA)

      • CCleaner64.exe (PID: 7916)
      • CCleaner64.exe (PID: 1048)

    • Executable content was dropped or overwritten

      • firefox.exe (PID: 7268)
      • chrome.exe (PID: 7624)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
287
Monitored processes
143
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs notepad.exe no specs notepad.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe no specs msedge.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe no specs chrome.exe no specs ccleaner64.exe no specs ccleaner64.exe ccleaner64.exe msedge.exe no specs msedge.exe no specs ccleaner64.exe no specs ccleaner.exe no specs ccleaner64.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe no specs chrome.exe no specs chrome.exe

Process information

PID
CMD
Path
Indicators
Parent process
572"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.92 --initial-client-data=0x304,0x308,0x30c,0x2fc,0x314,0x7ffe233cf208,0x7ffe233cf214,0x7ffe233cf220C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1048"C:\Program Files\CCleaner\CCleaner64.exe" /monitorC:\Program Files\CCleaner\CCleaner64.exe
CCleaner64.exe
User:
admin
Company:
Piriform Software Ltd
Integrity Level:
HIGH
Description:
CCleaner
Version:
6.20.0.10897
Modules
Images
c:\program files\ccleaner\ccleaner64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
1176"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5344,i,7723766129186614130,7962943255949340862,262144 --variations-seed-version --mojo-platform-channel-handle=5356 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1280"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6216,i,7723766129186614130,7962943255949340862,262144 --variations-seed-version --mojo-platform-channel-handle=6388 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1284"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --field-trial-handle=5624,i,14001661376189751165,5626020216732971210,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=5728 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1456"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2228,i,7723766129186614130,7962943255949340862,262144 --variations-seed-version --mojo-platform-channel-handle=2220 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1528"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3696,i,7723766129186614130,7962943255949340862,262144 --variations-seed-version --mojo-platform-channel-handle=3612 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1656"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --field-trial-handle=5124,i,14001661376189751165,5626020216732971210,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=6316 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1684"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=3588,i,11555693702733530485,3887175695564663296,262144 --variations-seed-version --mojo-platform-channel-handle=4600 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1780"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --field-trial-handle=5524,i,14001661376189751165,5626020216732971210,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=5408 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
Total events
22 611
Read events
22 463
Write events
92
Delete events
56

Modification events

(PID) Process:(7916) CCleaner64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Piriform\CCleaner
Operation:writeName:DAST
Value:
03/28/2026 02:35:49
(PID) Process:(7916) CCleaner64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Piriform\CCleaner
Operation:writeName:T8062
Value:
0
(PID) Process:(7916) CCleaner64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Piriform\CCleaner
Operation:writeName:UpdateBackground
Value:
1
(PID) Process:(7916) CCleaner64.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
Operation:writeName:SystemRestorePointCreationFrequency
Value:
0
(PID) Process:(7916) CCleaner64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:CCleaner PostInstall
Value:
(PID) Process:(7916) CCleaner64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Piriform\CCleaner
Operation:writeName:FTU
Value:
06/02/2024|3|1
(PID) Process:(7916) CCleaner64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Piriform\CCleaner
Operation:delete valueName:GUID
Value:
(PID) Process:(7916) CCleaner64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Piriform\CCleaner
Operation:delete valueName:GD
Value:
(PID) Process:(7916) CCleaner64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Piriform\CCleaner
Operation:delete valueName:SetupGD
Value:
(PID) Process:(7916) CCleaner64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Piriform\CCleaner
Operation:delete valueName:AutoUpdateNotificationExpiryTime
Value:
Executable files
11
Suspicious files
645
Text files
696
Unknown types
0

Dropped files

PID
Process
Filename
Type
2876chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ClientCertificates\LOG.old~RFdfe08.TMP
MD5:
SHA256:
2876chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
2876chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old~RFdfe08.TMP
MD5:
SHA256:
2876chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
2876chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB\LOG.old~RFdff7f.TMP
MD5:
SHA256:
2876chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB\LOG.old
MD5:
SHA256:
2876chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old~RFdff7f.TMP
MD5:
SHA256:
2876chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
2876chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\LOG.old~RFdff8e.TMP
MD5:
SHA256:
2876chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old~RFdff8e.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
485
TCP/UDP connections
234
DNS requests
389
Threats
9

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4304
chrome.exe
GET
193.9.21.143:443
https://minecraft.sooftware.com/insertVisitor.php?url=https%3A%2F%2Fminecraft.sooftware.com%2Fwindows%2Fdownload&pe=1&_=1774679554532
SI
unknown
4304
chrome.exe
GET
204
142.251.36.104:443
https://www.googletagmanager.com/td?id=G-ZRH9174P9F&v=3&t=t&pid=1929419279&gtm=45je63p1v9207775998za200zd9207775998&seq=1&exp=0~115616985~115938466~115938468~117266401~117484252&dl=minecraft.sooftware.com%2Fwindows%2Fdownload&tdp=G-ZRH9174P9F;207775998;0;0;0&frm=0&rtg=207775998&slo=0&hlo=0&lst=3&bt=0&ct=3&z=0
US
whitelisted
4304
chrome.exe
POST
204
142.251.141.110:443
https://www.google-analytics.com/g/collect?v=2&tid=G-ZRH9174P9F&gtm=45je63p1v9207775998za200zd9207775998&_p=1774679553412&gcd=13l3l3l3l1l1&npa=0&dma=0&cid=1841269501.1774679555&ul=en-us&sr=1360x768&uaa=x86&uab=64&uafvl=Not(A%253ABrand%3B99.0.0.0%7CGoogle%2520Chrome%3B133.0.6943.127%7CChromium%3B133.0.6943.127&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&tag_exp=0~115616985~115938466~115938468~117266401~117484252&sid=1774679554&sct=1&seg=0&dl=https%3A%2F%2Fminecraft.sooftware.com%2Fwindows%2Fdownload&dt=Download%20Minecraft%20for%20free&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=3239
US
whitelisted
4304
chrome.exe
POST
200
142.251.127.84:443
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
US
text
17 b
whitelisted
4304
chrome.exe
GET
200
193.9.21.143:443
https://www.sooftware.com/images/sooftware-logo.webp
SI
image
4.27 Kb
unknown
5276
MoUsoCoreWorker.exe
GET
200
23.37.194.81:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
4304
chrome.exe
GET
200
54.239.195.120:443
https://i.sooftcdn.com/icons/135/minecraft.webp
US
image
2.14 Kb
unknown
5276
MoUsoCoreWorker.exe
GET
200
20.73.194.208:443
https://settings-win.data.microsoft.com/settings/v3.0/FlightSettings/FSService?ProcessorClockSpeed=3094&IsRetailOS=1&OEMManufacturerName=DELL&FlightingPolicyValue=3&EnablePreviewBuilds=4294967295&OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&ManagePreviewBuilds=3&BranchReadinessLevelSource=0&AttrDataVer=186&ProcessorCores=6&BranchReadinessLevelRaw=16&TotalPhysicalRAM=6144&TPMVersion=0&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260281&DeviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&App=FSS&AppVer=10.0&SmartActiveHoursState=1&ActiveHoursStart=20&SecureBootCapable=0&ActiveHoursEnd=13&DeviceFamily=Windows.Desktop
US
87.3 Kb
whitelisted
5208
svchost.exe
GET
200
20.73.194.208:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/WaaSAssessment?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&ring=Retail&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=10.0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=WaaSAssessment&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&ServicingBranch=CB&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&HonorWUfBDeferrals=0&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
US
5.74 Kb
whitelisted
4304
chrome.exe
GET
200
142.251.141.131:443
https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=133
US
compressed
89.9 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4872
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
48.192.1.64:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5532
SearchApp.exe
2.21.245.38:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
5276
MoUsoCoreWorker.exe
95.100.248.146:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5276
MoUsoCoreWorker.exe
23.37.194.81:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
6816
slui.exe
48.192.1.64:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5276
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
activation-v2.sls.microsoft.com
  • 48.192.1.64
whitelisted
google.com
  • 142.250.154.102
whitelisted
www.bing.com
  • 2.21.245.38
  • 23.200.24.85
whitelisted
crl.microsoft.com
  • 95.100.248.146
whitelisted
www.microsoft.com
  • 23.37.194.81
whitelisted
clients2.google.com
  • 142.251.127.113
whitelisted
safebrowsingohttpgateway.googleapis.com
  • 172.217.16.202
whitelisted
minecraft.sooftware.com
  • 193.9.21.143
unknown
clientservices.googleapis.com
  • 142.251.141.131
whitelisted

Threats

PID
Process
Class
Message
5208
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
4304
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
4304
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
4304
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2232
svchost.exe
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
7916
CCleaner64.exe
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
1048
CCleaner64.exe
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
1048
CCleaner64.exe
Potential Corporate Privacy Violation
ET INFO External IP Lookup (avast .com)
7916
CCleaner64.exe
Potential Corporate Privacy Violation
ET INFO External IP Lookup (avast .com)
Process
Message
CCleaner64.exe
[2026-03-28 06:35:49.745] [error ] [settings ] [ 7916: 7960] [000000: 0] Failed to get program directory Exception: Unable to determine program folder of product 'piriform-cc'! Code: 0x000000c0 (192)
CCleaner64.exe
[2026-03-28 06:35:49.745] [error ] [ini_access ] [ 7916: 7960] [000000: 0] Incorrect ini_accessor configuration! Fixing relative input path to avoid recursion. Input was: Setup
CCleaner64.exe
Failed to open log file 'C:\Program Files\CCleaner'
CCleaner64.exe
OnLanguage - en
CCleaner64.exe
[2026-03-28 06:35:50.362] [error ] [settings ] [ 7916: 8480] [D2EC45: 356] Failed to get program directory Exception: Unable to determine program folder of product 'piriform-cc'! Code: 0x000000c0 (192)
CCleaner64.exe
[2026-03-28 06:35:50.377] [error ] [Burger ] [ 7916: 8480] [904E07: 253] [23.2.1118.0] [BurgerReporter.cpp] [253] asw::standalone_svc::BurgerReporter::BurgerSwitch: Could not read property BURGER_SETTINGS_PANCAKE_HOSTNAME (0x00000003)
CCleaner64.exe
[2026-03-28 06:35:50.377] [error ] [Burger ] [ 7916: 8480] [904E07: 253] [23.2.1118.0] [BurgerReporter.cpp] [253] asw::standalone_svc::BurgerReporter::BurgerSwitch: Could not read property BURGER_SETTINGS_PANCAKE_HOSTNAME (0x00000003)
CCleaner64.exe
file:///tis/optimizer.tis(1131) : warning :'await' should be used only inside 'async' or 'event'
CCleaner64.exe
file:///tis/optimizer.tis(1288) : warning :'async' does not contain any 'await'
CCleaner64.exe
OnLanguage - en
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://minecraft.sooftware.com/windows/download