File name:

adobe.snr.patch-painter.exe

Full analysis: https://app.any.run/tasks/81c4edb7-7b68-4508-a8a3-79c5a3c51aaa
Verdict: Malicious activity
Analysis date: November 07, 2023, 21:30:51
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

0D9B7ABE952D6C1DC24750BF47969132

SHA1:

982B2CB5D46D8409BB5F0D96EFD93E7A9F8B80DA

SHA256:

9EC96E0FACF95D1A08D4761AFF436DAC8318ABD008C7284A4A22347069E8284D

SSDEEP:

12288:HGsYlWDQfy1F8jr51lc+0vhOCF1dflSc46V1tKOGmixosyuC+muDXfvIFutmOyTg:msYlWDo5c+6hVdfAcJVi6iwvIDXYhlIv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • adobe.snr.patch-painter.exe (PID: 3508)
      • CCleaner.exe (PID: 3744)

    • Steals credentials from Web Browsers

      • CCleaner.exe (PID: 3744)

    • Drops the executable file immediately after the start

      • CCleaner.exe (PID: 3744)

  • SUSPICIOUS

    • Reads the Internet Settings

      • CCleaner.exe (PID: 3884)
      • CCleaner.exe (PID: 3744)

    • Application launched itself

      • CCleaner.exe (PID: 3884)

    • Reads security settings of Internet Explorer

      • CCleaner.exe (PID: 3744)

    • Reads settings of System Certificates

      • CCleaner.exe (PID: 3744)

    • Checks Windows Trust Settings

      • CCleaner.exe (PID: 3744)

    • Searches for installed software

      • CCleaner.exe (PID: 3744)

    • Reads Microsoft Outlook installation path

      • CCleaner.exe (PID: 3744)

    • Reads Internet Explorer settings

      • CCleaner.exe (PID: 3744)

  • INFO

    • Checks supported languages

      • adobe.snr.patch-painter.exe (PID: 3508)
      • CCleaner.exe (PID: 3884)
      • CCleaner.exe (PID: 3744)
      • wmpnscfg.exe (PID: 316)

    • Reads the computer name

      • adobe.snr.patch-painter.exe (PID: 3508)
      • CCleaner.exe (PID: 3884)
      • CCleaner.exe (PID: 3744)
      • wmpnscfg.exe (PID: 316)

    • Reads Environment values

      • CCleaner.exe (PID: 3884)
      • CCleaner.exe (PID: 3744)

    • Reads the machine GUID from the registry

      • adobe.snr.patch-painter.exe (PID: 3508)
      • wmpnscfg.exe (PID: 316)
      • CCleaner.exe (PID: 3744)

    • Manual execution by a user

      • CCleaner.exe (PID: 3884)
      • wmpnscfg.exe (PID: 316)
      • msedge.exe (PID: 3800)

    • Creates files or folders in the user directory

      • CCleaner.exe (PID: 3744)

    • Checks proxy server information

      • CCleaner.exe (PID: 3744)

    • Creates files in the program directory

      • CCleaner.exe (PID: 3744)

    • Application launched itself

      • msedge.exe (PID: 1296)
      • msedge.exe (PID: 3800)

    • Reads CPU info

      • CCleaner.exe (PID: 3744)

    • Reads product name

      • CCleaner.exe (PID: 3744)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (38.2)
.exe | Win32 EXE Yoda's Crypter (37.5)
.dll | Win32 Dynamic Link Library (generic) (9.2)
.exe | Win32 Executable (generic) (6.3)
.exe | Win16/32 Executable Delphi generic (2.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1992:06:20 00:22:17+02:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 606208
InitializedDataSize: 28672
UninitializedDataSize: 1044480
EntryPoint: 0x192e70
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.5.0.0
ProductVersionNumber: 1.5.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: PainteR
FileDescription: Universal Adobe Patcher
FileVersion: 1.5.0.0
InternalName: Universal Adobe Patcher
LegalCopyright: PainteR
OriginalFileName: adobesnr.exe
ProductName: Universal Adobe Patcher
ProductVersion: 1.5.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
60
Monitored processes
17
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start adobe.snr.patch-painter.exe ccleaner.exe no specs ccleaner.exe wmpnscfg.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs adobe.snr.patch-painter.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
316"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
536"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1636 --field-trial-handle=1280,i,9109453787556032632,1049148101491812585,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1064"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2252 --field-trial-handle=1280,i,9109453787556032632,1049148101491812585,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1296"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ccleaner.com/ccleaner/update?utm_source=ccleaner&utm_medium=application&utm_campaign=/ccleaner/en-ww/toaster-campaigns_ccleaner-update_hi_variant-3&v=6.14.10584&x-acqsource=&x-flow_id=43977175-7c1b-46da-88a2-8423620bbb0c&x-aswparam=eyJwX2hpZCI6IjE5Y2U5NzBiLWY2YzAtNGEwOS1iYWU0LTI3NGI5NzE3MzBlMCIsImZsb3dfaWQiOiI0Mzk3NzE3NS03YzFiLTQ2ZGEtODhhMi04NDIzNjIwYmJiMGMiLCJhcHBWZXJzaW9uIjoiNi4xNCIsInBfcHJvIjoiOTAiLCJwX3ZiZCI6IjEwNTg0IiwicF9jcmQiOiI4MDRlMjQ0My1lMzQyLTQ2MTAtYTNjOS1mYzMzYzdmMjY4NjkiLCJwX2FscCI6IjAifQC:\Program Files\Microsoft\Edge\Application\msedge.exeCCleaner.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1840"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6957f598,0x6957f5a8,0x6957f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2320"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1404 --field-trial-handle=1268,i,16644138425015606702,5322508840997632201,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2328"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1324 --field-trial-handle=1268,i,16644138425015606702,5322508840997632201,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2388"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xf0,0x6957f598,0x6957f5a8,0x6957f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2792"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1280,i,9109453787556032632,1049148101491812585,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2836"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1280,i,9109453787556032632,1049148101491812585,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
21 979
Read events
21 681
Write events
244
Delete events
54

Modification events

(PID) Process:(3508) adobe.snr.patch-painter.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17A\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3508) adobe.snr.patch-painter.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:NodeSlots
Value:
02020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
(PID) Process:(3508) adobe.snr.patch-painter.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:MRUListEx
Value:
01000000020000000700000000000000060000000C0000000B0000000D0000000A0000000900000008000000030000000500000004000000FFFFFFFF
(PID) Process:(3508) adobe.snr.patch-painter.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:MRUListEx
Value:
07000000010000000200000000000000060000000C0000000B0000000D0000000A0000000900000008000000030000000500000004000000FFFFFFFF
(PID) Process:(3508) adobe.snr.patch-painter.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\103\Shell
Operation:writeName:SniffedFolderType
Value:
Generic
(PID) Process:(3508) adobe.snr.patch-painter.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\103\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Operation:writeName:Mode
Value:
4
(PID) Process:(3508) adobe.snr.patch-painter.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\7\1\0\1
Operation:writeName:MRUListEx
Value:
0400000003000000010000000200000000000000FFFFFFFF
(PID) Process:(3508) adobe.snr.patch-painter.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\164\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Operation:writeName:Mode
Value:
4
(PID) Process:(3508) adobe.snr.patch-painter.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\103\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Operation:writeName:LogicalViewMode
Value:
1
(PID) Process:(3508) adobe.snr.patch-painter.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\103\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Operation:writeName:FFlags
Value:
1
Executable files
6
Suspicious files
122
Text files
40
Unknown types
0

Dropped files

PID
Process
Filename
Type
3744CCleaner.exeC:\Program Files\CCleaner\gcapi_16993927003744.dllexecutable
MD5:F637D5D3C3A60FDDB5DD397556FE9B1D
SHA256:641B843CB6EE7538EC267212694C9EF0616B9AC9AB14A0ABD7CF020678D50B02
3744CCleaner.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ed7a5cc3cca8d52a.customDestinations-msbinary
MD5:FE59CFD6391BAA100CE301AB3A8A8F53
SHA256:97E2BCF8DEB8D9BC42C8619771AF93097B63EB8D9DAE32C386B528592880A4AA
3744CCleaner.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RCVJIO59GS6VOMBAT95I.tempbinary
MD5:FE59CFD6391BAA100CE301AB3A8A8F53
SHA256:97E2BCF8DEB8D9BC42C8619771AF93097B63EB8D9DAE32C386B528592880A4AA
3744CCleaner.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:BFDD5F1E34F985336D81176262D8DE8A
SHA256:64E2EF942965A27265F54575E04904C429C7B7AB81D63229DFE0DAC3DAE689DE
3744CCleaner.exeC:\Program Files\CCleaner\gcapi_dll.dllexecutable
MD5:F637D5D3C3A60FDDB5DD397556FE9B1D
SHA256:641B843CB6EE7538EC267212694C9EF0616B9AC9AB14A0ABD7CF020678D50B02
3744CCleaner.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
SHA256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
3744CCleaner.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:93C1626ED3CE2FC47F721288A2060C3A
SHA256:B0ECDB983B6F6B460F430959D55EB585FCFACCCA627EAC60A5D92C033D9672D7
3744CCleaner.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\info[1].jsonbinary
MD5:A0533DD7B3E84E1CC9E94DCDABB7F999
SHA256:48E9066DD322480FDC8B279EA375ED4CAA2C329F711865B0436F82203F89028E
3744CCleaner.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB07B2457683B1B27A2C187E0A99281F_0F621C896D9E436FB85251A5451C770Dbinary
MD5:C82187D3AEC3E53398C9ABF01247A228
SHA256:4B85B4BA3D8CD0A35566BD9645A9D0D26F535C8ACD725FCA3E3E63FAE8E423FE
3744CCleaner.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB07B2457683B1B27A2C187E0A99281F_0F621C896D9E436FB85251A5451C770Dbinary
MD5:898285B2FD36D5FBBD3B029E781C82C9
SHA256:385254023A4A9DC04CD109BC6787C5CCE0E1497863B2B5EBD51FC04D89B1EDB9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
67
DNS requests
79
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3744
CCleaner.exe
GET
200
95.140.236.128:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d153f3e61d6d1b19
unknown
compressed
4.66 Kb
unknown
3744
CCleaner.exe
GET
200
142.250.186.35:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIAjrICMzZli2TN25s%3D
unknown
binary
724 b
unknown
3744
CCleaner.exe
GET
200
104.124.11.16:80
http://ncc.avast.com/ncc.txt
unknown
text
26 b
unknown
3744
CCleaner.exe
GET
200
95.140.236.128:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?217779596cf7c530
unknown
compressed
4.66 Kb
unknown
3744
CCleaner.exe
GET
200
95.140.236.128:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?188def5e206c7133
unknown
compressed
4.66 Kb
unknown
3744
CCleaner.exe
GET
200
142.250.186.35:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
binary
1.41 Kb
unknown
3744
CCleaner.exe
GET
200
142.250.186.35:80
http://ocsp.pki.goog/s/gts1d4/EZ_Epm5ijiI/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSMBFDqU0NJQdZdEGU3bkhj0FoRrQQUJeIYDrJXkZQq5dRdhpCD3lOzuJICEQDl6izFG5X1chDPk3g1%2BZDG
unknown
binary
472 b
unknown
3744
CCleaner.exe
GET
200
142.250.186.35:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
unknown
binary
724 b
unknown
3744
CCleaner.exe
GET
200
142.250.186.35:80
http://ocsp.pki.goog/s/gts1d4/HCBR1rPY_zA/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSMBFDqU0NJQdZdEGU3bkhj0FoRrQQUJeIYDrJXkZQq5dRdhpCD3lOzuJICEQCuJrycnyDuAAkjSCsH18s3
unknown
binary
472 b
unknown
3744
CCleaner.exe
GET
200
142.250.186.35:80
http://ocsp.pki.goog/s/gts1d4/ApQzOF39EDk/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSMBFDqU0NJQdZdEGU3bkhj0FoRrQQUJeIYDrJXkZQq5dRdhpCD3lOzuJICEQDomrJT6Y%2FrFhKE4gUosvin
unknown
binary
472 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3744
CCleaner.exe
104.124.11.16:80
ncc.avast.com
Akamai International B.V.
DE
unknown
3744
CCleaner.exe
34.117.223.223:443
analytics.ff.avast.com
GOOGLE-CLOUD-PLATFORM
US
unknown
3744
CCleaner.exe
34.160.176.28:443
shepherd.ff.avast.com
GOOGLE
US
unknown
3744
CCleaner.exe
34.149.149.62:443
ip-info.ff.avast.com
GOOGLE
US
unknown
3744
CCleaner.exe
34.111.24.1:443
ipm-provider.ff.avast.com
GOOGLE
US
unknown
3744
CCleaner.exe
88.221.125.66:443
www.ccleaner.com
AKAMAI-AS
DE
unknown

DNS requests

Domain
IP
Reputation
ncc.avast.com
  • 104.124.11.16
  • 104.124.11.43
whitelisted
analytics.ff.avast.com
  • 34.117.223.223
whitelisted
www.ccleaner.com
  • 88.221.125.66
  • 23.211.8.159
whitelisted
ip-info.ff.avast.com
  • 34.149.149.62
whitelisted
shepherd.ff.avast.com
  • 34.160.176.28
whitelisted
ipm-provider.ff.avast.com
  • 34.111.24.1
whitelisted
ctldl.windowsupdate.com
  • 95.140.236.128
whitelisted
ocsp.pki.goog
  • 142.250.186.35
whitelisted
ipmcdn.avast.com
  • 23.199.222.253
whitelisted
ssl.google-analytics.com
  • 216.58.206.40
whitelisted

Threats

No threats detected
Process
Message
CCleaner.exe
[2023-11-07 21:31:39.805] [error ] [settings ] [ 3744: 3752] [6000C4: 356] Failed to get program directory Exception: Unable to determine program folder of product 'piriform-cc'! Code: 0x000000c0 (192)
CCleaner.exe
Failed to open log file 'C:\Program Files\CCleaner'
CCleaner.exe
OnLanguage - en
CCleaner.exe
[2023-11-07 21:31:40.427] [error ] [settings ] [ 3744: 2064] [9434E9: 359] Failed to get program directory Exception: Unable to determine program folder of product 'piriform-cc'! Code: 0x000000c0 (192)
CCleaner.exe
[2023-11-07 21:31:40.440] [error ] [Burger ] [ 3744: 2064] [FDA25D: 244] [23.1.806.0] [BurgerReporter.cpp] [244] asw::standalone_svc::BurgerReporter::BurgerSwitch: Could not read property BURGER_SETTINGS_PANCAKE_HOSTNAME (0x00000003)
CCleaner.exe
[2023-11-07 21:31:40.441] [error ] [Burger ] [ 3744: 2064] [FDA25D: 244] [23.1.806.0] [BurgerReporter.cpp] [244] asw::standalone_svc::BurgerReporter::BurgerSwitch: Could not read property BURGER_SETTINGS_PANCAKE_HOSTNAME (0x00000003)
CCleaner.exe
OnLanguage - en
CCleaner.exe
startCheckingLicense()
CCleaner.exe
OnLanguage - en
CCleaner.exe
OnLanguage - en
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
adobe.snr.patch-painter.exe