File name:

AcceleratePCPro_2.exe

Full analysis: https://app.any.run/tasks/01c92984-5049-4904-8e0b-18f10be67ceb
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: June 03, 2024, 13:43:05
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
pua
adware
pcaccelerate
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

71D1643E257E42D9BDF8DD598831CCF3

SHA1:

CF3968DA7830352C311C2E895EC726AC2A2A733F

SHA256:

6C5B1C7E01A311DF71671588BC4040BD0D4590B737F4BE88227934785DC2EE93

SSDEEP:

98304:s53+kwRqDDjQXvUVMQ6LCa7rhx2xM0Fq1MyizaZACt10ekAwbYbDc6L8aopJD8Ym:6i2Jw

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • AcceleratePCPro_2.exe (PID: 3980)

    • Steals credentials from Web Browsers

      • AcceleratePCPro_2.exe (PID: 3980)

    • Actions looks like stealing of personal data

      • AcceleratePCPro_2.exe (PID: 3980)

  • SUSPICIOUS

    • Access to an unwanted program domain was detected

      • AcceleratePCPro_2.exe (PID: 3980)

    • Reads the Internet Settings

      • AcceleratePCPro_2.exe (PID: 3980)

    • Changes Internet Explorer settings (feature browser emulation)

      • AcceleratePCPro_2.exe (PID: 3980)

    • Reads security settings of Internet Explorer

      • AcceleratePCPro_2.exe (PID: 3980)

    • Reads settings of System Certificates

      • AcceleratePCPro_2.exe (PID: 3980)

    • Checks Windows Trust Settings

      • AcceleratePCPro_2.exe (PID: 3980)

    • Searches for installed software

      • AcceleratePCPro_2.exe (PID: 3980)

  • INFO

    • Reads CPU info

      • AcceleratePCPro_2.exe (PID: 3980)

    • Reads the computer name

      • AcceleratePCPro_2.exe (PID: 3980)
      • wmpnscfg.exe (PID: 112)

    • Checks supported languages

      • AcceleratePCPro_2.exe (PID: 3980)
      • wmpnscfg.exe (PID: 112)

    • Checks proxy server information

      • AcceleratePCPro_2.exe (PID: 3980)

    • Creates files or folders in the user directory

      • AcceleratePCPro_2.exe (PID: 3980)

    • Reads the machine GUID from the registry

      • AcceleratePCPro_2.exe (PID: 3980)

    • Create files in a temporary directory

      • AcceleratePCPro_2.exe (PID: 3980)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 112)

    • Reads the software policy settings

      • AcceleratePCPro_2.exe (PID: 3980)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (16.3)
.exe | Win64 Executable (generic) (14.5)
.dll | Win32 Dynamic Link Library (generic) (3.4)
.exe | Win32 Executable (generic) (2.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2020:01:07 15:47:15+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 2457088
InitializedDataSize: 4334080
UninitializedDataSize: -
EntryPoint: 0x208494
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.0.4.72
ProductVersionNumber: 1.0.4.72
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: PC Accelerate Pro Company
FileDescription: PCAP
InternalName: PCAP.exe
OriginalFileName: PCAP.exe
ProductName: PCAP
FileVersion: 1.0.4.72
LegalCopyright: Copyright PC Accelerate Pro Company 2019
ProductVersion: 1.0.4.72
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start acceleratepcpro_2.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
112"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3980"C:\Users\admin\AppData\Local\Temp\AcceleratePCPro_2.exe" C:\Users\admin\AppData\Local\Temp\AcceleratePCPro_2.exe
explorer.exe
User:
admin
Company:
PC Accelerate Pro Company
Integrity Level:
MEDIUM
Description:
PCAP
Version:
1.0.4.72
Modules
Images
c:\users\admin\appdata\local\temp\acceleratepcpro_2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\psapi.dll
c:\windows\system32\newdev.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
7 770
Read events
7 727
Write events
37
Delete events
6

Modification events

(PID) Process:(3980) AcceleratePCPro_2.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
Operation:writeName:AcceleratePCPro_2.exe
Value:
9999
(PID) Process:(3980) AcceleratePCPro_2.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3980) AcceleratePCPro_2.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyServer
Value:
(PID) Process:(3980) AcceleratePCPro_2.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyOverride
Value:
(PID) Process:(3980) AcceleratePCPro_2.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoConfigURL
Value:
(PID) Process:(3980) AcceleratePCPro_2.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoDetect
Value:
(PID) Process:(3980) AcceleratePCPro_2.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005D010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3980) AcceleratePCPro_2.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3980) AcceleratePCPro_2.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3980) AcceleratePCPro_2.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
0
Suspicious files
7
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
3980AcceleratePCPro_2.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\TYX336G5.txttext
MD5:5B166BEF847D65820034A61FBCE1B899
SHA256:844A749E1D8E0C255B400F43F79065770491CB511BDD110A902D5158D7956565
3980AcceleratePCPro_2.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAder
MD5:2A267C8371F84045236028D9D98B0988
SHA256:3E6148F5D2F700962E4CA856D369CF61329D27095AAB4081997A69C337194F4A
3980AcceleratePCPro_2.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\EEV1P5TB.txttext
MD5:7882217957A7FD9868D7D4B686A7968A
SHA256:9C80ADCCD3C555134E467CEB4935D61541C72DE575729D4EFE81655392818791
3980AcceleratePCPro_2.exeC:\Users\admin\AppData\Local\AcceleratePCPro_2\dwsm.datbinary
MD5:6FE937839AE1E3163AEB71749C23CFDF
SHA256:C840E38ADC9F477B9A9378A77988CD9F7071559920655513246EA8CF20B6301B
3980AcceleratePCPro_2.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464der
MD5:8202A1CD02E7D69597995CABBE881A12
SHA256:58F381C3A0A0ACE6321DA22E40BD44A597BD98B9C9390AB9258426B5CF75A7A5
3980AcceleratePCPro_2.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:7E788F0FD653F5044C1D566FB735BB86
SHA256:C1F86A7EA4368EC1B7BC4FD69B4F35E5194F1E860A70E145AD9D9C805FDB459E
3980AcceleratePCPro_2.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464binary
MD5:B4FDEE3CCBA3D5C342A01A060606D19D
SHA256:A7D2B4CC674495B15534E9AD6B13EEA2AEE3CB7AA4C105280CF7B61019E17946
3980AcceleratePCPro_2.exeC:\Users\admin\AppData\Local\AcceleratePCPro_2\AcceleratePCPro_2.cfgtext
MD5:CAE9C98FB5071B9EA46C69414F606F90
SHA256:E410532CFA5DD0C66E2ECBFCAA75907D373A80EFB6A281C3EA486FAD2E09114E
3980AcceleratePCPro_2.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:626A95B02303B236DC259388F4981D5D
SHA256:1E9A7C737C7EA0A7D95B279ECFFB8EBA1BBD5B1A89DC7F2FB7F3E379EE760278
3980AcceleratePCPro_2.exeC:\Users\admin\AppData\Local\AcceleratePCPro_2\twsm.datbinary
MD5:6FE937839AE1E3163AEB71749C23CFDF
SHA256:C840E38ADC9F477B9A9378A77988CD9F7071559920655513246EA8CF20B6301B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
17
DNS requests
9
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3980
AcceleratePCPro_2.exe
GET
200
104.18.4.213:80
http://spywaremaid.com/whitelist?smv=1.0.1.2&wlv=0.0&id=b851b928d6bf4cb1906f5442535c5a1f
unknown
unknown
3980
AcceleratePCPro_2.exe
GET
200
104.18.20.69:80
http://pcacceleratepro.com/clamav.php
unknown
unknown
GET
200
172.245.127.102:80
http://softwarehelpdata.com/pcap.php?a=dpi_96&c=0&id=b851b928d6bf4cb1906f5442535c5a1f&t=03144320&v=472&aff=
unknown
unknown
GET
200
172.245.127.102:80
http://softwarehelpdata.com/pcap.php?a=hb&c=0&id=b851b928d6bf4cb1906f5442535c5a1f&t=03144320&v=472&aff=
unknown
unknown
GET
200
104.18.4.213:80
http://spywaremaid.com/wsm.dat
unknown
unknown
3980
AcceleratePCPro_2.exe
POST
200
104.18.5.248:80
http://softremoval.pcaccel.com/extensions
unknown
unknown
3980
AcceleratePCPro_2.exe
GET
304
23.50.131.216:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?2f209f4c903930da
unknown
unknown
3980
AcceleratePCPro_2.exe
GET
200
172.217.16.131:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
unknown
3980
AcceleratePCPro_2.exe
GET
200
172.217.16.131:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFCjJ1PwkYAi7fE%3D
unknown
unknown
1088
svchost.exe
GET
304
23.50.131.216:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e42d90092c0249b4
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
3980
AcceleratePCPro_2.exe
172.245.127.102:80
softwarehelpdata.com
AS-COLOCROSSING
US
unknown
3980
AcceleratePCPro_2.exe
104.18.4.213:80
spywaremaid.com
CLOUDFLARENET
unknown
3980
AcceleratePCPro_2.exe
104.18.20.69:80
pcacceleratepro.com
CLOUDFLARENET
unknown
3980
AcceleratePCPro_2.exe
49.13.77.253:80
config.instantsupport.help
Hetzner Online GmbH
DE
unknown
3980
AcceleratePCPro_2.exe
104.18.5.248:80
softremoval.pcaccel.com
CLOUDFLARENET
unknown
3980
AcceleratePCPro_2.exe
104.18.28.58:443
backend.driver-fixer.com
CLOUDFLARENET
unknown

DNS requests

Domain
IP
Reputation
pcacceleratepro.com
  • 104.18.20.69
  • 104.18.21.69
malicious
spywaremaid.com
  • 104.18.4.213
  • 104.18.5.213
unknown
softwarehelpdata.com
  • 172.245.127.102
malicious
config.instantsupport.help
  • 49.13.77.253
malicious
softremoval.pcaccel.com
  • 104.18.5.248
  • 104.18.4.248
unknown
backend.driver-fixer.com
  • 104.18.28.58
  • 104.18.29.58
malicious
ctldl.windowsupdate.com
  • 23.50.131.216
  • 23.50.131.213
  • 23.50.131.200
whitelisted
ocsp.pki.goog
  • 172.217.16.131
whitelisted

Threats

PID
Process
Class
Message
3980
AcceleratePCPro_2.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP PCAcceleratePro PUA/Adware User-Agent
Possibly Unwanted Program Detected
ET ADWARE_PUP PCAcceleratePro PUA/Adware User-Agent
Possibly Unwanted Program Detected
ET ADWARE_PUP PCAcceleratePro PUA/Adware User-Agent
Possibly Unwanted Program Detected
ET ADWARE_PUP PCAcceleratePro PUA/Adware User-Agent
Possibly Unwanted Program Detected
ET ADWARE_PUP PCAcceleratePro PUA/Adware User-Agent
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
Possibly Unwanted Program Detected
ET ADWARE_PUP PCAcceleratePro PUA/Adware User-Agent
1 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
AcceleratePCPro_2.exe