File name:

adobe.snr.patch-painter.exe

Full analysis: https://app.any.run/tasks/81c4edb7-7b68-4508-a8a3-79c5a3c51aaa
Verdict: Malicious activity
Analysis date: November 07, 2023, 21:30:51
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

0D9B7ABE952D6C1DC24750BF47969132

SHA1:

982B2CB5D46D8409BB5F0D96EFD93E7A9F8B80DA

SHA256:

9EC96E0FACF95D1A08D4761AFF436DAC8318ABD008C7284A4A22347069E8284D

SSDEEP:

12288:HGsYlWDQfy1F8jr51lc+0vhOCF1dflSc46V1tKOGmixosyuC+muDXfvIFutmOyTg:msYlWDo5c+6hVdfAcJVi6iwvIDXYhlIv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • adobe.snr.patch-painter.exe (PID: 3508)
      • CCleaner.exe (PID: 3744)

    • Drops the executable file immediately after the start

      • CCleaner.exe (PID: 3744)

    • Steals credentials from Web Browsers

      • CCleaner.exe (PID: 3744)

  • SUSPICIOUS

    • Application launched itself

      • CCleaner.exe (PID: 3884)

    • Reads the Internet Settings

      • CCleaner.exe (PID: 3884)
      • CCleaner.exe (PID: 3744)

    • Reads Internet Explorer settings

      • CCleaner.exe (PID: 3744)

    • Reads Microsoft Outlook installation path

      • CCleaner.exe (PID: 3744)

    • Reads security settings of Internet Explorer

      • CCleaner.exe (PID: 3744)

    • Checks Windows Trust Settings

      • CCleaner.exe (PID: 3744)

    • Reads settings of System Certificates

      • CCleaner.exe (PID: 3744)

    • Searches for installed software

      • CCleaner.exe (PID: 3744)

  • INFO

    • Reads the computer name

      • adobe.snr.patch-painter.exe (PID: 3508)
      • CCleaner.exe (PID: 3884)
      • CCleaner.exe (PID: 3744)
      • wmpnscfg.exe (PID: 316)

    • Reads the machine GUID from the registry

      • adobe.snr.patch-painter.exe (PID: 3508)
      • CCleaner.exe (PID: 3744)
      • wmpnscfg.exe (PID: 316)

    • Checks supported languages

      • adobe.snr.patch-painter.exe (PID: 3508)
      • CCleaner.exe (PID: 3884)
      • CCleaner.exe (PID: 3744)
      • wmpnscfg.exe (PID: 316)

    • Reads Environment values

      • CCleaner.exe (PID: 3744)
      • CCleaner.exe (PID: 3884)

    • Manual execution by a user

      • CCleaner.exe (PID: 3884)
      • msedge.exe (PID: 3800)
      • wmpnscfg.exe (PID: 316)

    • Reads product name

      • CCleaner.exe (PID: 3744)

    • Reads CPU info

      • CCleaner.exe (PID: 3744)

    • Creates files in the program directory

      • CCleaner.exe (PID: 3744)

    • Checks proxy server information

      • CCleaner.exe (PID: 3744)

    • Creates files or folders in the user directory

      • CCleaner.exe (PID: 3744)

    • Application launched itself

      • msedge.exe (PID: 1296)
      • msedge.exe (PID: 3800)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (38.2)
.exe | Win32 EXE Yoda's Crypter (37.5)
.dll | Win32 Dynamic Link Library (generic) (9.2)
.exe | Win32 Executable (generic) (6.3)
.exe | Win16/32 Executable Delphi generic (2.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1992:06:20 00:22:17+02:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 606208
InitializedDataSize: 28672
UninitializedDataSize: 1044480
EntryPoint: 0x192e70
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.5.0.0
ProductVersionNumber: 1.5.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: PainteR
FileDescription: Universal Adobe Patcher
FileVersion: 1.5.0.0
InternalName: Universal Adobe Patcher
LegalCopyright: PainteR
OriginalFileName: adobesnr.exe
ProductName: Universal Adobe Patcher
ProductVersion: 1.5.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
60
Monitored processes
17
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start adobe.snr.patch-painter.exe ccleaner.exe no specs ccleaner.exe wmpnscfg.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs adobe.snr.patch-painter.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
316"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
536"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1636 --field-trial-handle=1280,i,9109453787556032632,1049148101491812585,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1064"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2252 --field-trial-handle=1280,i,9109453787556032632,1049148101491812585,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1296"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ccleaner.com/ccleaner/update?utm_source=ccleaner&utm_medium=application&utm_campaign=/ccleaner/en-ww/toaster-campaigns_ccleaner-update_hi_variant-3&v=6.14.10584&x-acqsource=&x-flow_id=43977175-7c1b-46da-88a2-8423620bbb0c&x-aswparam=eyJwX2hpZCI6IjE5Y2U5NzBiLWY2YzAtNGEwOS1iYWU0LTI3NGI5NzE3MzBlMCIsImZsb3dfaWQiOiI0Mzk3NzE3NS03YzFiLTQ2ZGEtODhhMi04NDIzNjIwYmJiMGMiLCJhcHBWZXJzaW9uIjoiNi4xNCIsInBfcHJvIjoiOTAiLCJwX3ZiZCI6IjEwNTg0IiwicF9jcmQiOiI4MDRlMjQ0My1lMzQyLTQ2MTAtYTNjOS1mYzMzYzdmMjY4NjkiLCJwX2FscCI6IjAifQC:\Program Files\Microsoft\Edge\Application\msedge.exeCCleaner.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1840"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6957f598,0x6957f5a8,0x6957f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2320"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1404 --field-trial-handle=1268,i,16644138425015606702,5322508840997632201,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2328"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1324 --field-trial-handle=1268,i,16644138425015606702,5322508840997632201,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2388"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xf0,0x6957f598,0x6957f5a8,0x6957f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2792"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1280,i,9109453787556032632,1049148101491812585,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2836"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1280,i,9109453787556032632,1049148101491812585,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
21 979
Read events
21 681
Write events
244
Delete events
54

Modification events

(PID) Process:(3508) adobe.snr.patch-painter.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17A\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3508) adobe.snr.patch-painter.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:NodeSlots
Value:
02020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
(PID) Process:(3508) adobe.snr.patch-painter.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:MRUListEx
Value:
01000000020000000700000000000000060000000C0000000B0000000D0000000A0000000900000008000000030000000500000004000000FFFFFFFF
(PID) Process:(3508) adobe.snr.patch-painter.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:MRUListEx
Value:
07000000010000000200000000000000060000000C0000000B0000000D0000000A0000000900000008000000030000000500000004000000FFFFFFFF
(PID) Process:(3508) adobe.snr.patch-painter.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\103\Shell
Operation:writeName:SniffedFolderType
Value:
Generic
(PID) Process:(3508) adobe.snr.patch-painter.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\103\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Operation:writeName:Mode
Value:
4
(PID) Process:(3508) adobe.snr.patch-painter.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\7\1\0\1
Operation:writeName:MRUListEx
Value:
0400000003000000010000000200000000000000FFFFFFFF
(PID) Process:(3508) adobe.snr.patch-painter.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\164\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Operation:writeName:Mode
Value:
4
(PID) Process:(3508) adobe.snr.patch-painter.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\103\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Operation:writeName:LogicalViewMode
Value:
1
(PID) Process:(3508) adobe.snr.patch-painter.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\103\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Operation:writeName:FFlags
Value:
1
Executable files
6
Suspicious files
122
Text files
40
Unknown types
0

Dropped files

PID
Process
Filename
Type
3744CCleaner.exeC:\Program Files\CCleaner\gcapi_dll.dllexecutable
MD5:F637D5D3C3A60FDDB5DD397556FE9B1D
SHA256:641B843CB6EE7538EC267212694C9EF0616B9AC9AB14A0ABD7CF020678D50B02
3744CCleaner.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RCVJIO59GS6VOMBAT95I.tempbinary
MD5:FE59CFD6391BAA100CE301AB3A8A8F53
SHA256:97E2BCF8DEB8D9BC42C8619771AF93097B63EB8D9DAE32C386B528592880A4AA
3744CCleaner.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:849AFBE4B7FFC3ED55AA3D126A8D1A3B
SHA256:38F985C1C56598C5361BE5A6A08204B91CC9F008C68EA846807E842FBC55F2F5
3744CCleaner.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ed7a5cc3cca8d52a.customDestinations-ms~RF171434.TMPbinary
MD5:DA39F131D86385E1285BF5489BA6B6F9
SHA256:38C92C3B93D15CCF2E5E59D01D223366D60FF508037EF997C0CDCC11CEC8BAD0
3744CCleaner.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_45E3C223BCF135987E4038FB6B0DBA13binary
MD5:037AE8164352CA91E80AD33054D1906D
SHA256:07C018EB07002663D5248DAA8A65EAF587955E3DB45735E7E3AC9CB13D7D664E
3744CCleaner.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ed7a5cc3cca8d52a.customDestinations-msbinary
MD5:FE59CFD6391BAA100CE301AB3A8A8F53
SHA256:97E2BCF8DEB8D9BC42C8619771AF93097B63EB8D9DAE32C386B528592880A4AA
3744CCleaner.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
SHA256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
3744CCleaner.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:BFDD5F1E34F985336D81176262D8DE8A
SHA256:64E2EF942965A27265F54575E04904C429C7B7AB81D63229DFE0DAC3DAE689DE
3744CCleaner.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:93C1626ED3CE2FC47F721288A2060C3A
SHA256:B0ECDB983B6F6B460F430959D55EB585FCFACCCA627EAC60A5D92C033D9672D7
3744CCleaner.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_45E3C223BCF135987E4038FB6B0DBA13binary
MD5:FC02378CBEFC9FA0C6D9EBA7D47AB1C7
SHA256:00B1A6F0436CA46A18E6E383FC18EF477FE479EC1A460412BCDB0DB29130AF00
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
67
DNS requests
79
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3744
CCleaner.exe
GET
200
104.124.11.16:80
http://ncc.avast.com/ncc.txt
unknown
text
26 b
unknown
3744
CCleaner.exe
GET
200
95.140.236.128:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?217779596cf7c530
unknown
compressed
4.66 Kb
unknown
3744
CCleaner.exe
GET
200
95.140.236.128:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d153f3e61d6d1b19
unknown
compressed
4.66 Kb
unknown
3744
CCleaner.exe
GET
200
95.140.236.128:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?188def5e206c7133
unknown
compressed
4.66 Kb
unknown
3744
CCleaner.exe
GET
200
142.250.186.35:80
http://ocsp.pki.goog/s/gts1d4/I2EglczjVys/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSMBFDqU0NJQdZdEGU3bkhj0FoRrQQUJeIYDrJXkZQq5dRdhpCD3lOzuJICEAi%2FlaSAK2TNEMAvaqPN6cw%3D
unknown
binary
471 b
unknown
3744
CCleaner.exe
GET
200
142.250.186.35:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
binary
1.41 Kb
unknown
3744
CCleaner.exe
GET
200
142.250.186.35:80
http://ocsp.pki.goog/s/gts1d4/HCBR1rPY_zA/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSMBFDqU0NJQdZdEGU3bkhj0FoRrQQUJeIYDrJXkZQq5dRdhpCD3lOzuJICEQCuJrycnyDuAAkjSCsH18s3
unknown
binary
472 b
unknown
3744
CCleaner.exe
GET
200
142.250.186.35:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIAjrICMzZli2TN25s%3D
unknown
binary
724 b
unknown
3744
CCleaner.exe
GET
200
142.250.186.35:80
http://ocsp.pki.goog/s/gts1d4/EZ_Epm5ijiI/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSMBFDqU0NJQdZdEGU3bkhj0FoRrQQUJeIYDrJXkZQq5dRdhpCD3lOzuJICEQDl6izFG5X1chDPk3g1%2BZDG
unknown
binary
472 b
unknown
3744
CCleaner.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
binary
471 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3744
CCleaner.exe
104.124.11.16:80
ncc.avast.com
Akamai International B.V.
DE
unknown
3744
CCleaner.exe
34.117.223.223:443
analytics.ff.avast.com
GOOGLE-CLOUD-PLATFORM
US
unknown
3744
CCleaner.exe
34.160.176.28:443
shepherd.ff.avast.com
GOOGLE
US
unknown
3744
CCleaner.exe
34.149.149.62:443
ip-info.ff.avast.com
GOOGLE
US
unknown
3744
CCleaner.exe
34.111.24.1:443
ipm-provider.ff.avast.com
GOOGLE
US
unknown
3744
CCleaner.exe
88.221.125.66:443
www.ccleaner.com
AKAMAI-AS
DE
unknown

DNS requests

Domain
IP
Reputation
ncc.avast.com
  • 104.124.11.16
  • 104.124.11.43
whitelisted
analytics.ff.avast.com
  • 34.117.223.223
whitelisted
www.ccleaner.com
  • 88.221.125.66
  • 23.211.8.159
whitelisted
ip-info.ff.avast.com
  • 34.149.149.62
whitelisted
shepherd.ff.avast.com
  • 34.160.176.28
whitelisted
ipm-provider.ff.avast.com
  • 34.111.24.1
whitelisted
ctldl.windowsupdate.com
  • 95.140.236.128
whitelisted
ocsp.pki.goog
  • 142.250.186.35
whitelisted
ipmcdn.avast.com
  • 23.199.222.253
whitelisted
ssl.google-analytics.com
  • 216.58.206.40
whitelisted

Threats

No threats detected
Process
Message
CCleaner.exe
[2023-11-07 21:31:39.805] [error ] [settings ] [ 3744: 3752] [6000C4: 356] Failed to get program directory Exception: Unable to determine program folder of product 'piriform-cc'! Code: 0x000000c0 (192)
CCleaner.exe
Failed to open log file 'C:\Program Files\CCleaner'
CCleaner.exe
OnLanguage - en
CCleaner.exe
[2023-11-07 21:31:40.427] [error ] [settings ] [ 3744: 2064] [9434E9: 359] Failed to get program directory Exception: Unable to determine program folder of product 'piriform-cc'! Code: 0x000000c0 (192)
CCleaner.exe
[2023-11-07 21:31:40.440] [error ] [Burger ] [ 3744: 2064] [FDA25D: 244] [23.1.806.0] [BurgerReporter.cpp] [244] asw::standalone_svc::BurgerReporter::BurgerSwitch: Could not read property BURGER_SETTINGS_PANCAKE_HOSTNAME (0x00000003)
CCleaner.exe
[2023-11-07 21:31:40.441] [error ] [Burger ] [ 3744: 2064] [FDA25D: 244] [23.1.806.0] [BurgerReporter.cpp] [244] asw::standalone_svc::BurgerReporter::BurgerSwitch: Could not read property BURGER_SETTINGS_PANCAKE_HOSTNAME (0x00000003)
CCleaner.exe
OnLanguage - en
CCleaner.exe
startCheckingLicense()
CCleaner.exe
OnLanguage - en
CCleaner.exe
OnLanguage - en
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
adobe.snr.patch-painter.exe