File name:

opener(1).exe

Full analysis: https://app.any.run/tasks/917bf99e-da09-4255-b4ec-48bdd14238cb
Verdict: Malicious activity
Analysis date: May 09, 2025, 11:19:59
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
python
pyinstaller
evasion
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 6 sections
MD5:

C1EB92FEE8B6423ED79570F75D519152

SHA1:

63F41AA86943FEE372D45D26B97B0B8693EFDC89

SHA256:

85D3B43C024F732E55D49A04DBC9DAEB0231F9D92E9ECBDC5DD19BE39F069736

SSDEEP:

98304:BKY7YbSb4Y6ZhkDQet54nHZUMtHfktEzafhOsE+XZ0Ommp43vOrPKjejYuAnZCrl:+crfk881mw2/ki73V

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Antivirus name has been found in the command line (generic signature)

      • MsMpEng.exe (PID: 14236)

  • SUSPICIOUS

    • The process drops C-runtime libraries

      • opener(1).exe (PID: 728)

    • Process drops legitimate windows executable

      • opener(1).exe (PID: 728)
      • MicrosoftEdgeUpdateSetup.exe (PID: 10848)
      • MicrosoftEdgeUpdateSetup.exe (PID: 16400)
      • MicrosoftEdgeUpdate.exe (PID: 4376)

    • Loads Python modules

      • opener(1).exe (PID: 4000)

    • Application launched itself

      • opener(1).exe (PID: 728)
      • CCleaner64.exe (PID: 7696)
      • CCleaner64.exe (PID: 5964)
      • CCleaner64.exe (PID: 7728)
      • CCleaner64.exe (PID: 3900)
      • setup.exe (PID: 6660)
      • helper.exe (PID: 10832)
      • identity_helper.exe (PID: 13104)
      • identity_helper.exe (PID: 15380)
      • setup.exe (PID: 12920)
      • setup.exe (PID: 13168)
      • unins000.exe (PID: 16668)
      • Skype.exe (PID: 16660)
      • setup.exe (PID: 17336)
      • setup.exe (PID: 16556)

    • Process drops python dynamic module

      • opener(1).exe (PID: 728)

    • Executable content was dropped or overwritten

      • opener(1).exe (PID: 728)
      • CCleaner64.exe (PID: 3900)
      • CCleaner64.exe (PID: 7728)
      • uninstall.exe (PID: 8316)
      • Un_A.exe (PID: 8540)
      • CCleaner64.exe (PID: 8576)
      • helper.exe (PID: 10832)
      • helper.exe (PID: 14444)
      • uninstaller.exe (PID: 12420)
      • Un_A.exe (PID: 15356)
      • GoogleUpdateSetup.exe (PID: 15704)
      • GoogleUpdateSetup.exe (PID: 15940)
      • _iu14D2N.tmp (PID: 17396)
      • MicrosoftEdgeUpdateSetup.exe (PID: 10848)
      • unins000.exe (PID: 17252)

    • There is functionality for taking screenshot (YARA)

      • opener(1).exe (PID: 728)
      • opener(1).exe (PID: 4000)

    • Reads security settings of Internet Explorer

      • CCleaner64.exe (PID: 5964)
      • CCleaner64.exe (PID: 7696)
      • CCleaner64.exe (PID: 7728)
      • OfficeC2RClient.exe (PID: 5936)
      • CCleaner64.exe (PID: 3900)
      • IntegratedOffice.exe (PID: 7328)
      • officesvcmgr.exe (PID: 8188)
      • OfficeC2RClient.exe (PID: 8856)
      • IntegratedOffice.exe (PID: 8284)
      • culauncher.exe (PID: 8412)
      • OfficeC2RClient.exe (PID: 8476)

    • Reads the date of Windows installation

      • CCleaner64.exe (PID: 7696)
      • CCleaner64.exe (PID: 5964)
      • CCleaner64.exe (PID: 3900)
      • CCleaner64.exe (PID: 7728)

    • Reads Internet Explorer settings

      • CCleaner64.exe (PID: 3900)
      • CCleaner64.exe (PID: 7728)

    • Searches for installed software

      • CCleaner64.exe (PID: 3900)
      • CCleaner64.exe (PID: 7728)
      • OfficeC2RClient.exe (PID: 8476)
      • OfficeC2RClient.exe (PID: 8856)

    • Starts itself from another location

      • uninstall.exe (PID: 8316)
      • helper.exe (PID: 14444)
      • uninstaller.exe (PID: 12420)
      • javaws.exe (PID: 14328)
      • javaws.exe (PID: 9060)
      • unins000.exe (PID: 17252)

    • Executes application which crashes

      • chrome_pwa_launcher.exe (PID: 9080)
      • OfficeScrSanBroker.exe (PID: 13004)
      • default-browser-agent.exe (PID: 9724)
      • Microsoft.Mashup.Container.NetFX40.exe (PID: 5232)
      • Microsoft.Mashup.Container.NetFX45.exe (PID: 14100)
      • SenseAadAuthenticator.exe (PID: 10492)
      • FLTLDR.EXE (PID: 6436)
      • plugin-container.exe (PID: 12192)
      • GUP.exe (PID: 9308)
      • cookie_exporter.exe (PID: 16376)
      • msedge_pwa_launcher.exe (PID: 16276)
      • cookie_exporter.exe (PID: 11208)
      • msedge_pwa_launcher.exe (PID: 15592)

    • Checks for external IP

      • CCleaner64.exe (PID: 7728)
      • CCleaner64.exe (PID: 3900)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • helper.exe (PID: 10832)
      • helper.exe (PID: 14444)
      • Un_A.exe (PID: 15356)

    • Uses REG/REGEDIT.EXE to modify registry

      • Skype.exe (PID: 16660)

    • Starts application with an unusual extension

      • unins000.exe (PID: 17252)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeUpdate.exe (PID: 12012)
      • MicrosoftEdgeUpdateSetup.exe (PID: 10848)
      • MicrosoftEdgeUpdate.exe (PID: 4376)

    • Process uses IPCONFIG to discover network configuration

      • iediagcmd.exe (PID: 9276)

    • Uses ROUTE.EXE to obtain the routing table information

      • iediagcmd.exe (PID: 9276)

    • Suspicious use of NETSH.EXE

      • iediagcmd.exe (PID: 9276)

  • INFO

    • Create files in a temporary directory

      • opener(1).exe (PID: 728)
      • OfficeC2RClient.exe (PID: 5936)
      • OfficeClickToRun.exe (PID: 7756)
      • OfficeC2RClient.exe (PID: 8856)
      • OfficeC2RClient.exe (PID: 8476)
      • IntegratedOffice.exe (PID: 7328)
      • IntegratedOffice.exe (PID: 8284)
      • uninstall.exe (PID: 8316)

    • Checks supported languages

      • opener(1).exe (PID: 728)
      • opener(1).exe (PID: 4000)
      • CCleaner.exe (PID: 8188)
      • CCleaner64.exe (PID: 7696)
      • CCleaner64.exe (PID: 5964)
      • CCleanerReactivator.exe (PID: 7488)
      • CCleanerBugReport.exe (PID: 8168)
      • CCleanerPerformanceOptimizerService.exe (PID: 7704)
      • wa_3rd_party_host_64.exe (PID: 2140)
      • appvcleaner.exe (PID: 7768)
      • AppVShNotify.exe (PID: 4272)
      • CCleaner64.exe (PID: 3900)
      • InspectorOfficeGadget.exe (PID: 7680)
      • MavInject32.exe (PID: 7404)
      • IntegratedOffice.exe (PID: 7328)
      • CCleaner64.exe (PID: 7728)
      • AppVShNotify.exe (PID: 8232)
      • officesvcmgr.exe (PID: 8188)
      • MavInject32.exe (PID: 8356)
      • OfficeC2RClient.exe (PID: 5936)
      • InspectorOfficeGadget.exe (PID: 8244)
      • appvcleaner.exe (PID: 7280)
      • OfficeClickToRun.exe (PID: 7756)
      • IntegratedOffice.exe (PID: 8284)
      • IMESharePointDictionary.exe (PID: 8724)
      • mip.exe (PID: 8820)
      • OfficeC2RClient.exe (PID: 8856)
      • officesvcmgr.exe (PID: 8712)
      • ShapeCollector.exe (PID: 8908)
      • ShapeCollector.exe (PID: 9116)
      • msinfo32.exe (PID: 9108)
      • LICLUA.EXE (PID: 9176)
      • OfficeC2RClient.exe (PID: 8552)
      • OfficeC2RClient.exe (PID: 8476)
      • culauncher.exe (PID: 8412)
      • fzputtygen.exe (PID: 8480)
      • filezilla.exe (PID: 8356)
      • fzsftp.exe (PID: 8752)
      • InputPersonalization.exe (PID: 8776)
      • VSTOInstaller.exe (PID: 7404)
      • fzstorj.exe (PID: 8816)
      • chrome_proxy.exe (PID: 6828)
      • chrome_pwa_launcher.exe (PID: 9080)
      • uninstall.exe (PID: 8316)
      • elevation_service.exe (PID: 8480)
      • OfficeClickToRun.exe (PID: 8616)
      • notification_helper.exe (PID: 8216)
      • CCleaner64.exe (PID: 8576)
      • Un_A.exe (PID: 8540)

    • The sample compiled with english language support

      • opener(1).exe (PID: 728)
      • CCleaner64.exe (PID: 3900)
      • CCleaner64.exe (PID: 7728)
      • uninstall.exe (PID: 8316)
      • CCleaner64.exe (PID: 8576)
      • helper.exe (PID: 14444)
      • GoogleUpdateSetup.exe (PID: 15704)
      • GoogleUpdateSetup.exe (PID: 15940)
      • uninstaller.exe (PID: 12420)
      • MicrosoftEdgeUpdateSetup.exe (PID: 10848)
      • MicrosoftEdgeUpdateSetup.exe (PID: 16400)
      • MicrosoftEdgeUpdate.exe (PID: 4376)

    • Reads the computer name

      • opener(1).exe (PID: 728)
      • CCleaner.exe (PID: 8188)
      • CCleaner64.exe (PID: 5964)
      • CCleanerBugReport.exe (PID: 8168)
      • CCleanerPerformanceOptimizerService.exe (PID: 7704)
      • CCleaner64.exe (PID: 7696)
      • AppVShNotify.exe (PID: 4272)
      • CCleaner64.exe (PID: 7728)
      • InspectorOfficeGadget.exe (PID: 7680)
      • CCleaner64.exe (PID: 3900)
      • AppVShNotify.exe (PID: 8232)
      • OfficeC2RClient.exe (PID: 5936)
      • OfficeClickToRun.exe (PID: 7756)
      • InspectorOfficeGadget.exe (PID: 8244)
      • IntegratedOffice.exe (PID: 7328)
      • officesvcmgr.exe (PID: 8188)
      • InputPersonalization.exe (PID: 8776)
      • OfficeC2RClient.exe (PID: 8856)
      • ShapeCollector.exe (PID: 9116)
      • msinfo32.exe (PID: 9108)
      • IntegratedOffice.exe (PID: 8284)
      • mip.exe (PID: 8820)
      • ShapeCollector.exe (PID: 8908)
      • OfficeC2RClient.exe (PID: 8476)
      • LICLUA.EXE (PID: 9176)
      • culauncher.exe (PID: 8412)
      • officesvcmgr.exe (PID: 8712)
      • VSTOInstaller.exe (PID: 7404)
      • filezilla.exe (PID: 8356)
      • OfficeClickToRun.exe (PID: 8616)
      • CCleaner64.exe (PID: 8576)

    • Reads Environment values

      • CCleaner.exe (PID: 8188)
      • CCleaner64.exe (PID: 5964)
      • CCleaner64.exe (PID: 7696)
      • CCleaner64.exe (PID: 3900)
      • CCleaner64.exe (PID: 7728)
      • culauncher.exe (PID: 8412)
      • CCleaner64.exe (PID: 8576)

    • PyInstaller has been detected (YARA)

      • opener(1).exe (PID: 728)
      • opener(1).exe (PID: 4000)

    • Application launched itself

      • AcroCEF.exe (PID: 7172)
      • chrome.exe (PID: 7916)
      • chrome.exe (PID: 9056)
      • chrmstp.exe (PID: 8516)
      • chrome.exe (PID: 10364)
      • chrome.exe (PID: 10560)
      • msedge.exe (PID: 11040)
      • firefox.exe (PID: 5452)
      • firefox.exe (PID: 8408)
      • firefox.exe (PID: 2284)
      • msedge.exe (PID: 8884)

    • Process checks computer location settings

      • CCleaner64.exe (PID: 7696)
      • CCleaner64.exe (PID: 5964)
      • OfficeC2RClient.exe (PID: 5936)
      • IntegratedOffice.exe (PID: 7328)
      • OfficeC2RClient.exe (PID: 8856)
      • OfficeC2RClient.exe (PID: 8476)
      • IntegratedOffice.exe (PID: 8284)
      • CCleaner64.exe (PID: 3900)
      • CCleaner64.exe (PID: 7728)

    • Reads the machine GUID from the registry

      • CCleanerBugReport.exe (PID: 8168)
      • CCleaner64.exe (PID: 3900)
      • appvcleaner.exe (PID: 7768)
      • CCleaner64.exe (PID: 7728)
      • InspectorOfficeGadget.exe (PID: 7680)
      • InspectorOfficeGadget.exe (PID: 8244)
      • appvcleaner.exe (PID: 7280)
      • culauncher.exe (PID: 8412)
      • VSTOInstaller.exe (PID: 7404)

    • Reads CPU info

      • CCleanerBugReport.exe (PID: 8168)
      • CCleaner64.exe (PID: 7728)
      • CCleaner64.exe (PID: 3900)

    • Reads Microsoft Office registry keys

      • OfficeClickToRun.exe (PID: 7756)
      • OfficeC2RClient.exe (PID: 5936)
      • IntegratedOffice.exe (PID: 7328)
      • IntegratedOffice.exe (PID: 8284)
      • officesvcmgr.exe (PID: 8188)
      • OfficeC2RClient.exe (PID: 8856)
      • OfficeC2RClient.exe (PID: 8476)
      • officesvcmgr.exe (PID: 8712)
      • OfficeC2RClient.exe (PID: 8552)

    • Reads product name

      • CCleaner64.exe (PID: 7728)
      • CCleaner64.exe (PID: 3900)

    • Creates files in the program directory

      • CCleaner64.exe (PID: 3900)
      • CCleaner64.exe (PID: 7728)

    • Reads the software policy settings

      • CCleaner64.exe (PID: 3900)
      • CCleaner64.exe (PID: 7728)
      • culauncher.exe (PID: 8412)
      • IntegratedOffice.exe (PID: 7328)
      • officesvcmgr.exe (PID: 8188)
      • IntegratedOffice.exe (PID: 8284)

    • Checks proxy server information

      • OfficeC2RClient.exe (PID: 5936)
      • OfficeClickToRun.exe (PID: 7756)
      • IntegratedOffice.exe (PID: 7328)
      • OfficeC2RClient.exe (PID: 8856)
      • officesvcmgr.exe (PID: 8188)
      • IntegratedOffice.exe (PID: 8284)
      • OfficeC2RClient.exe (PID: 8476)

    • Creates files or folders in the user directory

      • InputPersonalization.exe (PID: 8776)
      • officesvcmgr.exe (PID: 8188)
      • filezilla.exe (PID: 8356)

    • FileZilla executable

      • opener(1).exe (PID: 4000)
      • uninstall.exe (PID: 8316)

    • FileZilla mutex has been found

      • filezilla.exe (PID: 8356)

    • The sample compiled with arabic language support

      • GoogleUpdateSetup.exe (PID: 15704)
      • GoogleUpdateSetup.exe (PID: 15940)

    • The sample compiled with german language support

      • GoogleUpdateSetup.exe (PID: 15704)
      • GoogleUpdateSetup.exe (PID: 15940)

    • The sample compiled with bulgarian language support

      • GoogleUpdateSetup.exe (PID: 15704)
      • GoogleUpdateSetup.exe (PID: 15940)

    • The sample compiled with czech language support

      • GoogleUpdateSetup.exe (PID: 15704)
      • GoogleUpdateSetup.exe (PID: 15940)

    • The sample compiled with spanish language support

      • GoogleUpdateSetup.exe (PID: 15704)
      • GoogleUpdateSetup.exe (PID: 15940)

    • The sample compiled with french language support

      • GoogleUpdateSetup.exe (PID: 15704)
      • GoogleUpdateSetup.exe (PID: 15940)

    • The sample compiled with Indonesian language support

      • GoogleUpdateSetup.exe (PID: 15704)
      • GoogleUpdateSetup.exe (PID: 15940)

    • The sample compiled with polish language support

      • GoogleUpdateSetup.exe (PID: 15704)
      • GoogleUpdateSetup.exe (PID: 15940)

    • The sample compiled with slovak language support

      • GoogleUpdateSetup.exe (PID: 15704)
      • GoogleUpdateSetup.exe (PID: 15940)

    • The sample compiled with russian language support

      • GoogleUpdateSetup.exe (PID: 15704)
      • GoogleUpdateSetup.exe (PID: 15940)

    • The sample compiled with portuguese language support

      • GoogleUpdateSetup.exe (PID: 15704)
      • GoogleUpdateSetup.exe (PID: 15940)

    • The sample compiled with turkish language support

      • GoogleUpdateSetup.exe (PID: 15704)
      • GoogleUpdateSetup.exe (PID: 15940)

    • The sample compiled with swedish language support

      • GoogleUpdateSetup.exe (PID: 15704)
      • GoogleUpdateSetup.exe (PID: 15940)

    • The sample compiled with chinese language support

      • GoogleUpdateSetup.exe (PID: 15704)
      • GoogleUpdateSetup.exe (PID: 15940)

    • The sample compiled with japanese language support

      • GoogleUpdateSetup.exe (PID: 15704)
      • GoogleUpdateSetup.exe (PID: 15940)

    • The sample compiled with Italian language support

      • GoogleUpdateSetup.exe (PID: 15704)
      • GoogleUpdateSetup.exe (PID: 15940)

    • The sample compiled with korean language support

      • GoogleUpdateSetup.exe (PID: 15704)
      • GoogleUpdateSetup.exe (PID: 15940)

    • Prints a route via ROUTE.EXE

      • ROUTE.EXE (PID: 9272)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2025:05:09 11:14:32+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.43
CodeSize: 172032
InitializedDataSize: 154624
UninitializedDataSize: -
EntryPoint: 0xce10
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
725
Monitored processes
553
Malicious processes
8
Suspicious processes
6

Behavior graph

Click at the process to see the details
start opener(1).exe opener(1).exe no specs acrobat.exe acrobroker.exe no specs adobecollabsync.exe no specs eula.exe no specs acrocef.exe no specs wcchromenativemessaginghost.exe no specs adobe_licensing_wf_acro.exe no specs conhost.exe no specs acrocef.exe no specs acrocef.exe acrocef.exe no specs ccleaner.exe no specs acrocef.exe no specs ccleaner64.exe no specs ccleaner64.exe no specs acrocef.exe no specs ccleanerbugreport.exe no specs conhost.exe no specs ccleanerperformanceoptimizerservice.exe no specs conhost.exe no specs ccleanerreactivator.exe no specs ccupdate.exe no specs uninst.exe no specs wa_3rd_party_host_64.exe no specs conhost.exe no specs setup.exe no specs windowsinstaller-kb893803-v2-x86.exe no specs setup.exe no specs windowsinstaller-kb893803-v2-x86.exe no specs ccleaner64.exe ccleaner64.exe appvcleaner.exe no specs appvshnotify.exe no specs inspectorofficegadget.exe no specs conhost.exe no specs integratedoffice.exe mavinject32.exe no specs officec2rclient.exe officeclicktorun.exe officesvcmgr.exe appvcleaner.exe no specs conhost.exe no specs appvshnotify.exe no specs inspectorofficegadget.exe no specs conhost.exe no specs integratedoffice.exe mavinject32.exe no specs officec2rclient.exe officeclicktorun.exe officesvcmgr.exe no specs imesharepointdictionary.exe no specs conhost.exe no specs inputpersonalization.exe no specs mip.exe no specs officec2rclient.exe shapecollector.exe no specs tabtip.exe no specs msinfo32.exe no specs shapecollector.exe no specs liclua.exe no specs vstoinstaller.exe no specs culauncher.exe no specs filezilla.exe no specs officec2rclient.exe fzputtygen.exe no specs conhost.exe no specs fzsftp.exe no specs conhost.exe no specs fzstorj.exe no specs uninstall.exe conhost.exe no specs chrome.exe chrome_proxy.exe no specs chrome_pwa_launcher.exe elevation_service.exe no specs notification_helper.exe no specs chrome.exe no specs un_a.exe chrmstp.exe no specs ccleaner64.exe ccleaner64.exe werfault.exe no specs setup.exe no specs extexport.exe no specs iediagcmd.exe conhost.exe no specs ieinstal.exe no specs ielowutil.exe no specs iexplore.exe no specs jabswitch.exe no specs chrome.exe no specs chrome.exe no specs conhost.exe no specs java-rmi.exe no specs java.exe no specs conhost.exe no specs javacpl.exe no specs conhost.exe no specs javaw.exe javaw.exe no specs javaws.exe no specs jjs.exe no specs conhost.exe no specs jp2launcher.exe no specs keytool.exe no specs conhost.exe no specs kinit.exe no specs conhost.exe no specs klist.exe no specs conhost.exe no specs ktab.exe no specs conhost.exe no specs orbd.exe no specs chrmstp.exe no specs conhost.exe no specs pack200.exe no specs conhost.exe no specs setup.exe no specs policytool.exe no specs rmid.exe no specs chrome.exe no specs rmiregistry.exe no specs chrome.exe no specs chrome.exe servertool.exe no specs chrome.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs chrome.exe no specs chrome.exe no specs conhost.exe no specs chrome.exe no specs ssvagent.exe no specs tnameserv.exe no specs conhost.exe no specs unpack200.exe no specs conhost.exe no specs ospprearm.exe no specs conhost.exe no specs appvdllsurrogate.exe no specs conhost.exe no specs msedge.exe appvdllsurrogate32.exe no specs conhost.exe no specs appvdllsurrogate64.exe no specs conhost.exe no specs appvlp.exe no specs integrator.exe chrome.exe no specs chrome.exe no specs clview.exe conhost.exe no specs cnfnot32.exe no specs chrome.exe no specs dxdiag.exe msedge.exe no specs excel.exe msedge.exe no specs msedge.exe msedge.exe no specs excelcnv.exe graph.exe iecontentservice.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msaccess.exe msoadfsb.exe msoasb.exe no specs msohtmed.exe no specs msosrec.exe msedge.exe no specs mspub.exe msedge.exe no specs msedge.exe no specs msqry32.exe no specs namecontrolserver.exe officeappguardwin32.exe no specs officescrbroker.exe no specs conhost.exe no specs officescrsanbroker.exe olcfg.exe onenote.exe onenotem.exe no specs orgchart.exe no specs werfault.exe no specs icacls.exe no specs conhost.exe no specs outlook.exe pdfreflow.exe no specs perfboost.exe no specs powerpnt.exe protocolhandler.exe scanpst.exe sdxhelper.exe sdxhelperbgt.exe no specs selfcert.exe no specs setlang.exe no specs sdxhelper.exe vpreview.exe no specs winword.exe wordconv.exe no specs microsoft.mashup.container.exe microsoft.mashup.container.loader.exe no specs conhost.exe no specs microsoft.mashup.container.netfx40.exe microsoft.mashup.container.netfx45.exe skypeserver.exe no specs dw20.exe no specs ai.exe no specs aimgr.exe no specs fltldr.exe msoxmled.exe no specs olicenseheartbeat.exe operfmon.exe no specs smarttaginstall.exe no specs conhost.exe no specs werfault.exe no specs ose.exe no specs ai.exe no specs aimgr.exe no specs sqldumper.exe no specs conhost.exe no specs sqldumper.exe no specs conhost.exe no specs appsharinghookcontroller.exe no specs msohtmed.exe no specs slui.exe jucheck.exe no specs integratedoffice.exe officeclicktorun.exe ai.exe no specs expediteupdater.exe no specs uhssvc.exe no specs conhost.exe no specs crashreporter.exe no specs conhost.exe no specs default-browser-agent.exe firefox.exe no specs maintenanceservice.exe no specs maintenanceservice_installer.exe no specs minidump-analyzer.exe no specs werfault.exe no specs pingsender.exe no specs conhost.exe no specs conhost.exe no specs plugin-container.exe private_browsing.exe no specs updater.exe no specs firefox.exe helper.exe notepad++.exe no specs uninstall.exe no specs firefox.exe gup.exe pchealthcheck.exe werfault.exe no specs pchealthcheckbroker.exe no specs createdump.exe no specs conhost.exe no specs pwsh.exe conhost.exe no specs disktoast.exe no specs osrrb.exe no specs conhost.exe no specs sedlauncher.exe no specs conhost.exe no specs sedsvc.exe no specs conhost.exe no specs werfault.exe no specs officec2rclient.exe werfault.exe no specs werfault.exe no specs officeclicktorun.exe dtudriver.exe no specs firefox.exe no specs plugscheduler.exe no specs ruximics.exe no specs firefox.exe no specs ruximih.exe no specs uninstall.exe no specs vlc-cache-gen.exe no specs conhost.exe no specs vlc.exe no specs configsecuritypolicy.exe no specs conhost.exe no specs mpcmdrun.exe no specs msmpeng.exe no specs nissrv.exe no specs offlinescannershell.exe no specs conhost.exe no specs conhost.exe no specs mssense.exe no specs conhost.exe no specs senseaadauthenticator.exe sensecm.exe no specs conhost.exe no specs sensegpparser.exe no specs senseimdscollector.exe senseir.exe no specs werfault.exe no specs sensendr.exe no specs sensesampleuploader.exe no specs helper.exe sensetvm.exe no specs sensece.exe no specs firefox.exe no specs firefox.exe no specs wab.exe no specs wabmig.exe no specs setup_wm.exe wmlaunch.exe no specs wmpconfig.exe no specs wmplayer.exe no specs wmpnetwk.exe no specs wmpnscfg.exe no specs wmprph.exe no specs conhost.exe no specs wmpshare.exe no specs wordpad.exe no specs imagingdevices.exe no specs setup_wm.exe no specs browsercore.exe no specs conhost.exe no specs rar.exe no specs conhost.exe no specs uninstall.exe no specs unregmp2.exe no specs unrar.exe no specs conhost.exe no specs winrar.exe no specs tiworker.exe no specs uninstaller.exe adobearm.exe onenotem.exe no specs un_a.exe adobearmhelper.exe no specs armsvc.exe no specs jaureg.exe no specs conhost.exe no specs jucheck.exe jusched.exe no specs pipanel.exe no specs tabtip32.exe no specs msinfo32.exe no specs vstoinstaller.exe no specs java.exe no specs conhost.exe no specs javaw.exe no specs javaws.exe no specs java.exe no specs javaw.exe no specs javaws.exe no specs conhost.exe no specs googleupdate.exe no specs googlecrashhandler.exe no specs javaws.exe no specs javaws.exe no specs googlecrashhandler64.exe no specs googleupdate.exe no specs googleupdatebroker.exe no specs googleupdate.exe no specs googleupdatecomregistershell64.exe no specs googleupdatecore.exe no specs googleupdateondemand.exe no specs googleupdate.exe no specs googleupdatesetup.exe chrome_installer.exe no specs acrobat_sl.exe no specs googleupdatesetup.exe extexport.exe no specs ieinstal.exe no specs ielowutil.exe no specs iexplore.exe no specs msedge.exe no specs javaws.exe no specs msedge_proxy.exe no specs firefox.exe no specs pwahelper.exe no specs jp2launcher.exe cookie_exporter.exe iexplore.exe no specs elevation_service.exe no specs identity_helper.exe no specs msedge.exe no specs werfault.exe no specs identity_helper.exe no specs msedge.exe no specs msedgewebview2.exe no specs msedge_proxy.exe no specs identity_helper.exe no specs msedge_pwa_launcher.exe identity_helper.exe no specs msedge.exe no specs notification_click_helper.exe no specs notification_helper.exe no specs notification_helper.exe no specs pwahelper.exe no specs msedge.exe no specs ie_to_edge_stub.exe no specs setup.exe no specs rundll32.exe no specs werfault.exe no specs cookie_exporter.exe elevation_service.exe no specs werfault.exe no specs identity_helper.exe no specs msedge.exe no specs msedgewebview2.exe no specs msedge_proxy.exe no specs msedge_pwa_launcher.exe notification_helper.exe no specs pwahelper.exe no specs werfault.exe no specs identity_helper.exe no specs ie_to_edge_stub.exe no specs setup.exe no specs msedge.exe no specs chrome.exe no specs setup.exe no specs setup.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdatebroker.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecore.exe no specs microsoftedgeupdateondemand.exe no specs microsoftedgeupdatesetup.exe no specs microsoftedge_x64_122.0.2365.59.exe no specs microsoftedge_x64_122.0.2365.59.exe no specs wermgr.exe skype.exe unins000.exe no specs maintenanceservice.exe no specs uninstall.exe no specs wab.exe no specs wabmig.exe no specs setup_wm.exe no specs wmlaunch.exe no specs wmpconfig.exe no specs wmplayer.exe no specs wmprph.exe no specs wmpshare.exe no specs wordpad.exe no specs imagingdevices.exe no specs setup_wm.exe no specs skype.exe no specs unins000.exe splwow64.exe no specs _iu14d2n.tmp microsoftedgeupdate.exe no specs skype.exe no specs skype.exe reg.exe no specs conhost.exe no specs msedge.exe no specs skype.exe no specs ipconfig.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs route.exe no specs conhost.exe no specs microsoftedgeupdatesetup.exe netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs microsoftedgeupdate.exe netsh.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs skype.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs makecab.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs setup.exe no specs setup.exe no specs setup.exe no specs setup.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
300\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exereg.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
448"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=4972 --field-trial-handle=2028,i,16024426338443704505,12986504286236887001,262144 --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
672C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
720"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5724 --field-trial-handle=2312,i,14600701987187880428,7681635510787193317,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
728"C:\Users\admin\AppData\Local\Temp\opener(1).exe" C:\Users\admin\AppData\Local\Temp\opener(1).exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\appdata\local\temp\opener(1).exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
732\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exektab.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1120"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2524 -childID 2 -isForBrowser -prefsHandle 4072 -prefMapHandle 4068 -prefsLen 26876 -prefMapSize 244583 -jsInitHandle 1320 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d78e805-2b56-4a42-9c53-4195bb743600} 8408 "\\.\pipe\gecko-crash-server-pipe.8408" 11156d94a10 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\program files\mozilla firefox\msvcp140.dll
1196"C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.59\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.59\msedgewebview2.exeopener(1).exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Exit code:
13
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1196"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2308 --field-trial-handle=2312,i,14600701987187880428,7681635510787193317,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1560"C:\Program Files\Windows Defender\NisSrv.exe"C:\Program Files\Windows Defender\NisSrv.exeopener(1).exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Network Realtime Inspection Service
Exit code:
2147943463
Version:
4.18.1909.6 (WinBuild.160101.0800)
Modules
Images
c:\program files\windows defender\nissrv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
334 909
Read events
326 942
Write events
7 343
Delete events
624

Modification events

(PID) Process:(3900) CCleaner64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Piriform\CCleaner
Operation:writeName:DAST
Value:
05/09/2025 11:20:29
(PID) Process:(3900) CCleaner64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Piriform\CCleaner
Operation:writeName:T8062
Value:
0
(PID) Process:(3900) CCleaner64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Piriform\CCleaner
Operation:writeName:UpdateBackground
Value:
1
(PID) Process:(7728) CCleaner64.exeKey:HKEY_CURRENT_USER\SOFTWARE\Piriform\CCleaner
Operation:writeName:UpdateBackground
Value:
1
(PID) Process:(5936) OfficeC2RClient.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:en-US
Value:
2
(PID) Process:(5936) OfficeC2RClient.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:de-de
Value:
2
(PID) Process:(5936) OfficeC2RClient.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:fr-fr
Value:
2
(PID) Process:(5936) OfficeC2RClient.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:es-es
Value:
2
(PID) Process:(5936) OfficeC2RClient.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:it-it
Value:
2
(PID) Process:(5936) OfficeC2RClient.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
Operation:writeName:ja-jp
Value:
2
Executable files
461
Suspicious files
1 339
Text files
281
Unknown types
8

Dropped files

PID
Process
Filename
Type
728opener(1).exeC:\Users\admin\AppData\Local\Temp\_MEI7282\api-ms-win-core-console-l1-1-0.dllexecutable
MD5:E8B9D74BFD1F6D1CC1D99B24F44DA796
SHA256:B1B3FD40AB437A43C8DB4994CCFFC7F88000CC8BB6E34A2BCBFF8E2464930C59
728opener(1).exeC:\Users\admin\AppData\Local\Temp\_MEI7282\api-ms-win-core-datetime-l1-1-0.dllexecutable
MD5:CFE0C1DFDE224EA5FED9BD5FF778A6E0
SHA256:0D0F80CBF476AF5B1C9FD3775E086ED0DFDB510CD0CC208EC1CCB04572396E3E
728opener(1).exeC:\Users\admin\AppData\Local\Temp\_MEI7282\_socket.pydexecutable
MD5:566CB4D39B700C19DBD7175BD4F2B649
SHA256:77EBA293FE03253396D7BB6E575187CD026C80766D7A345EB72AD92F0BBBC3AA
728opener(1).exeC:\Users\admin\AppData\Local\Temp\_MEI7282\api-ms-win-core-debug-l1-1-0.dllexecutable
MD5:33BBECE432F8DA57F17BF2E396EBAA58
SHA256:7CF0944901F7F7E0D0B9AD62753FC2FE380461B1CCE8CDC7E9C9867C980E3B0E
728opener(1).exeC:\Users\admin\AppData\Local\Temp\_MEI7282\VCRUNTIME140.dllexecutable
MD5:32DA96115C9D783A0769312C0482A62D
SHA256:8B10C53241726B0ACC9F513157E67FCB01C166FEC69E5E38CA6AADA8F9A3619F
728opener(1).exeC:\Users\admin\AppData\Local\Temp\_MEI7282\_decimal.pydexecutable
MD5:21FCB8E3D4310346A5DC1A216E7E23CA
SHA256:9A0E05274CAD8D90F6BA6BC594261B36BFBDDF4F5CA6846B6367FE6A4E2FDCE4
728opener(1).exeC:\Users\admin\AppData\Local\Temp\_MEI7282\_hashlib.pydexecutable
MD5:3E540EF568215561590DF215801B0F59
SHA256:0ED7A6ED080499BC6C29D7113485A8A61BDBA93087B010FCA67D9B8289CBE6FA
728opener(1).exeC:\Users\admin\AppData\Local\Temp\_MEI7282\_lzma.pydexecutable
MD5:D63E2E743EA103626D33B3C1D882F419
SHA256:7C2D2030D5D246739C5D85F087FCF404BC36E1815E69A8AC7C9541267734FC28
728opener(1).exeC:\Users\admin\AppData\Local\Temp\_MEI7282\_bz2.pydexecutable
MD5:684D656AADA9F7D74F5A5BDCF16D0EDB
SHA256:A5DFB4A663DEF3D2276B88866F6D220F6D30CC777B5D841CF6DBB15C6858017C
728opener(1).exeC:\Users\admin\AppData\Local\Temp\_MEI7282\api-ms-win-core-file-l1-1-0.dllexecutable
MD5:EFAD0EE0136532E8E8402770A64C71F9
SHA256:3D2C55902385381869DB850B526261DDEB4628B83E690A32B67D2E0936B2C6ED
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
75
TCP/UDP connections
347
DNS requests
247
Threats
6

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
2.17.147.99:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
2.20.102.93:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7728
CCleaner64.exe
GET
200
95.100.146.48:80
http://ncc.avast.com/ncc.txt
unknown
whitelisted
7204
SIHClient.exe
GET
200
2.20.102.93:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7204
SIHClient.exe
GET
200
2.20.102.93:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
3900
CCleaner64.exe
GET
200
95.100.146.48:80
http://ncc.avast.com/ncc.txt
unknown
whitelisted
6344
Acrobat.exe
GET
200
2.16.38.4:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAfy81yHqHeveu%2FpR5k1Jb0%3D
unknown
whitelisted
7728
CCleaner64.exe
GET
200
2.16.38.4:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEAXfj0A2M0oL7zuU%2F%2F2jetU%3D
unknown
whitelisted
7728
CCleaner64.exe
GET
200
2.16.38.4:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5496
MoUsoCoreWorker.exe
2.17.147.99:80
crl.microsoft.com
Akamai International B.V.
CZ
whitelisted
2104
svchost.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
5496
MoUsoCoreWorker.exe
2.20.102.93:80
www.microsoft.com
RCS & RDS
RO
whitelisted
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
40.126.32.76:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
7944
AcroCEF.exe
95.100.184.205:443
geo2.adobe.com
AKAMAI-AS
FR
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 216.58.206.46
whitelisted
crl.microsoft.com
  • 2.17.147.99
  • 2.17.147.64
  • 2.16.164.114
  • 2.16.164.24
  • 2.16.164.130
  • 2.16.164.129
  • 2.16.164.18
  • 2.16.164.112
  • 2.16.164.11
  • 2.16.164.27
  • 2.16.164.25
  • 2.16.164.83
  • 2.16.164.89
  • 2.16.164.9
  • 2.16.164.106
  • 2.16.164.128
whitelisted
www.microsoft.com
  • 2.20.102.93
  • 95.101.149.131
  • 2.23.246.101
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
login.live.com
  • 40.126.32.76
  • 20.190.160.66
  • 40.126.32.134
  • 20.190.160.65
  • 20.190.160.128
  • 40.126.32.133
  • 20.190.160.14
  • 20.190.160.17
  • 40.126.31.3
  • 40.126.31.71
  • 20.190.159.128
  • 20.190.159.75
  • 40.126.31.130
  • 20.190.159.64
  • 40.126.31.129
  • 40.126.31.1
whitelisted
ocsp.digicert.com
  • 2.23.77.188
  • 2.16.38.4
whitelisted
geo2.adobe.com
  • 95.100.184.205
whitelisted
p13n.adobe.io
  • 52.202.204.11
  • 23.22.254.206
  • 54.227.187.23
  • 52.5.13.197
whitelisted
ncc.avast.com
  • 95.100.146.48
  • 95.100.146.51
whitelisted
officeclient.microsoft.com
  • 52.109.76.240
whitelisted

Threats

PID
Process
Class
Message
2196
svchost.exe
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
7728
CCleaner64.exe
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
3900
CCleaner64.exe
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
9708
javaw.exe
Potentially Bad Traffic
ET INFO Vulnerable Java Version 1.8.x Detected
9708
javaw.exe
Potentially Bad Traffic
ET INFO Vulnerable Java Version 1.8.x Detected
11348
pwsh.exe
Not Suspicious Traffic
INFO [ANY.RUN] Azure Front Door domain observed in TLS SNI ( .azurefd .net)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
opener(1).exe