7c94dd6ac48c238b1f1f606eec6d3455d9190d33e7864ae0df4316f8e7f96876

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20221111-es
resource tags

arch:x64arch:x86image:win7-20221111-eslocale:es-esos:windows7-x64systemwindows
submitted
30-12-2022 03:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ccsetup602.exe
Size

47.6MB
MD5

8da8d2ac0b009ac03e6b67e3d81f37a8
SHA1

4dcd7954fe08f746505d2ead9f85f10325b9b7b2
SHA256

7c94dd6ac48c238b1f1f606eec6d3455d9190d33e7864ae0df4316f8e7f96876
SHA512

6eb16849b3e39c9f55520b3564aecd6581bfb6fa04fcf29990e7bdcab121647a43f4dd5505c1abe1eb3282e6040a53c4d3b2c9e610bf12aa30341ac603f9fb6a
SSDEEP

786432:yRzBlSAqeNvuwHZoXX3Azl0+sgTgu2fqDWL8t04fNG2zyG2J6DT3AO:yRzBlqex1H2XAz27qDCY0iwQnE6DTQO

Score

8^/10

bootkit discovery persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 7 IoCs

Processes:

CCleaner64.exeCCUpdate.exeCCUpdate.exeCCleaner64.exeCCleaner64.exeMicrostub.exeavg_antivirus_free_setup_x64.exe

pid process

1452 CCleaner64.exe
1944 CCUpdate.exe
1892 CCUpdate.exe
928 CCleaner64.exe
580 CCleaner64.exe
2544 Microstub.exe
2608 avg_antivirus_free_setup_x64.exe

pid	process
1452	CCleaner64.exe
1944	CCUpdate.exe
1892	CCUpdate.exe
928	CCleaner64.exe
580	CCleaner64.exe
2544	Microstub.exe
2608	avg_antivirus_free_setup_x64.exe

Loads dropped DLL 46 IoCs

Processes:

ccsetup602.exeCCUpdate.exeCCleaner64.exeCCUpdate.exeCCleaner64.exeCCleaner64.exeMicrostub.exe

pid	process
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1288
1288
1288
1288
1360	ccsetup602.exe
1288
1360	ccsetup602.exe
1288
1944	CCUpdate.exe
1944	CCUpdate.exe
1452	CCleaner64.exe
1944	CCUpdate.exe
1892	CCUpdate.exe
1892	CCUpdate.exe
1892	CCUpdate.exe
1892	CCUpdate.exe
1892	CCUpdate.exe
928	CCleaner64.exe
928	CCleaner64.exe
928	CCleaner64.exe
580	CCleaner64.exe
580	CCleaner64.exe
1288
1288
580	CCleaner64.exe
2544	Microstub.exe
2544	Microstub.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

CCUpdate.exeCCleaner64.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ccleaner_update_helper = "C:\\Program Files\\CCleaner\\ccleaner_update_helper.exe"	CCUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run\CCleaner Smart Cleaning = "\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR"	CCleaner64.exe

Checks for any installed AV software in registry 1 TTPs 12 IoCs

Security Software Discovery

T1063

Processes:

CCleaner64.exeCCleaner64.exe

description	ioc	process
Key opened	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\SOFTWARE\Avira\AntiVirus	CCleaner64.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avira\Speedup	CCleaner64.exe
Key opened	\REGISTRY\MACHINE\Software\Avast Software\Avast	CCleaner64.exe
Key opened	\REGISTRY\MACHINE\Software\Wow6432Node\AVAST Software\Avast	CCleaner64.exe
Key opened	\REGISTRY\MACHINE\Software\Wow6432Node\AVAST Software\Avast	CCleaner64.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avira\AntiVir Desktop	CCleaner64.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Avira\AntiVir Desktop	CCleaner64.exe
Key opened	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Avast Software\Avast	CCleaner64.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	CCleaner64.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	CCleaner64.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Avira\Speedup	CCleaner64.exe
Key opened	\REGISTRY\MACHINE\Software\Wow6432Node\Avast Software\Avast	CCleaner64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Writes to the Master Boot Record (MBR) 1 TTPs 7 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

Processes:

CCleaner64.exeCCUpdate.exeCCleaner64.exeCCleaner64.exeMicrostub.execcsetup602.exeCCUpdate.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	CCleaner64.exe
File opened for modification	\??\PhysicalDrive0	CCUpdate.exe
File opened for modification	\??\PhysicalDrive0	CCleaner64.exe
File opened for modification	\??\PhysicalDrive0	CCleaner64.exe
File opened for modification	\??\PhysicalDrive0	Microstub.exe
File opened for modification	\??\PhysicalDrive0	ccsetup602.exe
File opened for modification	\??\PhysicalDrive0	CCUpdate.exe

Drops file in Program Files directory 64 IoCs

Processes:

ccsetup602.exeCCleaner64.exeCCUpdate.exeCCleaner64.exeCCleaner64.exe

description	ioc	process
File created	C:\Program Files\CCleaner\Lang\lang-1081.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-1090.dll	ccsetup602.exe
File opened for modification	C:\Program Files\CCleaner\LOG\DriverUpdaterLib.log	CCleaner64.exe
File created	C:\Program Files\CCleaner\Lang\lang-1046.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-1054.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-1079.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-1109.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-1034.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-1035.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-1051.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Setup\928cfd48-2854-4536-b41e-bc227a18f063.ini	CCUpdate.exe
File opened for modification	C:\Program Files\CCleaner	CCleaner64.exe
File created	C:\Program Files\CCleaner\temp_ccupdate\ccupdate607_free.exe	CCleaner64.exe
File created	C:\Program Files\CCleaner\Lang\lang-1155.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-2070.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-1087.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-1092.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-3098.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\CCleanerReactivator.dll	ccsetup602.exe
File opened for modification	C:\Program Files\CCleaner	CCleaner64.exe
File created	C:\Program Files\CCleaner\Lang\lang-1031.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-1044.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-1063.dll	ccsetup602.exe
File opened for modification	C:\Program Files\CCleaner\temp_ccupdate\update.ini	CCleaner64.exe
File created	C:\Program Files\CCleaner\Lang\lang-1060.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\CCleanerDU.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Setup\c56b319f-6a20-4c20-bc89-5e5e0537c0d1\ccleaner_update_helper.exe	CCUpdate.exe
File opened for modification	C:\Program Files\CCleaner\ccleaner_update_helper.exe	CCUpdate.exe
File created	C:\Program Files\CCleaner\gcapi_dll.dll	CCleaner64.exe
File created	C:\Program Files\CCleaner\Lang\lang-1027.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-1032.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-1041.dll	ccsetup602.exe
File opened for modification	C:\Program Files\CCleaner\LOG\event_manager.log	CCleaner64.exe
File created	C:\Program Files\CCleaner\Lang\lang-1056.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-9999.dll	ccsetup602.exe
File opened for modification	C:\Program Files\CCleaner\Setup\c56b319f-6a20-4c20-bc89-5e5e0537c0d1\update.xml	CCUpdate.exe
File opened for modification	C:\Program Files\CCleaner\LOG\DriverUpdaterLib.log	CCleaner64.exe
File created	C:\Program Files\CCleaner\LOG\event_manager.log.tmp.2b0d3d1d-80f4-4f13-81e5-23f2f36fb962	CCleaner64.exe
File created	C:\Program Files\CCleaner\CCleaner.exe	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-1036.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-1049.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-1040.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\CCleanerPerformanceOptimizer.dll	ccsetup602.exe
File opened for modification	C:\Program Files\CCleaner	CCleaner64.exe
File created	C:\Program Files\CCleaner\Lang\lang-1025.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-1029.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-1030.dll	ccsetup602.exe
File opened for modification	C:\Program Files\CCleaner\Setup\c56b319f-6a20-4c20-bc89-5e5e0537c0d1	CCUpdate.exe
File created	C:\Program Files\CCleaner\Lang\lang-1038.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-1104.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\uninst.exe	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-1071.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-2052.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-2074.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-5146.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Setup\16429451-18c4-4f98-90c3-89e78606c22e.cab	CCUpdate.exe
File created	C:\Program Files\CCleaner\Lang\lang-1037.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-1042.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-1067.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\LOG\DriverUpdaterLib.log.tmp.b7d01aba-72da-45f7-999c-fbc43b5c901d	CCleaner64.exe
File opened for modification	C:\Program Files\CCleaner\setup\config.ini	CCleaner64.exe
File created	C:\Program Files\CCleaner\Lang\lang-1059.dll	ccsetup602.exe
File created	C:\Program Files\CCleaner\Lang\lang-1068.dll	ccsetup602.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 23 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

CCleaner64.exeCCleaner64.exeCCleaner64.execcsetup602.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	CCleaner64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	CCleaner64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	CCleaner64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	CCleaner64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	CCleaner64.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor	CCleaner64.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	CCleaner64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	CCleaner64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	CCleaner64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	ccsetup602.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	CCleaner64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	CCleaner64.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	CCleaner64.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor	CCleaner64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	ccsetup602.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	ccsetup602.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	CCleaner64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	CCleaner64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	CCleaner64.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	CCleaner64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	CCleaner64.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	CCleaner64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	CCleaner64.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3063"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com\Total = "3063"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com\Total = "3326"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com\Total = "3514"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ccleaner.com\ = "45"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com\Total = "3027"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3045"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3514"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ccleaner.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com\Total = "13"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3027"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ccleaner.com\ = "3027"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "2982"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "4020"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D4702841-87F9-11ED-9480-4E0367406D10} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ccleaner.com\ = "25"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "45"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3326"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ccleaner.com\ = "3326"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ccleaner.com\ = "13"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ccleaner.com\ = "3045"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com\Total = "4020"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com\Total = "25"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com\Total = "45"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ccleaner.com\ = "2982"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com\Total = "2982"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "13"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ccleaner.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ccleaner.com\ = "3063"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com\Total = "3045"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ccleaner.com\ = "4020"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Modifies data under HKEY_USERS 18 IoCs

Processes:

ccsetup602.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-20\Software\Piriform	ccsetup602.exe
Set value (str)	\REGISTRY\USER\S-1-5-20\Software\Piriform\CCleaner\Brandover = "0"	ccsetup602.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	ccsetup602.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Piriform\CCleaner\AutoICS = "1"	ccsetup602.exe
Key created	\REGISTRY\USER\S-1-5-19\Software	ccsetup602.exe
Key created	\REGISTRY\USER\S-1-5-20\Software	ccsetup602.exe
Key created	\REGISTRY\USER\.DEFAULT	ccsetup602.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Piriform	ccsetup602.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Piriform\CCleaner\Brandover = "0"	ccsetup602.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Piriform\CCleaner	ccsetup602.exe
Set value (str)	\REGISTRY\USER\S-1-5-20\Software\Piriform\CCleaner\AutoICS = "1"	ccsetup602.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Piriform\CCleaner	ccsetup602.exe
Key created	\REGISTRY\USER\S-1-5-19	ccsetup602.exe
Set value (str)	\REGISTRY\USER\S-1-5-19\Software\Piriform\CCleaner\Brandover = "0"	ccsetup602.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Piriform\CCleaner	ccsetup602.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Piriform	ccsetup602.exe
Set value (str)	\REGISTRY\USER\S-1-5-19\Software\Piriform\CCleaner\AutoICS = "1"	ccsetup602.exe
Key created	\REGISTRY\USER\S-1-5-20	ccsetup602.exe

Modifies registry class 26 IoCs

Processes:

ccsetup602.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_Classes\Software\Piriform\CCleaner	ccsetup602.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Software	ccsetup602.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Software\Piriform	ccsetup602.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Ejecutar CCleaner\command	ccsetup602.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Abrir CCleaner...\command	ccsetup602.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell	ccsetup602.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell\	ccsetup602.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Abrir CCleaner...\command\ = "C:\\Program Files\\CCleaner\\ccleaner.exe /FRB"	ccsetup602.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch	ccsetup602.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\URL Protocol	ccsetup602.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell\open\command	ccsetup602.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Ejecutar CCleaner\command	ccsetup602.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Ejecutar CCleaner	ccsetup602.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Ejecutar CCleaner\command\ = "C:\\Program Files\\CCleaner\\ccleaner.exe /AUTORB"	ccsetup602.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Abrir CCleaner...\command	ccsetup602.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Software\Piriform\CCleaner\AutoICS = "1"	ccsetup602.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell\open\	ccsetup602.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell\open\command\ = "\"C:\\Program Files\\CCleaner\\ccleaner.exe\" /%1"	ccsetup602.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Software\Piriform\CCleaner	ccsetup602.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Software\Piriform\CCleaner\Brandover = "0"	ccsetup602.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	ccsetup602.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}	ccsetup602.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Abrir CCleaner...	ccsetup602.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell\open	ccsetup602.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell	ccsetup602.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\ = "URL: CCleaner Protocol"	ccsetup602.exe

Modifies system certificate store 2 TTPs 19 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

ccsetup602.exeCCleaner64.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	ccsetup602.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	ccsetup602.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	ccsetup602.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	CCleaner64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	ccsetup602.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	ccsetup602.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	ccsetup602.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	CCleaner64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	CCleaner64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	CCleaner64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	CCleaner64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	ccsetup602.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	ccsetup602.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	ccsetup602.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	ccsetup602.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d4304000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	CCleaner64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	ccsetup602.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	ccsetup602.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	ccsetup602.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

ccsetup602.exeCCleaner64.exeCCleaner64.exeCCleaner64.exe

pid	process
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1452	CCleaner64.exe
1452	CCleaner64.exe
1452	CCleaner64.exe
1452	CCleaner64.exe
1452	CCleaner64.exe
1452	CCleaner64.exe
1452	CCleaner64.exe
1452	CCleaner64.exe
1452	CCleaner64.exe
1452	CCleaner64.exe
1452	CCleaner64.exe
1452	CCleaner64.exe
1452	CCleaner64.exe
1452	CCleaner64.exe
1452	CCleaner64.exe
1452	CCleaner64.exe
928	CCleaner64.exe
928	CCleaner64.exe
928	CCleaner64.exe
928	CCleaner64.exe
928	CCleaner64.exe
928	CCleaner64.exe
928	CCleaner64.exe
928	CCleaner64.exe
928	CCleaner64.exe
928	CCleaner64.exe
928	CCleaner64.exe
928	CCleaner64.exe
928	CCleaner64.exe
928	CCleaner64.exe
928	CCleaner64.exe
928	CCleaner64.exe
928	CCleaner64.exe
928	CCleaner64.exe
928	CCleaner64.exe
928	CCleaner64.exe
928	CCleaner64.exe
580	CCleaner64.exe
580	CCleaner64.exe
580	CCleaner64.exe
580	CCleaner64.exe
580	CCleaner64.exe
580	CCleaner64.exe
580	CCleaner64.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

Processes:

ccsetup602.exeCCUpdate.exeCCUpdate.exeCCleaner64.exe

description	pid	process
Token: SeShutdownPrivilege	1360	ccsetup602.exe
Token: SeShutdownPrivilege	1360	ccsetup602.exe
Token: SeManageVolumePrivilege	1360	ccsetup602.exe
Token: SeManageVolumePrivilege	1360	ccsetup602.exe
Token: SeRestorePrivilege	1360	ccsetup602.exe
Token: SeShutdownPrivilege	1944	CCUpdate.exe
Token: SeShutdownPrivilege	1892	CCUpdate.exe
Token: SeManageVolumePrivilege	928	CCleaner64.exe
Token: SeShutdownPrivilege	928	CCleaner64.exe
Token: SeShutdownPrivilege	928	CCleaner64.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

iexplore.exeCCleaner64.exe

pid process

2036 iexplore.exe
580 CCleaner64.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

CCleaner64.exe

pid process

580 CCleaner64.exe

pid	process
2036	iexplore.exe
580	CCleaner64.exe

pid	process
580	CCleaner64.exe

Suspicious use of SetWindowsHookEx 17 IoCs

Processes:

ccsetup602.exeiexplore.exeIEXPLORE.EXECCleaner64.exeCCleaner64.exe

pid	process
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
1360	ccsetup602.exe
2036	iexplore.exe
2036	iexplore.exe
1724	IEXPLORE.EXE
1724	IEXPLORE.EXE
928	CCleaner64.exe
928	CCleaner64.exe
928	CCleaner64.exe
928	CCleaner64.exe
580	CCleaner64.exe
580	CCleaner64.exe
928	CCleaner64.exe
928	CCleaner64.exe
928	CCleaner64.exe

Suspicious use of WriteProcessMemory 44 IoCs

Processes:

ccsetup602.exeCCUpdate.exeiexplore.exeCCleaner64.exeMicrostub.exe

description	pid	process	target process
PID 1360 wrote to memory of 1452	1360	ccsetup602.exe	CCleaner64.exe
PID 1360 wrote to memory of 1452	1360	ccsetup602.exe	CCleaner64.exe
PID 1360 wrote to memory of 1452	1360	ccsetup602.exe	CCleaner64.exe
PID 1360 wrote to memory of 1452	1360	ccsetup602.exe	CCleaner64.exe
PID 1360 wrote to memory of 1944	1360	ccsetup602.exe	CCUpdate.exe
PID 1360 wrote to memory of 1944	1360	ccsetup602.exe	CCUpdate.exe
PID 1360 wrote to memory of 1944	1360	ccsetup602.exe	CCUpdate.exe
PID 1360 wrote to memory of 1944	1360	ccsetup602.exe	CCUpdate.exe
PID 1360 wrote to memory of 1944	1360	ccsetup602.exe	CCUpdate.exe
PID 1360 wrote to memory of 1944	1360	ccsetup602.exe	CCUpdate.exe
PID 1360 wrote to memory of 1944	1360	ccsetup602.exe	CCUpdate.exe
PID 1944 wrote to memory of 1892	1944	CCUpdate.exe	CCUpdate.exe
PID 1944 wrote to memory of 1892	1944	CCUpdate.exe	CCUpdate.exe
PID 1944 wrote to memory of 1892	1944	CCUpdate.exe	CCUpdate.exe
PID 1944 wrote to memory of 1892	1944	CCUpdate.exe	CCUpdate.exe
PID 1944 wrote to memory of 1892	1944	CCUpdate.exe	CCUpdate.exe
PID 1944 wrote to memory of 1892	1944	CCUpdate.exe	CCUpdate.exe
PID 1944 wrote to memory of 1892	1944	CCUpdate.exe	CCUpdate.exe
PID 1360 wrote to memory of 2036	1360	ccsetup602.exe	iexplore.exe
PID 1360 wrote to memory of 2036	1360	ccsetup602.exe	iexplore.exe
PID 1360 wrote to memory of 2036	1360	ccsetup602.exe	iexplore.exe
PID 1360 wrote to memory of 2036	1360	ccsetup602.exe	iexplore.exe
PID 1360 wrote to memory of 928	1360	ccsetup602.exe	CCleaner64.exe
PID 1360 wrote to memory of 928	1360	ccsetup602.exe	CCleaner64.exe
PID 1360 wrote to memory of 928	1360	ccsetup602.exe	CCleaner64.exe
PID 1360 wrote to memory of 928	1360	ccsetup602.exe	CCleaner64.exe
PID 2036 wrote to memory of 1724	2036	iexplore.exe	IEXPLORE.EXE
PID 2036 wrote to memory of 1724	2036	iexplore.exe	IEXPLORE.EXE
PID 2036 wrote to memory of 1724	2036	iexplore.exe	IEXPLORE.EXE
PID 2036 wrote to memory of 1724	2036	iexplore.exe	IEXPLORE.EXE
PID 928 wrote to memory of 580	928	CCleaner64.exe	CCleaner64.exe
PID 928 wrote to memory of 580	928	CCleaner64.exe	CCleaner64.exe
PID 928 wrote to memory of 580	928	CCleaner64.exe	CCleaner64.exe
PID 928 wrote to memory of 2544	928	CCleaner64.exe	Microstub.exe
PID 928 wrote to memory of 2544	928	CCleaner64.exe	Microstub.exe
PID 928 wrote to memory of 2544	928	CCleaner64.exe	Microstub.exe
PID 928 wrote to memory of 2544	928	CCleaner64.exe	Microstub.exe
PID 928 wrote to memory of 2544	928	CCleaner64.exe	Microstub.exe
PID 928 wrote to memory of 2544	928	CCleaner64.exe	Microstub.exe
PID 928 wrote to memory of 2544	928	CCleaner64.exe	Microstub.exe
PID 2544 wrote to memory of 2608	2544	Microstub.exe	avg_antivirus_free_setup_x64.exe
PID 2544 wrote to memory of 2608	2544	Microstub.exe	avg_antivirus_free_setup_x64.exe
PID 2544 wrote to memory of 2608	2544	Microstub.exe	avg_antivirus_free_setup_x64.exe
PID 2544 wrote to memory of 2608	2544	Microstub.exe	avg_antivirus_free_setup_x64.exe

C:\Users\Admin\AppData\Local\Temp\ccsetup602.exe
"C:\Users\Admin\AppData\Local\Temp\ccsetup602.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Checks processor information in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1360

C:\Program Files\CCleaner\CCleaner64.exe
"C:\Program Files\CCleaner\CCleaner64.exe" /createSkipUAC
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:1452

C:\Program Files\CCleaner\CCUpdate.exe
"C:\Program Files\CCleaner\CCUpdate.exe" /reg
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1944

C:\Program Files\CCleaner\CCUpdate.exe
CCUpdate.exe /emupdater /applydll "C:\Program Files\CCleaner\Setup\650428af-1f04-4c52-bed0-bbdf81553ccb.dll"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of AdjustPrivilegeToken
PID:1892

C:\Program Files\CCleaner\CCleaner64.exe
"C:\Program Files\CCleaner\CCleaner64.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Checks processor information in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:928

C:\Program Files\CCleaner\CCleaner64.exe
"C:\Program Files\CCleaner\CCleaner64.exe" /monitor
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:580

C:\Users\Admin\AppData\Local\Temp\{_av_312d9252-c71c-4c84-b171-f4ad46e22098}\Microstub.exe
"C:\Users\Admin\AppData\Local\Temp\{_av_312d9252-c71c-4c84-b171-f4ad46e22098}\Microstub.exe" /silent /ws /cookie:mmm_ccl_prm_006_675_a
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of WriteProcessMemory
PID:2544

C:\Windows\Temp\asw.cd3781e18c14a4fa\avg_antivirus_free_setup_x64.exe
"C:\Windows\Temp\asw.cd3781e18c14a4fa\avg_antivirus_free_setup_x64.exe" /silent /ws /cookie:mmm_ccl_prm_006_675_a /cookie:mmm_ccl_prm_006_675_a /ga_clientid:02524571-ccd0-4f4f-baee-15281342f7b6 /edat_dir:C:\Windows\Temp\asw.cd3781e18c14a4fa
4⤵
- Executes dropped EXE
PID:2608

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1034&b=1&a=0
2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2036

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2036 CREDAT:275457 /prefetch:2
3⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1724

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Security Software Discovery

T1063

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\CCleaner\CCUpdate.exe

Filesize
668KB

MD5
21d34c75fd0b462067d408ba8b6bf765

SHA1
4047539c78ae99bd7cf7760ce137b9878174fa04

SHA256
721ee7b402ce1ea6a69ed90f2501dfa003725d1135136ac88762307ad0f426c0

SHA512
f0754b3007f9dd2bfec14b33697dfaf9c75e637df3fa85c490e9cbe762db388696ae06c9e81bec195cd7d3d773f9e928e3fe76e597fb63bf3fc50b63e9d5eedd

Download Submit
C:\Program Files\CCleaner\CCUpdate.exe

Filesize
668KB

MD5
21d34c75fd0b462067d408ba8b6bf765

SHA1
4047539c78ae99bd7cf7760ce137b9878174fa04

SHA256
721ee7b402ce1ea6a69ed90f2501dfa003725d1135136ac88762307ad0f426c0

SHA512
f0754b3007f9dd2bfec14b33697dfaf9c75e637df3fa85c490e9cbe762db388696ae06c9e81bec195cd7d3d773f9e928e3fe76e597fb63bf3fc50b63e9d5eedd

Download Submit
C:\Program Files\CCleaner\CCleaner.exe

Filesize
29.7MB

MD5
474435602234a30251651b45c778013c

SHA1
abff0f49543dec547f62ee3e6b783af7a7468f2a

SHA256
feab65615be9717f5ea44ede37405405a5f125a4fa04d0cdc74258fb97eba394

SHA512
4bc695a5a6d91f51a3256512f4141d0fa8eb86611e5349c5e245d00ff8114a8899864911a1eadfe14ffe06d013286bf0c8d3a7c39c0599f2295f0a6d77ae1540

Download Submit
C:\Program Files\CCleaner\CCleaner64.exe

Filesize
35.3MB

MD5
432c60b59b04954a287c328a482b9765

SHA1
1205a855f890f61e1b4cc115c7797f9d57061c0a

SHA256
fae034105c48f628764d8adb38d67f0a459378c69e3e0b6702bbbf296e818479

SHA512
ddd43418bb03d8018a74958c54e552ebe811f81e5495359075012e4fe76f5be1b9d16b17344844f15d7bc085fca10bac8e41c3fdd9eb9369b4a943ff1e4d6a11

Download Submit
C:\Program Files\CCleaner\CCleaner64.exe

Filesize
35.3MB

MD5
432c60b59b04954a287c328a482b9765

SHA1
1205a855f890f61e1b4cc115c7797f9d57061c0a

SHA256
fae034105c48f628764d8adb38d67f0a459378c69e3e0b6702bbbf296e818479

SHA512
ddd43418bb03d8018a74958c54e552ebe811f81e5495359075012e4fe76f5be1b9d16b17344844f15d7bc085fca10bac8e41c3fdd9eb9369b4a943ff1e4d6a11

Download Submit
C:\Program Files\CCleaner\CCleaner64.exe

Filesize
35.3MB

MD5
432c60b59b04954a287c328a482b9765

SHA1
1205a855f890f61e1b4cc115c7797f9d57061c0a

SHA256
fae034105c48f628764d8adb38d67f0a459378c69e3e0b6702bbbf296e818479

SHA512
ddd43418bb03d8018a74958c54e552ebe811f81e5495359075012e4fe76f5be1b9d16b17344844f15d7bc085fca10bac8e41c3fdd9eb9369b4a943ff1e4d6a11

Download Submit
C:\Program Files\CCleaner\CCleanerDU.dll

Filesize
8.0MB

MD5
b20841fd867e8b330e7f95bfa932eac0

SHA1
b5e5fc1b6021694a94a4309cfa227e8ce4857888

SHA256
f3dba3e1812afff0301f258b6d2a0af6dfdc97f3eb594ea2a1baaa80cc3dfc19

SHA512
46e910472607b03e53d261409c072216adecfddd87fa3ef25c3f85f383219dedc9de51802701461510f0b5a709dd37b59860bf6e61da2d6df8c6742f251c0a08

Download Submit
C:\Program Files\CCleaner\CCleanerPerformanceOptimizer.dll

Filesize
6.6MB

MD5
8bb396b3816d68d457c63ce681292ee2

SHA1
1ef3a27516bf27caabd8ad67ed622deb4dd8515a

SHA256
399a31bc0d0403172dc17051bfbe03b8e3e1ddd67a2e5a551487feb7a31d8e9a

SHA512
e431d74b2507fb1e1ebaf0e8a0e7a11117d305221a0308970bf4dc874da8304d50d039c71b4869542640f5cf9bda58befefa28b3b4a7ea83f9b95d161344f5c0

Download Submit
C:\Program Files\CCleaner\Setup\650428af-1f04-4c52-bed0-bbdf81553ccb.dll

Filesize
469KB

MD5
fe6f58fb55d9a93502528c3c9bb13a3f

SHA1
516275dddbc9e2f056342201b03a0931d93a6239

SHA256
c427bcf6b065edf06662e0540e3e9a21c07095184e7bb9d05926dc3b79fc3348

SHA512
7f45f187d6c3156b89e2daf0c2bfdc60a59140ff94f8255fa672422abc43aa1252b0fe0fa0a3ef675f9e71c33b26424597c015db83dec7f5e20ee8769c61c619

Download Submit
C:\Program Files\CCleaner\lang\lang-1034.dll

Filesize
235KB

MD5
2f8e0b9811cfa17e4f1049f667b90615

SHA1
18f016e0434baf4a23b0b5ad3a2e407307c655d8

SHA256
782ee3da476af0824be9e1c2a6482eca71d9a8982eca701714ed13eb89f2486a

SHA512
f58e6b7e2cfd2da3389ac61b7c5ee95c67f90b7b564b867cc5c24c1152eb0457ae22b9c1814a89994168cc0c6ce986844cfdd2f1fa77e8cb1c07302d1d164aaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6

Filesize
471B

MD5
2456c297983e27e6cf72321f4cf6f07c

SHA1
3918b576897cb95f231db1da4df132a5c6bfe7a6

SHA256
89f07ba56710c51e6f36c4b5bfcd34aedc4a63b5380d18a5d59c71612b66e016

SHA512
e6d4ea0fee288f1b51c54f5f7dd8b34dd8cbb9ee4ecb9e87476b910137b12423b0430b7deb54cb04863f32fff0e3f050bc73fa9209baac8c7b143a463a483b97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

Filesize
471B

MD5
adc5ed0738548c828d827a62c7586dbc

SHA1
28c072f4c7f6526d27a51c63e957332b21cdcd0b

SHA256
104987acc4bf53d5922718ce13064134318fc8ec9c68f80c88b92b106c9bb345

SHA512
2243cc69a7caf7af8d27c029cdb6411daf33a88668d41bf2e2450e497201f32effa85546058477162a9983699829d24ce17d7a40e2fd6e9061f403764ad7b566

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6

Filesize
434B

MD5
6d2c0ea5f401544040226400d12f5a9a

SHA1
5a128a72806ce3a9f2aeba321bddb6dacdd90049

SHA256
ca0fc4cb9b8ae3f9bdb6e08ab3218e7ef041ea5d60e9375df070f9c408f6c6fb

SHA512
35dff760dd28a328608f9b12789f2699baf0f33914cf618257c855b84399a2cf1597f88e104941db4d5a1890e09eb4648e91a21b713a5b64fca2db3bebf8699e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a9ff8222e63c64e9f720f8970d1223f

SHA1
08ab066899e4cf82de1f8ddd407b346cb62fcb81

SHA256
8f60431a8a16473dff306e484860323c3f9be707b53c88fb8caa6323e3b04d28

SHA512
fa9ace966824bd333e359e668908ca285e21f227a4b27914bc0665ad85ff5178c9d6705ba4751e6ede81b97d111a4242313a0546d912e8c0e4b090a695a27b52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb231cb92bcbb181c72e92439bef587d

SHA1
bdedacbb1df907e2f944f7520a756e9040fa8c6a

SHA256
190b4d7bcce4d3db4f43f0c73d09da59b80ba875bc6973b67bead05ca1a3a4bf

SHA512
dd9cf88efab49698fc6eee94c0fa335161f77ff293d4af8f8c7d1f5863e759f1cd57bc76b1d1e2a077dd93a4398fbb99f40f0f5a31142d44f0e3869c00ab3360

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
800dd00f7595b6dbe14e67e586da6b29

SHA1
76b84c98daa211ba23823b5a05db1f7bf2a710b9

SHA256
cc034163fd9598743820c181a2a4a57235d2ff82e35dff6e8d769af36933eafb

SHA512
73ce14db685abea7b6a9bb58a14997b71ab83e08aaffb58d5147d32ef0750f98a372b36ea2c931657271509e335885cdaf4601ef9d6198649385e3b970fbbc7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02a3cf765b031a764c2965bd48ef1502

SHA1
5bb73ffc1be0ca5ac6f46582e379f5130a50e67d

SHA256
5b2d3915250b94a0be5b84f4761aa2234884d8c81efe9911e5b552119fd4aac7

SHA512
efd3266b236521d3012102dff8145ffa157a8e2065e4950a0e111687bc24a55ea07e6fb4fbfea73354cae0a6dc78546d6c31fbd1477f9012404711c56272684b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d684fca3beba6c6f8df563ed2a00d6b5

SHA1
a75d8a3ae90b6803c0fb75061e89e374b18480e8

SHA256
f2aa3841288551cb2ae536edf9c3a1c7c4709c3f1e8a79a4e1e6c4430c1e7039

SHA512
d24497ea807ad3f6d0b0e78fbe5d2bc7a94eb3ef83fee6eea73f947ce417c6e1bbb282df396271e17859b917b2abcb7486c482fbfb3332e0ac9ef1615d3e4496

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

Filesize
426B

MD5
28a04d688756026926a2680960f6591f

SHA1
fbf9e65a11c034c82480c9ffc6372a6fc5a2000b

SHA256
31a2d8031adfd5721629770decfed78eaea38482a843caa68046fc1cde30d688

SHA512
9f0fbf21a38bfcf7141ec11a757b41498a47779317ba7e1a6a5adc09610afa1defbf51fc3558999f7c65439962ccfbf99777deabddbcfb4d63cad10e6d498734

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
177b24b63aed740b358d0f737899c2dc

SHA1
b6e9d3178cf3924fcf3c1a360960003f10a08a48

SHA256
3422c854e4f8c915ff872199305e2652f629305583fcee54f395e15996e4f61e

SHA512
8d9556c27a6e0fbf3120b4a1071745943c26f91628cad7c648ffeb184cb200154b5b83c82b7e3f6d412e1aa199563a61e893f365c9c3cf53a9972f9e1975da93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
f09824c83fe51cc9d2b172dbc6097155

SHA1
3b0a069a25d8d3928ca389acb2b4a1da0d2a7962

SHA256
5947880c90577c8d6e4d7271dbea29599192efead2b477b93539cc84404663ac

SHA512
79e39766043ca5c108ea6ebea7867ab9b8832cfdea17c7ebca3b5c5fd342aa1ec218173530e569c070afa7592f6537f1297771c1f3411ff45e13fea34931ac85

Download Submit
\Program Files\CCleaner\CCUpdate.exe

Filesize
668KB

MD5
21d34c75fd0b462067d408ba8b6bf765

SHA1
4047539c78ae99bd7cf7760ce137b9878174fa04

SHA256
721ee7b402ce1ea6a69ed90f2501dfa003725d1135136ac88762307ad0f426c0

SHA512
f0754b3007f9dd2bfec14b33697dfaf9c75e637df3fa85c490e9cbe762db388696ae06c9e81bec195cd7d3d773f9e928e3fe76e597fb63bf3fc50b63e9d5eedd

Download Submit
\Program Files\CCleaner\CCUpdate.exe

Filesize
668KB

MD5
21d34c75fd0b462067d408ba8b6bf765

SHA1
4047539c78ae99bd7cf7760ce137b9878174fa04

SHA256
721ee7b402ce1ea6a69ed90f2501dfa003725d1135136ac88762307ad0f426c0

SHA512
f0754b3007f9dd2bfec14b33697dfaf9c75e637df3fa85c490e9cbe762db388696ae06c9e81bec195cd7d3d773f9e928e3fe76e597fb63bf3fc50b63e9d5eedd

Download Submit
\Program Files\CCleaner\CCleaner.exe

Filesize
29.7MB

MD5
474435602234a30251651b45c778013c

SHA1
abff0f49543dec547f62ee3e6b783af7a7468f2a

SHA256
feab65615be9717f5ea44ede37405405a5f125a4fa04d0cdc74258fb97eba394

SHA512
4bc695a5a6d91f51a3256512f4141d0fa8eb86611e5349c5e245d00ff8114a8899864911a1eadfe14ffe06d013286bf0c8d3a7c39c0599f2295f0a6d77ae1540

Download Submit
\Program Files\CCleaner\CCleaner.exe

Filesize
29.7MB

MD5
474435602234a30251651b45c778013c

SHA1
abff0f49543dec547f62ee3e6b783af7a7468f2a

SHA256
feab65615be9717f5ea44ede37405405a5f125a4fa04d0cdc74258fb97eba394

SHA512
4bc695a5a6d91f51a3256512f4141d0fa8eb86611e5349c5e245d00ff8114a8899864911a1eadfe14ffe06d013286bf0c8d3a7c39c0599f2295f0a6d77ae1540

Download Submit
\Program Files\CCleaner\CCleaner.exe

Filesize
29.7MB

MD5
474435602234a30251651b45c778013c

SHA1
abff0f49543dec547f62ee3e6b783af7a7468f2a

SHA256
feab65615be9717f5ea44ede37405405a5f125a4fa04d0cdc74258fb97eba394

SHA512
4bc695a5a6d91f51a3256512f4141d0fa8eb86611e5349c5e245d00ff8114a8899864911a1eadfe14ffe06d013286bf0c8d3a7c39c0599f2295f0a6d77ae1540

Download Submit
\Program Files\CCleaner\CCleaner.exe

Filesize
29.7MB

MD5
474435602234a30251651b45c778013c

SHA1
abff0f49543dec547f62ee3e6b783af7a7468f2a

SHA256
feab65615be9717f5ea44ede37405405a5f125a4fa04d0cdc74258fb97eba394

SHA512
4bc695a5a6d91f51a3256512f4141d0fa8eb86611e5349c5e245d00ff8114a8899864911a1eadfe14ffe06d013286bf0c8d3a7c39c0599f2295f0a6d77ae1540

Download Submit
\Program Files\CCleaner\CCleaner.exe

Filesize
29.7MB

MD5
474435602234a30251651b45c778013c

SHA1
abff0f49543dec547f62ee3e6b783af7a7468f2a

SHA256
feab65615be9717f5ea44ede37405405a5f125a4fa04d0cdc74258fb97eba394

SHA512
4bc695a5a6d91f51a3256512f4141d0fa8eb86611e5349c5e245d00ff8114a8899864911a1eadfe14ffe06d013286bf0c8d3a7c39c0599f2295f0a6d77ae1540

Download Submit
\Program Files\CCleaner\CCleaner.exe

Filesize
29.7MB

MD5
474435602234a30251651b45c778013c

SHA1
abff0f49543dec547f62ee3e6b783af7a7468f2a

SHA256
feab65615be9717f5ea44ede37405405a5f125a4fa04d0cdc74258fb97eba394

SHA512
4bc695a5a6d91f51a3256512f4141d0fa8eb86611e5349c5e245d00ff8114a8899864911a1eadfe14ffe06d013286bf0c8d3a7c39c0599f2295f0a6d77ae1540

Download Submit
\Program Files\CCleaner\CCleaner64.exe

Filesize
35.3MB

MD5
432c60b59b04954a287c328a482b9765

SHA1
1205a855f890f61e1b4cc115c7797f9d57061c0a

SHA256
fae034105c48f628764d8adb38d67f0a459378c69e3e0b6702bbbf296e818479

SHA512
ddd43418bb03d8018a74958c54e552ebe811f81e5495359075012e4fe76f5be1b9d16b17344844f15d7bc085fca10bac8e41c3fdd9eb9369b4a943ff1e4d6a11

Download Submit
\Program Files\CCleaner\CCleaner64.exe

Filesize
35.3MB

MD5
432c60b59b04954a287c328a482b9765

SHA1
1205a855f890f61e1b4cc115c7797f9d57061c0a

SHA256
fae034105c48f628764d8adb38d67f0a459378c69e3e0b6702bbbf296e818479

SHA512
ddd43418bb03d8018a74958c54e552ebe811f81e5495359075012e4fe76f5be1b9d16b17344844f15d7bc085fca10bac8e41c3fdd9eb9369b4a943ff1e4d6a11

Download Submit
\Program Files\CCleaner\CCleaner64.exe

Filesize
35.3MB

MD5
432c60b59b04954a287c328a482b9765

SHA1
1205a855f890f61e1b4cc115c7797f9d57061c0a

SHA256
fae034105c48f628764d8adb38d67f0a459378c69e3e0b6702bbbf296e818479

SHA512
ddd43418bb03d8018a74958c54e552ebe811f81e5495359075012e4fe76f5be1b9d16b17344844f15d7bc085fca10bac8e41c3fdd9eb9369b4a943ff1e4d6a11

Download Submit
\Program Files\CCleaner\CCleaner64.exe

Filesize
35.3MB

MD5
432c60b59b04954a287c328a482b9765

SHA1
1205a855f890f61e1b4cc115c7797f9d57061c0a

SHA256
fae034105c48f628764d8adb38d67f0a459378c69e3e0b6702bbbf296e818479

SHA512
ddd43418bb03d8018a74958c54e552ebe811f81e5495359075012e4fe76f5be1b9d16b17344844f15d7bc085fca10bac8e41c3fdd9eb9369b4a943ff1e4d6a11

Download Submit
\Program Files\CCleaner\CCleaner64.exe

Filesize
35.3MB

MD5
432c60b59b04954a287c328a482b9765

SHA1
1205a855f890f61e1b4cc115c7797f9d57061c0a

SHA256
fae034105c48f628764d8adb38d67f0a459378c69e3e0b6702bbbf296e818479

SHA512
ddd43418bb03d8018a74958c54e552ebe811f81e5495359075012e4fe76f5be1b9d16b17344844f15d7bc085fca10bac8e41c3fdd9eb9369b4a943ff1e4d6a11

Download Submit
\Program Files\CCleaner\CCleaner64.exe

Filesize
35.3MB

MD5
432c60b59b04954a287c328a482b9765

SHA1
1205a855f890f61e1b4cc115c7797f9d57061c0a

SHA256
fae034105c48f628764d8adb38d67f0a459378c69e3e0b6702bbbf296e818479

SHA512
ddd43418bb03d8018a74958c54e552ebe811f81e5495359075012e4fe76f5be1b9d16b17344844f15d7bc085fca10bac8e41c3fdd9eb9369b4a943ff1e4d6a11

Download Submit
\Program Files\CCleaner\CCleaner64.exe

Filesize
35.3MB

MD5
432c60b59b04954a287c328a482b9765

SHA1
1205a855f890f61e1b4cc115c7797f9d57061c0a

SHA256
fae034105c48f628764d8adb38d67f0a459378c69e3e0b6702bbbf296e818479

SHA512
ddd43418bb03d8018a74958c54e552ebe811f81e5495359075012e4fe76f5be1b9d16b17344844f15d7bc085fca10bac8e41c3fdd9eb9369b4a943ff1e4d6a11

Download Submit
\Program Files\CCleaner\CCleaner64.exe

Filesize
35.3MB

MD5
432c60b59b04954a287c328a482b9765

SHA1
1205a855f890f61e1b4cc115c7797f9d57061c0a

SHA256
fae034105c48f628764d8adb38d67f0a459378c69e3e0b6702bbbf296e818479

SHA512
ddd43418bb03d8018a74958c54e552ebe811f81e5495359075012e4fe76f5be1b9d16b17344844f15d7bc085fca10bac8e41c3fdd9eb9369b4a943ff1e4d6a11

Download Submit
\Program Files\CCleaner\CCleaner64.exe

Filesize
35.3MB

MD5
432c60b59b04954a287c328a482b9765

SHA1
1205a855f890f61e1b4cc115c7797f9d57061c0a

SHA256
fae034105c48f628764d8adb38d67f0a459378c69e3e0b6702bbbf296e818479

SHA512
ddd43418bb03d8018a74958c54e552ebe811f81e5495359075012e4fe76f5be1b9d16b17344844f15d7bc085fca10bac8e41c3fdd9eb9369b4a943ff1e4d6a11

Download Submit
\Program Files\CCleaner\CCleanerDU.dll

Filesize
8.0MB

MD5
b20841fd867e8b330e7f95bfa932eac0

SHA1
b5e5fc1b6021694a94a4309cfa227e8ce4857888

SHA256
f3dba3e1812afff0301f258b6d2a0af6dfdc97f3eb594ea2a1baaa80cc3dfc19

SHA512
46e910472607b03e53d261409c072216adecfddd87fa3ef25c3f85f383219dedc9de51802701461510f0b5a709dd37b59860bf6e61da2d6df8c6742f251c0a08

Download Submit
\Program Files\CCleaner\Lang\lang-1034.dll

Filesize
235KB

MD5
2f8e0b9811cfa17e4f1049f667b90615

SHA1
18f016e0434baf4a23b0b5ad3a2e407307c655d8

SHA256
782ee3da476af0824be9e1c2a6482eca71d9a8982eca701714ed13eb89f2486a

SHA512
f58e6b7e2cfd2da3389ac61b7c5ee95c67f90b7b564b867cc5c24c1152eb0457ae22b9c1814a89994168cc0c6ce986844cfdd2f1fa77e8cb1c07302d1d164aaa

Download Submit
\Program Files\CCleaner\Setup\650428af-1f04-4c52-bed0-bbdf81553ccb.dll

Filesize
469KB

MD5
fe6f58fb55d9a93502528c3c9bb13a3f

SHA1
516275dddbc9e2f056342201b03a0931d93a6239

SHA256
c427bcf6b065edf06662e0540e3e9a21c07095184e7bb9d05926dc3b79fc3348

SHA512
7f45f187d6c3156b89e2daf0c2bfdc60a59140ff94f8255fa672422abc43aa1252b0fe0fa0a3ef675f9e71c33b26424597c015db83dec7f5e20ee8769c61c619

Download Submit
\Program Files\CCleaner\gcapi_16723742481452.dll

Filesize
740KB

MD5
f17f96322f8741fe86699963a1812897

SHA1
a8433cab1deb9c128c745057a809b42110001f55

SHA256
8b6ce3a640e2d6f36b0001be2a1abb765ae51e62c314a15911e75138cbb544bb

SHA512
f10586f650a5d602287e6e7aeeaf688b275f0606e20551a70ea616999579acdf7ea2f10cebcfaa817dae4a2fc9076e7fa5b74d9c4b38878fbf590ffe0e7d81c9

Download Submit
\Program Files\CCleaner\gcapi_1672374262928.dll

Filesize
740KB

MD5
f17f96322f8741fe86699963a1812897

SHA1
a8433cab1deb9c128c745057a809b42110001f55

SHA256
8b6ce3a640e2d6f36b0001be2a1abb765ae51e62c314a15911e75138cbb544bb

SHA512
f10586f650a5d602287e6e7aeeaf688b275f0606e20551a70ea616999579acdf7ea2f10cebcfaa817dae4a2fc9076e7fa5b74d9c4b38878fbf590ffe0e7d81c9

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1B60.tmp\ButtonEvent.dll

Filesize
5KB

MD5
c24568a3b0d7c8d7761e684eb77252b5

SHA1
66db7f147cbc2309d8d78fdce54660041acbc60d

SHA256
e2da6d8b73b5954d58baa89a949aacece0527dfb940ca130ac6d3fd992d0909d

SHA512
5d43e4c838fd7f4c6a4ab6cc6d63e0f81d765d9ca33d9278d082c4f75f9416907df10b003e10edc1b5ef39535f722d8dbfab114775ac67da7f9390dcc2b4b443

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1B60.tmp\System.dll

Filesize
11KB

MD5
41a3c964232edd2d7d5edea53e8245cd

SHA1
76d7e1fbf15cc3da4dd63a063d6ab2f0868a2206

SHA256
8b65fec615c7b371c23f8f7f344b12dc5085e40a556f96db318ed757494d62d5

SHA512
fa16bd9d020602e3065afd5c0638bc37775b40eb18bfa33b4ca5babcc3e6f112ae7d43457a6e9685ddbe6e94b954a1dc43d1da7af9ca7464019a3f110af549c1

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1B60.tmp\System.dll

Filesize
11KB

MD5
41a3c964232edd2d7d5edea53e8245cd

SHA1
76d7e1fbf15cc3da4dd63a063d6ab2f0868a2206

SHA256
8b65fec615c7b371c23f8f7f344b12dc5085e40a556f96db318ed757494d62d5

SHA512
fa16bd9d020602e3065afd5c0638bc37775b40eb18bfa33b4ca5babcc3e6f112ae7d43457a6e9685ddbe6e94b954a1dc43d1da7af9ca7464019a3f110af549c1

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1B60.tmp\UserInfo.dll

Filesize
4KB

MD5
c1f778a6d65178d34bde4206161a98e0

SHA1
29719fffef1ab6fe2df47e5ed258a5e3b3a11cfc

SHA256
9caf7a78f750713180cf64d18967a2b803b5580e636e59279dcaaf18ba0daa87

SHA512
9c3cf25cf43f85a5f9c9ed555f12f3626ef9daeeedd4d366ada58748ead1f6e279fea977c76ae8bae1dc49bfd852e899cb137c4a006c13e9fcebf6e5e2926a4d

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1B60.tmp\a\asdk.dll

Filesize
965KB

MD5
f43ac06539d4816763506b17b1968812

SHA1
b1ecb3c88034983447cc08d14fb6a6a240f1bc0f

SHA256
b221c0442530cbb635caf3f4780edd292aa9f1d9da52c5ae39c7bb085be25dfc

SHA512
07a3f209e26abc05c176786680982177c61af8f32566d83f72f5f7983df6ed697022e764c832a0cc0f06a2e38b9f50d237e8f72476e9d5304295127dc08aaadd

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1B60.tmp\g\gcapi_dll.dll

Filesize
348KB

MD5
2973af8515effd0a3bfc7a43b03b3fcc

SHA1
4209cded0caac7c5cb07bcb29f1ee0dc5ac211ee

SHA256
d0e4581210a22135ce5deb47d9df4d636a94b3813e0649aab84822c9f08af2a0

SHA512
b6f9653142ec00b2e0a5045f0f2c7ba5dbbda8ef39edf14c80a24ecab3c41f081eb466994aaf0879ac96b201ba5c02d478275710e4d08b3debc739063d177f7e

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1B60.tmp\g\gcapi_dll.dll

Filesize
348KB

MD5
2973af8515effd0a3bfc7a43b03b3fcc

SHA1
4209cded0caac7c5cb07bcb29f1ee0dc5ac211ee

SHA256
d0e4581210a22135ce5deb47d9df4d636a94b3813e0649aab84822c9f08af2a0

SHA512
b6f9653142ec00b2e0a5045f0f2c7ba5dbbda8ef39edf14c80a24ecab3c41f081eb466994aaf0879ac96b201ba5c02d478275710e4d08b3debc739063d177f7e

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1B60.tmp\inetc.dll

Filesize
23KB

MD5
7760daf1b6a7f13f06b25b5a09137ca1

SHA1
cc5a98ea3aa582de5428c819731e1faeccfcf33a

SHA256
5233110ed8e95a4a1042f57d9b2dc72bc253e8cb5282437637a51e4e9fcb9079

SHA512
d038bea292ffa2f2f44c85305350645d504be5c45a9d1b30db6d9708bfac27e2ff1e41a76c844d9231d465f31d502a5313dfded6309326d6dfbe30e51a76fdb5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1B60.tmp\nsDialogs.dll

Filesize
9KB

MD5
2aba8f16eca82517460013a3de7cbf67

SHA1
3812192fa7b873f426c4b0d0d822b3c9d51aa164

SHA256
60b85fad2477b8c0138067be3697290b280b9334cf408cb57894e3baae615d0d

SHA512
4e059f70ef420c22d69199557ff3eab9e51fcefc75d220b057f1508f9566cd6251f9e06a8fe3695bf7d913ebabd2519ce52f485f2de9a5e4ab3ebc553b877fb0

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1B60.tmp\nsDialogs.dll

Filesize
9KB

MD5
2aba8f16eca82517460013a3de7cbf67

SHA1
3812192fa7b873f426c4b0d0d822b3c9d51aa164

SHA256
60b85fad2477b8c0138067be3697290b280b9334cf408cb57894e3baae615d0d

SHA512
4e059f70ef420c22d69199557ff3eab9e51fcefc75d220b057f1508f9566cd6251f9e06a8fe3695bf7d913ebabd2519ce52f485f2de9a5e4ab3ebc553b877fb0

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1B60.tmp\nsDialogs.dll

Filesize
9KB

MD5
2aba8f16eca82517460013a3de7cbf67

SHA1
3812192fa7b873f426c4b0d0d822b3c9d51aa164

SHA256
60b85fad2477b8c0138067be3697290b280b9334cf408cb57894e3baae615d0d

SHA512
4e059f70ef420c22d69199557ff3eab9e51fcefc75d220b057f1508f9566cd6251f9e06a8fe3695bf7d913ebabd2519ce52f485f2de9a5e4ab3ebc553b877fb0

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1B60.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1B60.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1B60.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1B60.tmp\p\ServiceUninstaller.dll

Filesize
497KB

MD5
3053907a25371c3ed0c5447d9862b594

SHA1
f39f0363886bb06cb1c427db983bd6da44c01194

SHA256
0b78d56aceefb4ff259660bd55bbb497ce29a5d60206b5d19d05e1442829e495

SHA512
226530658b3e1530f93285962e6b97d61f54039c1bbfcbc5ec27e9ba1489864aecd2d5b58577c8a9d7b25595a03aa35ee97cc7e33e026a89cbf5d470aa65c3e8

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1B60.tmp\p\pfBL.dll

Filesize
10.4MB

MD5
6ddffba31fda380b0a1a71e2c5918624

SHA1
4bae4d95e8be8d6f1a73f6760791785302b5e4ab

SHA256
ee033fdbd7bd82848426fce765c13eaccb0c0211eb1d586ef8e5288aee25aea0

SHA512
fc6b9e0c1b752bb5068c76e048663fd1492a6d3c3b99c42c4db57009fd111ad6cf94fd37438acd5ed3f5d6f5e50888d6dab4e909e3c796b8d308ae5d513e73cc

Download Submit
\Users\Admin\AppData\Local\Temp\nsy1B60.tmp\ui\pfUI.dll

Filesize
14.8MB

MD5
60c35f3523c9d22e1b502508ff757a96

SHA1
b124d2ad2c9b09181d9ee983ddf7a5d39b6b70cb

SHA256
eb929d174316e6ac2c0a109694f856f348c3c02208b40b34386406f7f572763c

SHA512
5ede92756cfb2da5114e78cf6f539d3015099ebfbb04951d967bfccc73c10cf9a457f218cf6ca0889a13131c651d58ab49d44e8fd1f19e91da65784c9908a3f2

Download Submit
memory/580-133-0x0000000000000000-mapping.dmp

Download
memory/928-109-0x0000000000000000-mapping.dmp

Download
memory/1360-65-0x0000000004C80000-0x0000000004C90000-memory.dmp

Filesize
64KB

Download
memory/1360-54-0x0000000075161000-0x0000000075163000-memory.dmp

Filesize
8KB

Download
memory/1452-89-0x000007FEFB551000-0x000007FEFB553000-memory.dmp

Filesize
8KB

Download
memory/1452-82-0x0000000000000000-mapping.dmp

Download
memory/1892-100-0x0000000000000000-mapping.dmp

Download
memory/1944-90-0x0000000000000000-mapping.dmp

Download
memory/2544-135-0x0000000000000000-mapping.dmp

Download
memory/2608-136-0x0000000000000000-mapping.dmp

Download