lumma | 2d071818c4530a76a0cf946fa7dc00a1d2bba95a741962802c4b8b23d54a319c

Analysis

max time kernel
151s
max time network
154s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
29-03-2023 02:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2. CCleaner.Professional.6.06.10144.exe
Size

49.6MB
MD5

c80f2122f4755d8035d54e853d0d4ca2
SHA1

ba1c08614d713545be84e1229df09eb6275f0223
SHA256

2d071818c4530a76a0cf946fa7dc00a1d2bba95a741962802c4b8b23d54a319c
SHA512

f4285e0530a5cec0f2e294ea0b47a45cce9919782c37efca30567092bdd024f3a26b973aa340101ad3d935076af5458b72c2306d684e2a6199fbbda77cd41358
SSDEEP

1572864:kY3EH/GNT2kFLiWijs9jI3tF8+vMZEU0CYJYtK:kYUfgCGi5jsk8QyYJYtK

Score

10^/10

lumma bootkit discovery persistence spyware stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Downloads MZ/PE file
Executes dropped EXE 4 IoCs

Processes:

CCleaner64.exeCCUpdate.exeCCUpdate.exeCCleaner64.exe

pid process

752 CCleaner64.exe
756 CCUpdate.exe
2012 CCUpdate.exe
1976 CCleaner64.exe

pid	process
752	CCleaner64.exe
756	CCUpdate.exe
2012	CCUpdate.exe
1976	CCleaner64.exe

Loads dropped DLL 43 IoCs

Processes:

2. CCleaner.Professional.6.06.10144.exeCCleaner64.exeCCUpdate.exeCCUpdate.exeCCleaner64.exe

pid	process
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
1280
1280
1280
1280
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
752	CCleaner64.exe
752	CCleaner64.exe
752	CCleaner64.exe
756	CCUpdate.exe
756	CCUpdate.exe
1280
1280
756	CCUpdate.exe
752	CCleaner64.exe
2012	CCUpdate.exe
2012	CCUpdate.exe
2012	CCUpdate.exe
2012	CCUpdate.exe
2012	CCUpdate.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1280
1280
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

CCUpdate.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\ccleaner_update_helper = "C:\\Program Files\\CCleaner\\ccleaner_update_helper.exe"	CCUpdate.exe

Checks for any installed AV software in registry 1 TTPs 2 IoCs

Security Software Discovery

T1063

Processes:

CCleaner64.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Software\Wow6432Node\AVAST Software\Avast	CCleaner64.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	CCleaner64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Writes to the Master Boot Record (MBR) 1 TTPs 5 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

Processes:

CCleaner64.exe2. CCleaner.Professional.6.06.10144.exeCCUpdate.exeCCleaner64.exeCCUpdate.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	CCleaner64.exe
File opened for modification	\??\PhysicalDrive0	2. CCleaner.Professional.6.06.10144.exe
File opened for modification	\??\PhysicalDrive0	CCUpdate.exe
File opened for modification	\??\PhysicalDrive0	CCleaner64.exe
File opened for modification	\??\PhysicalDrive0	CCUpdate.exe

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

CCleaner64.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	CCleaner64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	CCleaner64.exe

Drops file in Program Files directory 64 IoCs

Processes:

CCUpdate.exeCCleaner64.exe2. CCleaner.Professional.6.06.10144.exeCCleaner64.exe

description	ioc	process
File opened for modification	C:\Program Files\CCleaner\Setup\81180511-f10b-45ed-b6bf-c5b42dd13dc5\ccleaner_update_helper.exe	CCUpdate.exe
File opened for modification	C:\Program Files\CCleaner\Data\usercfg.ini	CCleaner64.exe
File created	C:\Program Files\CCleaner\CCleaner.exe	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-1041.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\uninst.exe	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Setup\143a3eb6-0515-45e4-a1d7-c55239021980.dll	CCUpdate.exe
File opened for modification	C:\Program Files\CCleaner\LOG\DriverUpdaterLib.log	CCleaner64.exe
File created	C:\Program Files\CCleaner\Lang\lang-1035.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-1038.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-1065.dll	2. CCleaner.Professional.6.06.10144.exe
File opened for modification	C:\Program Files\CCleaner\Setup\81180511-f10b-45ed-b6bf-c5b42dd13dc5	CCUpdate.exe
File created	C:\Program Files\CCleaner\Lang\lang-1109.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\CCleanerDU.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Setup\2eee696a-8639-4976-a746-8637af60d1bd.xml	CCUpdate.exe
File created	C:\Program Files\CCleaner\Setup\bf4f1b6f-171e-4424-b362-f2a8d1e56028.cab	CCUpdate.exe
File created	C:\Program Files\CCleaner\Lang\lang-1027.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-1061.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-1062.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-1087.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-1068.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-1092.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-1045.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-5146.dll	2. CCleaner.Professional.6.06.10144.exe
File opened for modification	C:\Program Files\CCleaner	CCleaner64.exe
File created	C:\Program Files\CCleaner\Lang\lang-1036.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-2052.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\6b6b0bed-e7c8-4065-b943-5a3db4c61873	CCleaner64.exe
File created	C:\Program Files\CCleaner\Lang\lang-1079.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-1081.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\CCleanerReactivator.exe	2. CCleaner.Professional.6.06.10144.exe
File opened for modification	C:\Program Files\CCleaner\ccleaner_update_helper.exe	CCUpdate.exe
File created	C:\Program Files\CCleaner\Lang\lang-1028.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-1042.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-1049.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-1058.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-1060.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\ccleaner_update_helper.exe	CCUpdate.exe
File created	C:\Program Files\CCleaner\CCleaner.dat	CCleaner64.exe
File created	C:\Program Files\CCleaner\Lang\lang-1037.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-1046.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-1050.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-1055.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-1104.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-2074.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Setup\config.def	CCleaner64.exe
File created	C:\Program Files\CCleaner\autotrial.dat	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-1031.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-1044.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-1066.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\CCleanerReactivator.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\44ED97C8-2D40-4A50-913D-673F6858B9AF	CCleaner64.exe
File created	C:\Program Files\CCleaner\Lang\lang-1034.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-1102.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-3098.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-9999.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-1029.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-1040.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-1059.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Lang\lang-1110.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\gcapi_dll.dll	CCleaner64.exe
File opened for modification	C:\Program Files\CCleaner	CCleaner64.exe
File created	C:\Program Files\CCleaner\Lang\lang-1054.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\CCleanerPerformanceOptimizer.dll	2. CCleaner.Professional.6.06.10144.exe
File created	C:\Program Files\CCleaner\Setup\fcb31acd-15ec-41be-9f7f-40ba61792e6f.ini	CCUpdate.exe

Drops file in Windows directory 2 IoCs

Processes:

CCleaner64.exe

description	ioc	process
File created	C:\Windows\Tasks\CCleanerCrashReporting.job	CCleaner64.exe
File opened for modification	C:\Windows\Tasks\CCleanerCrashReporting.job	CCleaner64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

2. CCleaner.Professional.6.06.10144.exeCCleaner64.exeCCleaner64.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	2. CCleaner.Professional.6.06.10144.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	CCleaner64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	CCleaner64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	2. CCleaner.Professional.6.06.10144.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	CCleaner64.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor	CCleaner64.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	CCleaner64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	CCleaner64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	2. CCleaner.Professional.6.06.10144.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	CCleaner64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	CCleaner64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	CCleaner64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	CCleaner64.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	CCleaner64.exe

Modifies Internet Explorer settings 1 TTPs 63 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exeCCleaner64.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ccleaner.com\ = "3063"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com\Total = "3063"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com\Total = "13"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3063"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{333EEFE1-CDEC-11ED-8EB1-FAEC88B9DA95} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com\Total = "3027"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com\Total = "25"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "45"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com\Total = "45"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3992"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com\Total = "3992"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com\Total = "2982"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com\Total = "3244"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main	CCleaner64.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ccleaner.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ccleaner.com\ = "45"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ccleaner.com\ = "3992"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ccleaner.com\ = "13"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com\Total = "3045"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ccleaner.com\ = "2982"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ccleaner.com\ = "3027"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ccleaner.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "2982"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ccleaner.com\ = "3045"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3244"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "13"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ccleaner.com\ = "3244"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3027"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\ccleaner.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3045"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.ccleaner.com\ = "25"	IEXPLORE.EXE

Modifies data under HKEY_USERS 21 IoCs

Processes:

2. CCleaner.Professional.6.06.10144.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-20\SOFTWARE\Piriform\CCleaner	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\USER\S-1-5-20	2. CCleaner.Professional.6.06.10144.exe
Set value (str)	\REGISTRY\USER\S-1-5-20\Software\Piriform\CCleaner\UpdateBackground = "1"	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Piriform\CCleaner	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Piriform\CCleaner	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Piriform\CCleaner	2. CCleaner.Professional.6.06.10144.exe
Set value (str)	\REGISTRY\USER\S-1-5-19\Software\Piriform\CCleaner\AutoICS = "1"	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\USER\.DEFAULT	2. CCleaner.Professional.6.06.10144.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Piriform\CCleaner\AutoICS = "1"	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\USER\S-1-5-19	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Piriform	2. CCleaner.Professional.6.06.10144.exe
Set value (str)	\REGISTRY\USER\S-1-5-20\Software\Piriform\CCleaner\AutoICS = "1"	2. CCleaner.Professional.6.06.10144.exe
Set value (str)	\REGISTRY\USER\S-1-5-19\Software\Piriform\CCleaner\UpdateBackground = "1"	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Piriform	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Piriform\CCleaner	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Piriform	2. CCleaner.Professional.6.06.10144.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Piriform\CCleaner\UpdateBackground = "1"	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Piriform\CCleaner	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\USER\S-1-5-20\SOFTWARE	2. CCleaner.Professional.6.06.10144.exe

Modifies registry class 27 IoCs

Processes:

2. CCleaner.Professional.6.06.10144.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Open CCleaner...\command	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_Classes\SOFTWARE\Piriform\CCleaner	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Open CCleaner...	2. CCleaner.Professional.6.06.10144.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Open CCleaner...\command\ = "C:\\Program Files\\CCleaner\\ccleaner.exe /FRB"	2. CCleaner.Professional.6.06.10144.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell\	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell\open	2. CCleaner.Professional.6.06.10144.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\SOFTWARE\Piriform\CCleaner\AutoICS = "1"	2. CCleaner.Professional.6.06.10144.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Run CCleaner\command\ = "C:\\Program Files\\CCleaner\\ccleaner.exe /AUTORB"	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Open CCleaner...\command	2. CCleaner.Professional.6.06.10144.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\ = "URL: CCleaner Protocol"	2. CCleaner.Professional.6.06.10144.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\SOFTWARE\Piriform\CCleaner\UpdateBackground = "1"	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell	2. CCleaner.Professional.6.06.10144.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell\open\command\ = "\"C:\\Program Files\\CCleaner\\ccleaner.exe\" /%1"	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\SOFTWARE	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\SOFTWARE\Piriform\CCleaner	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}	2. CCleaner.Professional.6.06.10144.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\URL Protocol	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_CLASSES\SOFTWARE\Piriform	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Run CCleaner	2. CCleaner.Professional.6.06.10144.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell\open\	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell\open\command	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Run CCleaner\command	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\USER\S-1-5-21-3948302646-268491222-1934009652-1000_Classes\Software\Piriform\CCleaner	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Run CCleaner\command	2. CCleaner.Professional.6.06.10144.exe

Modifies system certificate store 2 TTPs 16 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

CCleaner64.exe2. CCleaner.Professional.6.06.10144.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	CCleaner64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	2. CCleaner.Professional.6.06.10144.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	2. CCleaner.Professional.6.06.10144.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	2. CCleaner.Professional.6.06.10144.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	CCleaner64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	2. CCleaner.Professional.6.06.10144.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	CCleaner64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	2. CCleaner.Professional.6.06.10144.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	2. CCleaner.Professional.6.06.10144.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	CCleaner64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d4304000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	CCleaner64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	CCleaner64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	2. CCleaner.Professional.6.06.10144.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	2. CCleaner.Professional.6.06.10144.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	2. CCleaner.Professional.6.06.10144.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	CCleaner64.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

2. CCleaner.Professional.6.06.10144.exeCCleaner64.exeCCleaner64.exe

pid	process
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
752	CCleaner64.exe
752	CCleaner64.exe
752	CCleaner64.exe
752	CCleaner64.exe
752	CCleaner64.exe
752	CCleaner64.exe
752	CCleaner64.exe
752	CCleaner64.exe
752	CCleaner64.exe
752	CCleaner64.exe
752	CCleaner64.exe
752	CCleaner64.exe
752	CCleaner64.exe
752	CCleaner64.exe
752	CCleaner64.exe
752	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

Processes:

2. CCleaner.Professional.6.06.10144.exeCCUpdate.exeCCleaner64.exeCCUpdate.exeCCleaner64.exe

description	pid	process
Token: SeManageVolumePrivilege	1932	2. CCleaner.Professional.6.06.10144.exe
Token: SeManageVolumePrivilege	1932	2. CCleaner.Professional.6.06.10144.exe
Token: SeRestorePrivilege	1932	2. CCleaner.Professional.6.06.10144.exe
Token: SeShutdownPrivilege	756	CCUpdate.exe
Token: SeDebugPrivilege	752	CCleaner64.exe
Token: SeShutdownPrivilege	2012	CCUpdate.exe
Token: SeDebugPrivilege	1976	CCleaner64.exe
Token: SeShutdownPrivilege	1976	CCleaner64.exe
Token: SeShutdownPrivilege	1976	CCleaner64.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1884 iexplore.exe

pid	process
1884	iexplore.exe

Suspicious use of SetWindowsHookEx 15 IoCs

Processes:

2. CCleaner.Professional.6.06.10144.exeiexplore.exeIEXPLORE.EXECCleaner64.exe

pid	process
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
1932	2. CCleaner.Professional.6.06.10144.exe
1884	iexplore.exe
1884	iexplore.exe
2420	IEXPLORE.EXE
2420	IEXPLORE.EXE
1976	CCleaner64.exe
1976	CCleaner64.exe
2420	IEXPLORE.EXE
2420	IEXPLORE.EXE
1976	CCleaner64.exe
1976	CCleaner64.exe
1976	CCleaner64.exe

Suspicious use of WriteProcessMemory 30 IoCs

Processes:

2. CCleaner.Professional.6.06.10144.exeCCUpdate.exeiexplore.exe

description	pid	process	target process
PID 1932 wrote to memory of 752	1932	2. CCleaner.Professional.6.06.10144.exe	CCleaner64.exe
PID 1932 wrote to memory of 752	1932	2. CCleaner.Professional.6.06.10144.exe	CCleaner64.exe
PID 1932 wrote to memory of 752	1932	2. CCleaner.Professional.6.06.10144.exe	CCleaner64.exe
PID 1932 wrote to memory of 752	1932	2. CCleaner.Professional.6.06.10144.exe	CCleaner64.exe
PID 1932 wrote to memory of 756	1932	2. CCleaner.Professional.6.06.10144.exe	CCUpdate.exe
PID 1932 wrote to memory of 756	1932	2. CCleaner.Professional.6.06.10144.exe	CCUpdate.exe
PID 1932 wrote to memory of 756	1932	2. CCleaner.Professional.6.06.10144.exe	CCUpdate.exe
PID 1932 wrote to memory of 756	1932	2. CCleaner.Professional.6.06.10144.exe	CCUpdate.exe
PID 1932 wrote to memory of 756	1932	2. CCleaner.Professional.6.06.10144.exe	CCUpdate.exe
PID 1932 wrote to memory of 756	1932	2. CCleaner.Professional.6.06.10144.exe	CCUpdate.exe
PID 1932 wrote to memory of 756	1932	2. CCleaner.Professional.6.06.10144.exe	CCUpdate.exe
PID 756 wrote to memory of 2012	756	CCUpdate.exe	CCUpdate.exe
PID 756 wrote to memory of 2012	756	CCUpdate.exe	CCUpdate.exe
PID 756 wrote to memory of 2012	756	CCUpdate.exe	CCUpdate.exe
PID 756 wrote to memory of 2012	756	CCUpdate.exe	CCUpdate.exe
PID 756 wrote to memory of 2012	756	CCUpdate.exe	CCUpdate.exe
PID 756 wrote to memory of 2012	756	CCUpdate.exe	CCUpdate.exe
PID 756 wrote to memory of 2012	756	CCUpdate.exe	CCUpdate.exe
PID 1932 wrote to memory of 1884	1932	2. CCleaner.Professional.6.06.10144.exe	iexplore.exe
PID 1932 wrote to memory of 1884	1932	2. CCleaner.Professional.6.06.10144.exe	iexplore.exe
PID 1932 wrote to memory of 1884	1932	2. CCleaner.Professional.6.06.10144.exe	iexplore.exe
PID 1932 wrote to memory of 1884	1932	2. CCleaner.Professional.6.06.10144.exe	iexplore.exe
PID 1932 wrote to memory of 1976	1932	2. CCleaner.Professional.6.06.10144.exe	CCleaner64.exe
PID 1932 wrote to memory of 1976	1932	2. CCleaner.Professional.6.06.10144.exe	CCleaner64.exe
PID 1932 wrote to memory of 1976	1932	2. CCleaner.Professional.6.06.10144.exe	CCleaner64.exe
PID 1932 wrote to memory of 1976	1932	2. CCleaner.Professional.6.06.10144.exe	CCleaner64.exe
PID 1884 wrote to memory of 2420	1884	iexplore.exe	IEXPLORE.EXE
PID 1884 wrote to memory of 2420	1884	iexplore.exe	IEXPLORE.EXE
PID 1884 wrote to memory of 2420	1884	iexplore.exe	IEXPLORE.EXE
PID 1884 wrote to memory of 2420	1884	iexplore.exe	IEXPLORE.EXE

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\2. CCleaner.Professional.6.06.10144.exe
"C:\Users\Admin\AppData\Local\Temp\2. CCleaner.Professional.6.06.10144.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Checks processor information in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1932

C:\Program Files\CCleaner\CCleaner64.exe
"C:\Program Files\CCleaner\CCleaner64.exe" /createSkipUAC
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks processor information in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:752

C:\Program Files\CCleaner\CCUpdate.exe
"C:\Program Files\CCleaner\CCUpdate.exe" /reg
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:756

C:\Program Files\CCleaner\CCUpdate.exe
CCUpdate.exe /emupdater /applydll "C:\Program Files\CCleaner\Setup\143a3eb6-0515-45e4-a1d7-c55239021980.dll"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of AdjustPrivilegeToken
PID:2012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=3
2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1884

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1884 CREDAT:275457 /prefetch:2
3⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2420

C:\Program Files\CCleaner\CCleaner64.exe
"C:\Program Files\CCleaner\CCleaner64.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Checks system information in the registry
- Drops file in Program Files directory
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1976

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Credentials in Files

T1081

Discovery

Security Software Discovery

T1063

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\CCleaner\CCUpdate.exe
Filesize
668KB

MD5
21d34c75fd0b462067d408ba8b6bf765

SHA1
4047539c78ae99bd7cf7760ce137b9878174fa04

SHA256
721ee7b402ce1ea6a69ed90f2501dfa003725d1135136ac88762307ad0f426c0

SHA512
f0754b3007f9dd2bfec14b33697dfaf9c75e637df3fa85c490e9cbe762db388696ae06c9e81bec195cd7d3d773f9e928e3fe76e597fb63bf3fc50b63e9d5eedd

Download Submit
C:\Program Files\CCleaner\CCUpdate.exe
Filesize
668KB

MD5
21d34c75fd0b462067d408ba8b6bf765

SHA1
4047539c78ae99bd7cf7760ce137b9878174fa04

SHA256
721ee7b402ce1ea6a69ed90f2501dfa003725d1135136ac88762307ad0f426c0

SHA512
f0754b3007f9dd2bfec14b33697dfaf9c75e637df3fa85c490e9cbe762db388696ae06c9e81bec195cd7d3d773f9e928e3fe76e597fb63bf3fc50b63e9d5eedd

Download Submit
C:\Program Files\CCleaner\CCUpdate.exe
Filesize
668KB

MD5
21d34c75fd0b462067d408ba8b6bf765

SHA1
4047539c78ae99bd7cf7760ce137b9878174fa04

SHA256
721ee7b402ce1ea6a69ed90f2501dfa003725d1135136ac88762307ad0f426c0

SHA512
f0754b3007f9dd2bfec14b33697dfaf9c75e637df3fa85c490e9cbe762db388696ae06c9e81bec195cd7d3d773f9e928e3fe76e597fb63bf3fc50b63e9d5eedd

Download Submit
C:\Program Files\CCleaner\CCleaner.exe
Filesize
30.8MB

MD5
0a864e78e2244c926ec0ed931e438df6

SHA1
7f60164f0876b0ab7dd3859dd3a2cb6b206a3403

SHA256
dfe62ca60e4f30ce93522038ca18ed0f43dcc07922dcf20c1456ffe527b8499e

SHA512
b7615ad05bc119777f5ed5f5988ffccc2f38b4e3eac0f7ac9099240e39ade0fa6737a8183fc8b80e8bf4ccca8ed1674bd6734b957b95a9f2c661d75f7b0f586a

Download Submit
C:\Program Files\CCleaner\CCleaner64.exe
Filesize
36.9MB

MD5
51ba771e6ad2ebe444947a737d74615a

SHA1
85e4868407e0247474a995e567374b241ca39a93

SHA256
f7d3243cde281dbc709586312216366880d13001206826c590d7e1b6f01fecbd

SHA512
1a2a104bb7abda141f95c951de7c8153ba676e9bc5a155b73645c1f1605dc46d205c40fdc057883d3e404c398bf497057fac1c081e7032ec61c7ce1d2fe6f7be

Download Submit
C:\Program Files\CCleaner\CCleaner64.exe
Filesize
36.9MB

MD5
51ba771e6ad2ebe444947a737d74615a

SHA1
85e4868407e0247474a995e567374b241ca39a93

SHA256
f7d3243cde281dbc709586312216366880d13001206826c590d7e1b6f01fecbd

SHA512
1a2a104bb7abda141f95c951de7c8153ba676e9bc5a155b73645c1f1605dc46d205c40fdc057883d3e404c398bf497057fac1c081e7032ec61c7ce1d2fe6f7be

Download Submit
C:\Program Files\CCleaner\CCleaner64.exe
Filesize
36.9MB

MD5
51ba771e6ad2ebe444947a737d74615a

SHA1
85e4868407e0247474a995e567374b241ca39a93

SHA256
f7d3243cde281dbc709586312216366880d13001206826c590d7e1b6f01fecbd

SHA512
1a2a104bb7abda141f95c951de7c8153ba676e9bc5a155b73645c1f1605dc46d205c40fdc057883d3e404c398bf497057fac1c081e7032ec61c7ce1d2fe6f7be

Download Submit
C:\Program Files\CCleaner\CCleaner64.exe
Filesize
36.9MB

MD5
51ba771e6ad2ebe444947a737d74615a

SHA1
85e4868407e0247474a995e567374b241ca39a93

SHA256
f7d3243cde281dbc709586312216366880d13001206826c590d7e1b6f01fecbd

SHA512
1a2a104bb7abda141f95c951de7c8153ba676e9bc5a155b73645c1f1605dc46d205c40fdc057883d3e404c398bf497057fac1c081e7032ec61c7ce1d2fe6f7be

Download Submit
C:\Program Files\CCleaner\Setup\143a3eb6-0515-45e4-a1d7-c55239021980.dll
Filesize
469KB

MD5
fe6f58fb55d9a93502528c3c9bb13a3f

SHA1
516275dddbc9e2f056342201b03a0931d93a6239

SHA256
c427bcf6b065edf06662e0540e3e9a21c07095184e7bb9d05926dc3b79fc3348

SHA512
7f45f187d6c3156b89e2daf0c2bfdc60a59140ff94f8255fa672422abc43aa1252b0fe0fa0a3ef675f9e71c33b26424597c015db83dec7f5e20ee8769c61c619

Download Submit
C:\Program Files\CCleaner\Setup\143a3eb6-0515-45e4-a1d7-c55239021980.dll
Filesize
469KB

MD5
fe6f58fb55d9a93502528c3c9bb13a3f

SHA1
516275dddbc9e2f056342201b03a0931d93a6239

SHA256
c427bcf6b065edf06662e0540e3e9a21c07095184e7bb9d05926dc3b79fc3348

SHA512
7f45f187d6c3156b89e2daf0c2bfdc60a59140ff94f8255fa672422abc43aa1252b0fe0fa0a3ef675f9e71c33b26424597c015db83dec7f5e20ee8769c61c619

Download Submit
C:\Program Files\CCleaner\Setup\2eee696a-8639-4976-a746-8637af60d1bd.xml
Filesize
1KB

MD5
a8500f686252cdd13696bd7cd4df2df7

SHA1
4b8e01170a0fab56f250fabd6ec937e9a256d9c3

SHA256
693225b1c379176971faeb9ac2b49ab64750bf309d617f0bed0f7d2744ca57f0

SHA512
9c00c10ae75a5498593c0ae43be6b77b13d68e6db8367401127dc72a3ce5678b0a5e52d8b8b768af611a157b39e4fe7e44cfa5f257ac07c273142865bbf73499

Download Submit
C:\Program Files\CCleaner\Setup\81180511-f10b-45ed-b6bf-c5b42dd13dc5\ccleaner_update_helper.exe
Filesize
729KB

MD5
844b5a7a8d35da17d19de4cbb1d5bc6a

SHA1
5c8ff1c0d5dfbf703835cd35ddbc93c1eaba20a6

SHA256
c74181c70ad77d8ff034a06ea3a9fbc4239a08b93e7c39380cd0663a04e076bf

SHA512
97a7c02651a247ae0da0fc018e4e910137d574b7e5f7bef3dde15c39742a22d0fb4d75302479cebd51c13927b33d0cd1042f33fdb084676bb1004aae51e0390f

Download Submit
C:\Program Files\CCleaner\Setup\bf4f1b6f-171e-4424-b362-f2a8d1e56028.cab
Filesize
412KB

MD5
12938932e37f24044ed00a043106dc7a

SHA1
435a4ac59b0bb5b8c764267ef969915b61db1547

SHA256
fe000954de50a7682d3fb4069e3e1b8e2b761a808c2e840c1d82bdc556ba57de

SHA512
8980534a887bd5cd423c8327cbdeeeaa93c3900b423bfdef4d485a86c9a3ed6df56b7f9dd8616631087f9c487ce3c1af11a4446f38a9b2048db5ed98d4576b79

Download Submit
C:\Program Files\CCleaner\Setup\config.def
Filesize
48B

MD5
a7aae01415beba879259774ff60e4e07

SHA1
a169b7b90824154893ef8ca3ceb68483e794c118

SHA256
f79e0c02b2b3cfa15324e66531a4045c465ef3dcbd739a04b3e62d7977834479

SHA512
0539a6751bd2143906fda9c9aa89a09d9d448821512b719deecbe132921f4b190f6d1165176dd907d0a0157f85573f3a5726cb6d72e717aeeb101449f9cdf6d6

Download Submit
C:\Program Files\CCleaner\Setup\fcb31acd-15ec-41be-9f7f-40ba61792e6f.ini
Filesize
170B

MD5
2af9f69df769f876f6e02da18e966020

SHA1
5d21312d9bd23a498a294844778c49641a63d5e2

SHA256
473d48a44a348f6c547aefd2c60dd4b9de0092e1fb94a7611bdd374783ef3b2c

SHA512
a4705e5491cf03867fd46e63293181bf761d04fe0cccb86e373dd567c68d646634f64ef95d5b910d2266468b93bf7cdf6f9acbf576c6f42a4ff6c3caa09d2274

Download Submit
C:\Program Files\CCleaner\branding.dll
Filesize
46KB

MD5
e4807cd4c9baf74c2b4fc0812c43db75

SHA1
5484e4bd75c713d13e3efeda17c57a574fad5396

SHA256
8331b56f1bcfe5c619eeac9c644688b6ecfbdc755dcb9fed12a64937220aba22

SHA512
f4b19cd749ff38bdefda9f89730bd3fe29d14e68d7d72dd5530268aa77f9d328194282b3050b39008f43b903a8b2ba8f77cf25362b4a7c0bdab17f6e5f894fcf

Download Submit
C:\Program Files\CCleaner\gcapi_dll.dll
Filesize
740KB

MD5
f17f96322f8741fe86699963a1812897

SHA1
a8433cab1deb9c128c745057a809b42110001f55

SHA256
8b6ce3a640e2d6f36b0001be2a1abb765ae51e62c314a15911e75138cbb544bb

SHA512
f10586f650a5d602287e6e7aeeaf688b275f0606e20551a70ea616999579acdf7ea2f10cebcfaa817dae4a2fc9076e7fa5b74d9c4b38878fbf590ffe0e7d81c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
471B

MD5
38ec2cce9ea6d36e74859b17ce7b5428

SHA1
92461f6cfc37172157747d07a23783558770e7b1

SHA256
8417ae6338b266e92f4ef76b30893ba0c6c9684af77b60981d6e68c4326b5bcb

SHA512
55a52d551bcc204cc9240bead4ab408ddb25c700a518c178a99d737c5cf3f3288bddf5a2af383b6d648b696942e653d9f9487634c165ebd9b1272b2d5bb63099

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
Filesize
1KB

MD5
e3778d887ae4dfcbd3be890ab7ca7493

SHA1
24e328ca8c437a63428d78ce453a4e4a05308293

SHA256
31c815454647e77efbc9fb8ce6f67bdceda76545b5627cf663a384142a91133a

SHA512
3113359f68498b4be3797b51c75a8a599abd9c18318c233007e049dfdfdd625e18e511ca2d6536bfd072d5460cdd086ed5e1b2523ed155c074551178475fbcc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
Filesize
471B

MD5
d7584cba63d0c27a3d6e94869a264864

SHA1
b25f90217179043cfc271578aee7407ba6b8f8b3

SHA256
2343b2f01a0a4b9385809693bda9be6b93e7510b468c00f8d12833b809d07ab7

SHA512
130a7a640b5dffb2e477ea0f6544cb49f8ab6387eaa2fa37134b1bea6da698b1fa23c7f6baeadac77afed4b68f0b2d282c102112d0d8acc4d2c12a9fa5ae0453

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
252B

MD5
5afaf7e36f75392ab0d26c60cd81b96b

SHA1
cfe44014a8aec56e8c7c749a5d1d30576591f190

SHA256
01c79d008a5a14f3fa2a049d9acc77263ec5ae9a81429017a50ce6dcf4052134

SHA512
f103a2db3e9de81e15ffe0e3887c99fc5037be1a4c98ce7185a597f3fe644120e0272bf4dbfc57e92ef5fc52919c5343baf596db67aaf4101ac756b31a7882af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
ae07c88b1b1536fb8be20aabbfa0fb56

SHA1
3f8b09e35f61ca40d61a1cfa9bda807b3663fe25

SHA256
4c0b39a41d6b6780cd410d1d0a296d82500521dd773e23e2cf82ff8f3c09a5df

SHA512
23eaa215ef1efea502e2fdce448146886c8e618e9ceed4f51904e4acc52ca06c039619e60bdc671f4fd01aa3f65c9d0cae19822791f78a1ce7c3e58cd815282d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
0e3666c7be4b987bfc91f04c5e5a105f

SHA1
6b71fe9c2f1fcfcfec5018a4ac142193a9076bb3

SHA256
a992af710b41ecc4141a565da3e5bbd4d668bc1001b970cf328d17981ebf9071

SHA512
fd6e12f08f6538057258ce0d45726a92db4beb3fc314aa3485eeb45c2abe0d76339b9e76f759a09b59a6efa34bb278043d0647eb4398e8a5ef65ed5a73a287de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
0782b912d48d1130917375723b112f16

SHA1
64e917ff5936fd7f117697c8c5976fa036d9c379

SHA256
69c45cbb4a3c0f994b22231d9fd962d4189b280358799068902619b34f0dd7ac

SHA512
0d487748d9e35e3fc84616053afb39da23d47422807bd101d77ff9907bf0541239fb106c1d6570e10881f9e356d57203ab3b1ebfccc4a8e808d0ccedd5a78242

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
10bfda580fb34bbeea7fec1d7064be6d

SHA1
3886b100100d5bb8c4689df28eca05f60b8324d3

SHA256
eb8a4a7885e0df1f7775756317fa983c34154c2a1c0d7f1172965d0cf147e253

SHA512
7fca7aa8fef66c36a16b20a47441efb05e216288ab29ea88c558b0e6ff2255de05428cca6c6306b7b543a64d21ec8ba0c70351aac706394d86fd0633e798611a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
7cbc07db729d1048da4d0e29b6b3c427

SHA1
7e839700e243130ef3e6c61faba6d7de85f9b39c

SHA256
9c37dac963c8fcde1fb9355df75e29f45d6cbf473e3cd917920000ced1b0d9f8

SHA512
dfdb1ccc6b246be6316de198d61a454b1987e533df4d25332dac50c4e9cd249a0b5079797d399253e6e120d85f27c9d38f6ac5d1a39b8d456a8f45c9a6aa41e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
263593b68d00f9be83f4e4c465897524

SHA1
2e7c0837beb8c5a3ea911edf9dc0c0950f09e111

SHA256
ea07bca497fbd2ac1fddcb8abf00dc7af0656604b7436c7b48634c63c418c541

SHA512
0d4e0d99c8fb492e98a0ce35a6b160ac826c8b101cbec12da0fc4fc7e251ba2b7bb8a750308facf7269a85a824b3e9b0cfdd3536ef56372d91ce0285372f6c3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
bcd2bb388207d400f0e7a96aec8d75d2

SHA1
d937d0ad83a6e87347f7a1a878c9a53626c2bcef

SHA256
92e806100ac9d30724add3a3eb617164e351ec7e25ee2ad51b83a80652289f3e

SHA512
c2689c26b73976aec278b8896943ebaad33124f332ac1c9db60614152da7b4dfcb46330052ac0a3fabf91d0e0f8a09f9725f024f6b2eb758b3e652f38ee93491

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
bd3c424c634c6e21033fce9458156d3d

SHA1
f326c2d2005631d2d77558a82ff904ab165b80d6

SHA256
61cfd73ed216c97d08c9d9605bdf033e1c0e51c96b14d6374d7530349a7293ca

SHA512
517ef0411ab0e285370b796030213628e577a43850583e63e347d83a4271bbcde46b9d5026eee59ccec31e0c6242b86b2eb5c0a7b4f19a8cdc6ceee29c31bf3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
b6b80c0d98220c2f0fdb176386f8e207

SHA1
a6a99831c3f296547f535ce7e1f9f56aec053e9b

SHA256
e19e18a608ee23e5b2c523580808bbb15f5ea6833e897a6e5a54dd12f4dd523a

SHA512
14fcc1ce3e270fe911c2454bc73ca63e1c5f745ab8a269e69ea8f77e112a85efb241da2fc7e6fb8a1345b2252fe735eb2ccafea56eab2045fd8de61871ce0826

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
72bea5da73c4786ff122a46556b816c2

SHA1
44dec2d8bd8602e1e4cea98a6670067982a5bed8

SHA256
38f166b9382b6977b5023ea7012b814d4fd7465617e180899a81341895a43751

SHA512
e0061b3f1c31bb7f2f0d6fabdd0090d45c6aaed4bf824c88c511b57a1698dbc8e4fe5b987af9b7915735f5b9fae0fd70af9f503db0ed6c27890f63618c49a90b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
3dc137aba8c73e796e2f3316ea69e10d

SHA1
2b2b165ee7778767ff18afbbb0b11426373c0261

SHA256
d8eb312ca26425cf3f72c0aae11cffeaf1c067c79588a9f5854e843440a8738d

SHA512
447134a01634c57eae464ab34415745720c98bc9884d27b81b6bdfad3e057663363dbd32d509607ff4edcb58d1e8f321b010f60de2703d9d97ee7dbd0ea9c0ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
83d412879b433e15cb958690c9d89744

SHA1
8fbe69caa83ca1a5f237a566d363583f7a98f513

SHA256
f6f4ebdb0f73b59bbb73fbda8ec3030788670bbf87445572051398cd15e658f4

SHA512
d2488d33b80171c7c1f723b6e8e10499eefbe618d94d1cb72a7ff19a1c24c952953d1f1591e356c8a87a3d1ed1442025c496149766cb601e66657a0026ed77d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
38a756516b5c9fa82fed7299a2232f20

SHA1
c0c249a60d65b0e1ed369caea1dd5310082f392f

SHA256
b12414090466bbf85b1a09ab2ea146dcba97a8f6c8da08016c23ef0120661b5d

SHA512
44e8805138a577c853829e272d4c3f3733ee5a85da8ab57a1dac432801a28da9f574c22c997066767fb1d826b074759d65502fc5e95091d34625abcf8b7a9071

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
f32f7f84368085cc585c5a2b77e0e675

SHA1
71ede0eb5aac183583ab1af74cac223eeef4e9dc

SHA256
3c76cfb44e8235900a70aafd909709a7cc8b6daeb8f69dfdd43ab9fb1a0d3035

SHA512
61d43ab771b8a1b28c5f04854d9fe3366ed29ad3fa25b52280084eb84cfe55496443409d717b68b14c541caaeb84523ca75265745c4c90c825363a519350aab1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
39859ae3e2515c1284c32ab5d9d3fe18

SHA1
a1f32ec5066ed5f31789e8aad6303fc53d2d7657

SHA256
0df6771a97579a29049720d33bd702b8691570bdc5abab356a763a92a19687bf

SHA512
6e75f3ac2ccb63990925c5be5c5c6bc275d7c86a0f5cbb2df6d6bde03c5fa6ed83e908f42a0279e6015171df5d8c967b5eadcca94d952cae17f30f87e83e8a3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
705547be0c7285b69a6afa9fad0cf6fd

SHA1
2c44413530d068f28d18aea0730cab1743794267

SHA256
188db7bf742aa939975f90b71a28a305da469108a1e07334904d865f2398b280

SHA512
0979e376b7dd2f4246da38023b1805396cbe1062dd051e07f5bbc753f68623536d5b16bb903c95e0a204181cf8cea041356310a4e2e02760d5dea042b7f0ec83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
f8b5e3eb31df8cb78f8f2ff432a89538

SHA1
372a647a2d43b759e92163d6e8867092e6d59a74

SHA256
57098e07cc42fffd7d6e48ac50a1a5c20484bf46f2e152b32e30ad1d2ea40d36

SHA512
aca1e43eee7967b0024e4b0e4523cd8d227e7a2da08ff70cf7ae2d02b36c58a099f7e847f400c92242215141693b844b78178fd0e178a24f25b756418ebadf41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
400B

MD5
f5a5d1006dfc802a60d09d5dddee4772

SHA1
81f37d1125da956da3d9c86cd23e859667c2f3f9

SHA256
2e9b95e841e41f98b7b32109fe38ed731785ef8e3966841c65b281ba848a5907

SHA512
010ff6150298619e1c5202916136d90f9948dcd73598e0c56a1e0863d584436e7dd042d7cfde1b9f6e3d48b2e0b17cda56a6a15c5e4175756b0396c384920894

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
Filesize
434B

MD5
14fe519f0916534bafe2fa28e15e36c8

SHA1
0ed49264bd56bcbd972d526b521a4961fffe536b

SHA256
7154a16944751e4397c0ded7a75b7cbcbf7c892a28a1373ae6435d0c7aea3bbe

SHA512
9e67641658b1a7e07782b7d333886adaa90336fe2f11fffb9663e4d4fb1dad663470cbeaabdbc27c3d3a1527e3c0d4d7e872aee9e8a33c0cba90e74310c4d4a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
Filesize
458B

MD5
77c11e131edc5a37a3d364cde88e18a3

SHA1
ac64618451a2906847638143f2bead57f4580683

SHA256
a209e7d327b620903bb2c7d2797324534dc5322964c5aa9a543a27098b592eb9

SHA512
1f950c3d1ff1edc3aeb2317b9349afeac1ae15f5c3f76b529dfece3d9d7573b4c665d02c1457a2e9db9bf73fc615eaa23aeb1e74dd78348dda0b6e0278d11e08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
Filesize
396B

MD5
8a45c2c4680f6d1f3e9b011135724978

SHA1
fc2ed237fb7c5a536b845970812ebed72c82c68f

SHA256
cf26fe1a8e4dfd0729e8f15dd992bc919284bc0fd48ea32fab531a1be01943be

SHA512
4da010dcb45e3c92be460358b246203e1553f73bfeb8fae46d5bd70c38df32006e907ef5dc93944a52e9fa588ebb7a946d0b7bdd8c8fbff630c02b3d2c85f5fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
242B

MD5
3035f064b3d4411c3ec82c53333c57f7

SHA1
ea63266e84f616cd278ef0113c117016b905293e

SHA256
292995bcaff8d253f41bfde32c1327280e5a402a3bde1afe6bd990343231af98

SHA512
313eb22e8d4c7597323cbf9753856d4330422cc0f1aecb4a1bfabd7b4dd49e3746c2bfc6833377b915971b5da28e667a07259225317349603cb9f58f64b45dd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\YMT08JM2\www.ccleaner[1].xml
Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\YMT08JM2\www.ccleaner[1].xml
Filesize
97B

MD5
5aedfb9c8fe0d5b30fed0c96371cd273

SHA1
63bd358f8275693c950a04af240626b31fa640d7

SHA256
1bbeaa9cf754f2d8b73099a88bb585f74d2311e44a0cc096940e28087034b589

SHA512
91cc8084682f44874d3a3ea751fbd88dbfb408bc83bdc31d7c870e3f8380e57373ed7a9cec879e3ddc231663af24a9c9a1ef3586391dd31e345bd2fff83a02a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\YMT08JM2\www.ccleaner[1].xml
Filesize
5KB

MD5
a3ff06d7356f0b3efa49e0be526be3dd

SHA1
6328bd2f4f6f27013ed86740c30a10ae5fdba76a

SHA256
fe06e6e3fe8b9cafd9ed561ce87c0b847177a7f5d7a28a397fe1dbf1b45e503f

SHA512
96620b8a44fbcb3a6bdb8bf119200b0c16232d1d69045a190254986dedbcf45fe5f72df4a6a1d28ce825ccdcfc39f4797acf29fa3c98994720a7181d363d6964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\idyde9r\imagestore.dat
Filesize
19KB

MD5
25cfba8cb18de4c838aca697f2dec902

SHA1
ea160e2082f1403d9b1e18cb963c82bd32364f87

SHA256
e58374a39bac4f05272fba5eecd06736ca6325860a635c93be3f9ccd151ef5e7

SHA512
dbd4525f9daeb34cf4fa6a7964e2771b5d41d207342b9bd95fbdf172b4eb724b8cf8b0a0203fc84ca6f7ba1155f2e3a3dbbdee335b301336adeffcba1c3fe8a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACT9UUKV\analytics[1].js
Filesize
49KB

MD5
54e51056211dda674100cc5b323a58ad

SHA1
26dc5034cb6c7f3bbe061edd37c7fc6006cb835b

SHA256
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

SHA512
e305d190287c28ca0cc2e45b909a304194175bb08351ad3f22825b1d632b1a217fb4b90dfd395637932307a8e0cc01da2f47831fa4eda91a18e49efe6685b74b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACT9UUKV\main-blessed1[1].css
Filesize
330KB

MD5
2c1edc0bfc645d0106bbb981aff0e63a

SHA1
5008f9a8f94a8d908fbb9da69130f1080c732451

SHA256
ae93ffcf9ba8b27fba7395955a1f7ddeda36ae0dd0337b908adea3267e376ca8

SHA512
3951cee982f71eb3a8846edf6fb606e3bd27fc36fbacfe01785d9a95e17513ce0d08d18b16a6828b4e66412090a0a843966ef999ea4ffe7606339e3ca90a6858

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACT9UUKV\main-blessed2[1].css
Filesize
561KB

MD5
f9758c2546c1853ebeb982489aed0fe3

SHA1
394e93af8e222ffbb1aca743e24e2a105792a27a

SHA256
3db11876e9b1d18d15a9e121fe17b5d36e756814b95bb20a82757b3ef90d0048

SHA512
ca07ce340739815ceb650e8dc44029de82ee872710721e53e190c549bb09cfeee41741be98622d7806be5b938fe1912e9201a1331b618ff5dbed5b28628617ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFOBZ3YS\adalyser[1].js
Filesize
32KB

MD5
02829c094364873ae071f5d3fb88d206

SHA1
1a89733d9c93c7da9e9db75c1b0097244170f3fa

SHA256
ff96aff83ec7f9a4d67cd4c2aa0e29987ebb18a9c60e82ab9193da458523bec3

SHA512
4260d0b0337ee0428daaada23f5bf2323e8b055297efc8afa99f33693179f6ed7cef83e9c7caba66f9022d2d74a57361932a83aa5a743263df3d3730fbabdf3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFOBZ3YS\favicon[1].ico
Filesize
14KB

MD5
df0bc0b941d97c97ec0015dc29d73fe8

SHA1
c22686d7a162869fbb1d01606759d1a480d235d5

SHA256
7c3640b14f2af81b153630a7e1902d5ae1b5e112fabab98f05d4723028eb5c2a

SHA512
3ce9300ff024b72fd15882440d7a8ed2eeadeb000ef33b008fe25adbea533a87a4d5e8ff4bccf10061470eacd1cf18e463820b2fed6859bbc8861edfcac1f4cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AFOBZ3YS\main[1].css
Filesize
48KB

MD5
1c742c7214cbe35306bb7c48acb9f9a4

SHA1
15a2ea95917a014e3958c3633b291477302d232f

SHA256
f33647fa26dd58a155f96a8853a06c91a9f3d9a33ac3ec511f6907c97ce1c1bb

SHA512
dc9a1acb63436dc862b348805f5b18e8285b09bfcf552a6a180ca7013737f88e2269a6c4a1650b798a5b5adbd947a9e63d0efcfbb3db48b9bd1c71736de4e1bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIMPJA9E\2679475345708101[2].js
Filesize
384KB

MD5
587fa3885d319d42d423b57f15f04944

SHA1
5077447660f43b14bceab6595dd146355832f6bf

SHA256
06e88ded00f5acea3677740522ad61bd08360e16f8a11f0f6e52108376afff96

SHA512
04a3d56beb4e10c1bc8289a91478c31ddc9ba3cdb6c6471d4c6129d841ed30806016ce4dd136d765974955892431e004f738d0433b952ed41022a8e7acf3c9be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIMPJA9E\OtAutoBlock[1].js
Filesize
20KB

MD5
63c3184c909bc7998bd23dd5bb0f77b3

SHA1
3ef36e419274135b4adc487bbfefb10f0569c9c6

SHA256
26448efe01d31ef2f622c08599388578effc22441ed1c77f2d7b9d69be9bd117

SHA512
4144e19495049b59362189b72b046b4955b90db9ea89ddc1be3437a7a451e458a1d2efe1a20a15f80e3a11c139a0c960b0288c4328ca76fff6569305e3f42fc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIMPJA9E\app-vue[1].js
Filesize
1.3MB

MD5
c86e687a7f5d26e9115cf57b2b722d2a

SHA1
5c649cba6633b7c3887879db81c96031db9c79c2

SHA256
5b58467ba6112ef2e252cd0c599e579d6234b3d1842b759ce4ca761b03ea0741

SHA512
e48c95992bb3a54ca4100184214f1624d9f212badb83fc9ed13ac564d741203b39726145f1c56b4956627e7162b460d6c5e14c278703b1643d1c705a532b46e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIMPJA9E\app[1].js
Filesize
934KB

MD5
747cfd96a604447dd12ab8c033582813

SHA1
4b2bff1013b6da5c941e8f87f87f0b2576d1ccc7

SHA256
9b3ca2a440c966457f7e86b65e7cb50e89b9e40f9ce5be4bfc66de421a522ae4

SHA512
d1a0014f91b1932ac3ee9ebbee92e9eacef926fb2fc18c9f29583fd4f86c7dd6cac82ae581693b1ab152dc9a08e10e8b4881079ebe288f21c05c80e9a2bfe9a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIMPJA9E\bat[1].js
Filesize
39KB

MD5
b51ab1f965c96f271cc08617eeebc57a

SHA1
f7a52e401d28ac7fe5ba78711d4e2f0cad0e365c

SHA256
a2137ebfe2b9ff55e1f280dbb1eef301290c50db609c5d6a0494ae8f3c98c253

SHA512
f516dd50f1af64eaabdb5457ef1ade46c778235f6fe226e437797c2b7660c672cd2c773d5f7b2cc55b32403e7a0d8c493395d0aa983db23360594027acbfaa11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIMPJA9E\css[1].css
Filesize
2KB

MD5
d1874f1f32a3ee68d416b5789389ccc6

SHA1
88b7b650ddf9a6af0aa697a48a9f041684333ce3

SHA256
22aee3a4e9b61381d4e7e03fc9bdede6f727342b1deea4ec39e82555cd479305

SHA512
e8c2412e4a4d58633df917d5a7c766f60c82775968b7ac4fa0adcc953d21a2e30ad253cc74dcef43bb33f5e68bbbdbffe4d93626dc7b324ffa000f8edad39aaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NMXH1C0L\addthis_widget[2].js
Filesize
352KB

MD5
61dcfa8958e6a7cc3f23b3b4758ee178

SHA1
c4313cf29a2c056422ab798a2d088743c0972e97

SHA256
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

SHA512
9ff8f714925a8cb650f206747164fbd575b964f530c4241f1b3a1f6678cab245b5d34d6c6cfa761642026e3b7700cda36ac0ac4143fb27f7865e3c9c5bb96d43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NMXH1C0L\api[1].js
Filesize
928B

MD5
e42c2632080fa59f70d3e5cc43799aab

SHA1
0a6b6d900b13d832a6f1b4ecc7f825f99b134833

SHA256
4080b1ed3a760cd8f154cbecf9203696e0efd2a7cf592ba3bd39eebb94852f82

SHA512
3d712bbcef50dda4dc497c039a78ff8654a311d21ee792b47f6010948fb08025ce1d8b9392bc20aa4eeae3950ac3f79b483935551b5efcdae48254f392ede680

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NMXH1C0L\otSDKStub[1].js
Filesize
25KB

MD5
10e367ac910cc8ad9be05cfbf4036e57

SHA1
ff5dec5c85b00e742c02ef515c2a44c2db97f7e7

SHA256
e85a649094d881201f7a886c94cd19e72196c761da5017c9269b03b35ca9c5c4

SHA512
57e6538c6e4eada6fec386bac381e05602773de855652c54e666ece83d756d1f70ef0a769b2ffc183668fb0cfffdd1cbc79ac62608851b670ba479fc541cc73c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01.log
Filesize
512KB

MD5
ada465dac518c02652dd6a0ee330587d

SHA1
4d69e66c887e82fffb00a0659967e7b50a4fda1b

SHA256
88ceb8b5da871c1babbb7baf789c8baa4faab73e4a63d11a8a4bcfff6e467eb7

SHA512
d67e23eb46fd0811a8916b0cdc86e48ee814adeb2e5769f17ba7c9e0f503cede6949d193fb78c588f85e2e48f943f91b4aedd6ccb1857066ebe5f63469dfa21e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
Filesize
32.1MB

MD5
a372a7e85f0fbd4344040dfd8291a915

SHA1
40703fb447b39f134e55a50428c10fc2796e6760

SHA256
863f81b2edc9db6082d4615ac6bc405282be0093a47b7682549c19b9450aa15e

SHA512
721da6502cb8f3a8f4f3cc00df8fe82d540c30172e5cf43fe86ea3a0072f0c0919f3d2cbaf7e14f730c4ce713ff08564310cb5b76fd48e679bd6a5ee76d7d524

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2A5.tmp
Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar452.tmp
Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\asw28f3eb8e55d07b7c.tmp
Filesize
35B

MD5
28d6814f309ea289f847c69cf91194c6

SHA1
0f4e929dd5bb2564f7ab9c76338e04e292a42ace

SHA256
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

SHA512
1d68b92e8d822fe82dc7563edd7b37f3418a02a89f1a9f0454cca664c2fc2565235e0d85540ff9be0b20175be3f5b7b4eae1175067465d5cca13486aab4c582c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj2C61.tmp\ButtonEvent.dll
Filesize
5KB

MD5
c24568a3b0d7c8d7761e684eb77252b5

SHA1
66db7f147cbc2309d8d78fdce54660041acbc60d

SHA256
e2da6d8b73b5954d58baa89a949aacece0527dfb940ca130ac6d3fd992d0909d

SHA512
5d43e4c838fd7f4c6a4ab6cc6d63e0f81d765d9ca33d9278d082c4f75f9416907df10b003e10edc1b5ef39535f722d8dbfab114775ac67da7f9390dcc2b4b443

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj2C61.tmp\INetC.dll
Filesize
23KB

MD5
7760daf1b6a7f13f06b25b5a09137ca1

SHA1
cc5a98ea3aa582de5428c819731e1faeccfcf33a

SHA256
5233110ed8e95a4a1042f57d9b2dc72bc253e8cb5282437637a51e4e9fcb9079

SHA512
d038bea292ffa2f2f44c85305350645d504be5c45a9d1b30db6d9708bfac27e2ff1e41a76c844d9231d465f31d502a5313dfded6309326d6dfbe30e51a76fdb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj2C61.tmp\System.dll
Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj2C61.tmp\UserInfo.dll
Filesize
4KB

MD5
2f69afa9d17a5245ec9b5bb03d56f63c

SHA1
e0a133222136b3d4783e965513a690c23826aec9

SHA256
e54989d2b83e7282d0bec56b098635146aab5d5a283f1f89486816851ef885a0

SHA512
bfd4af50e41ebc56e30355c722c2a55540a5bbddb68f1522ef7aabfe4f5f2a20e87fa9677ee3cdb3c0bf5bd3988b89d1224d32c9f23342a16e46c542d8dc0926

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj2C61.tmp\nsDialogs.dll
Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj2C61.tmp\nsProcess.dll
Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj2C61.tmp\p\ServiceUninstaller.dll
Filesize
497KB

MD5
3053907a25371c3ed0c5447d9862b594

SHA1
f39f0363886bb06cb1c427db983bd6da44c01194

SHA256
0b78d56aceefb4ff259660bd55bbb497ce29a5d60206b5d19d05e1442829e495

SHA512
226530658b3e1530f93285962e6b97d61f54039c1bbfcbc5ec27e9ba1489864aecd2d5b58577c8a9d7b25595a03aa35ee97cc7e33e026a89cbf5d470aa65c3e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj2C61.tmp\p\pfBL.dll
Filesize
10.4MB

MD5
6ddffba31fda380b0a1a71e2c5918624

SHA1
4bae4d95e8be8d6f1a73f6760791785302b5e4ab

SHA256
ee033fdbd7bd82848426fce765c13eaccb0c0211eb1d586ef8e5288aee25aea0

SHA512
fc6b9e0c1b752bb5068c76e048663fd1492a6d3c3b99c42c4db57009fd111ad6cf94fd37438acd5ed3f5d6f5e50888d6dab4e909e3c796b8d308ae5d513e73cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj2C61.tmp\ui\pfUI.dll
Filesize
14.8MB

MD5
60c35f3523c9d22e1b502508ff757a96

SHA1
b124d2ad2c9b09181d9ee983ddf7a5d39b6b70cb

SHA256
eb929d174316e6ac2c0a109694f856f348c3c02208b40b34386406f7f572763c

SHA512
5ede92756cfb2da5114e78cf6f539d3015099ebfbb04951d967bfccc73c10cf9a457f218cf6ca0889a13131c651d58ab49d44e8fd1f19e91da65784c9908a3f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj2C61.tmp\ui\res\CC_Logo_40x96.png
Filesize
2KB

MD5
d32b0460183056d3056d6db89c992b88

SHA1
79823e151b3438ab8d273a6b4a3d56a9571379b4

SHA256
b013039e32d2f8e54cfebdbfdabc25f21aa0bbe9ef26a2a5319a20024961e9a7

SHA512
3ad36f9d4015f2d3d5bc15eac221a0ecef3fcb1ef4c3c87b97b3413a66faa445869e054f7252cc233cd2bf8f1aa75cb3351d2c70c8121f4850b3db29951bc817

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj2C61.tmp\ui\res\CC_logo_72x66.png
Filesize
7KB

MD5
a736159759a56c29575e49cb2a51f2b3

SHA1
b1594bbca4358886d25c3a1bc662d87c913318cb

SHA256
58e75de1789c90333daaf93176194d2a3d64f2eecdf57a4b9384a229e81f874f

SHA512
4da523a36375b37fa7bc4b4ccf7c93e1df7b2da15152edf7d419927aa1bb271ef8ba27fe734d2f623fcc02b47319e75333df014bed01eb466e0cd9ec4111ef53

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj2C61.tmp\ui\res\Montserrat-Regular.otf
Filesize
44KB

MD5
27e50ffd6a14cbc8221c9dbd3b5208dc

SHA1
713c997ce002a4d8762c2dcc405213061233e4bc

SHA256
40fc1142200a5c1c18f80b6915257083c528c7f7fd2b00a552aeebc42898d428

SHA512
0a602f88cfba906b41719943465edb09917c447d746bfed5c9ce9c75d077f6aed2f8146697acd74557359f1ae267ca2a8e3a2ca40fb1633bde8e6114261abd90

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj2C61.tmp\ui\res\PF_computer.png
Filesize
87KB

MD5
7f4f45c9393a0664d9d0725a2ff42c6b

SHA1
b7b30eb534e6dc69e8e293443c157134569e8ce7

SHA256
dbd8b6fdb66604a0a5e8efe269fbfa598e4a94dc146006036409d905209da42b

SHA512
0c27f9ce615cbff3e17fd772ce3929ab4419d7432d96223b7eec1ba70953f2ac993404b954020247b52d7f7499212d44eb6f85da2e2676773cafe1ce89b390f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\92GLDEIR.txt
Filesize
373B

MD5
49df3cd47abebf164573d4a75c1de1d4

SHA1
18c70699b4e7a2fe869afc9c417822c91f902663

SHA256
27de0f4227d291e847d580fb7ddec4c80c44f18bbf9fa4947eda825889094cb3

SHA512
f6cafef607784d051aa4277ad919319dea5129a25575f6bb9119dfa7f4767bd049473d84bb13eefc1003a08bfa3d9cecfb7293e64e4e304c7623884d013d1263

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\BO12DATN.txt
Filesize
2KB

MD5
3190c04e2c22a8f95f94a0c248abc723

SHA1
78f89dce9c03dd8c37d61365c206dc1efd62f2c4

SHA256
2d7be343b6f683084ceb1d916e6ab61b1ac4070e6ca58103635bd6484daad780

SHA512
1f5e6afbab18fdfab41d79c800377733432ad43267ae0170300458fb915bfad5411b00f1856d07e70c251709d81464c37e5a915215aa908462131bd8c37966e1

Download Submit
C:\Windows\Tasks\CCleanerCrashReporting.job
Filesize
760B

MD5
635b2258d0e19497af326a25e132a7e8

SHA1
77abfa244e0bd5f123a3342baae08bf7dc5aacc1

SHA256
9128d25c5e0d80e69c8955c17c1fb462c2396afa2e1d0ba60772d73a70db4ad8

SHA512
1e06588c180cddfea166b107bf0e4e02de72eed1f1043d459a32c20b3b149b263ea677c21697486236a422f6bec093479da425f1eef634d95b30207f68e2b943

Download Submit
\Program Files\CCleaner\CCUpdate.exe
Filesize
668KB

MD5
21d34c75fd0b462067d408ba8b6bf765

SHA1
4047539c78ae99bd7cf7760ce137b9878174fa04

SHA256
721ee7b402ce1ea6a69ed90f2501dfa003725d1135136ac88762307ad0f426c0

SHA512
f0754b3007f9dd2bfec14b33697dfaf9c75e637df3fa85c490e9cbe762db388696ae06c9e81bec195cd7d3d773f9e928e3fe76e597fb63bf3fc50b63e9d5eedd

Download Submit
\Program Files\CCleaner\CCUpdate.exe
Filesize
668KB

MD5
21d34c75fd0b462067d408ba8b6bf765

SHA1
4047539c78ae99bd7cf7760ce137b9878174fa04

SHA256
721ee7b402ce1ea6a69ed90f2501dfa003725d1135136ac88762307ad0f426c0

SHA512
f0754b3007f9dd2bfec14b33697dfaf9c75e637df3fa85c490e9cbe762db388696ae06c9e81bec195cd7d3d773f9e928e3fe76e597fb63bf3fc50b63e9d5eedd

Download Submit
\Program Files\CCleaner\CCleaner.exe
Filesize
30.8MB

MD5
0a864e78e2244c926ec0ed931e438df6

SHA1
7f60164f0876b0ab7dd3859dd3a2cb6b206a3403

SHA256
dfe62ca60e4f30ce93522038ca18ed0f43dcc07922dcf20c1456ffe527b8499e

SHA512
b7615ad05bc119777f5ed5f5988ffccc2f38b4e3eac0f7ac9099240e39ade0fa6737a8183fc8b80e8bf4ccca8ed1674bd6734b957b95a9f2c661d75f7b0f586a

Download Submit
\Program Files\CCleaner\CCleaner.exe
Filesize
30.8MB

MD5
0a864e78e2244c926ec0ed931e438df6

SHA1
7f60164f0876b0ab7dd3859dd3a2cb6b206a3403

SHA256
dfe62ca60e4f30ce93522038ca18ed0f43dcc07922dcf20c1456ffe527b8499e

SHA512
b7615ad05bc119777f5ed5f5988ffccc2f38b4e3eac0f7ac9099240e39ade0fa6737a8183fc8b80e8bf4ccca8ed1674bd6734b957b95a9f2c661d75f7b0f586a

Download Submit
\Program Files\CCleaner\CCleaner.exe
Filesize
30.8MB

MD5
0a864e78e2244c926ec0ed931e438df6

SHA1
7f60164f0876b0ab7dd3859dd3a2cb6b206a3403

SHA256
dfe62ca60e4f30ce93522038ca18ed0f43dcc07922dcf20c1456ffe527b8499e

SHA512
b7615ad05bc119777f5ed5f5988ffccc2f38b4e3eac0f7ac9099240e39ade0fa6737a8183fc8b80e8bf4ccca8ed1674bd6734b957b95a9f2c661d75f7b0f586a

Download Submit
\Program Files\CCleaner\CCleaner.exe
Filesize
30.8MB

MD5
0a864e78e2244c926ec0ed931e438df6

SHA1
7f60164f0876b0ab7dd3859dd3a2cb6b206a3403

SHA256
dfe62ca60e4f30ce93522038ca18ed0f43dcc07922dcf20c1456ffe527b8499e

SHA512
b7615ad05bc119777f5ed5f5988ffccc2f38b4e3eac0f7ac9099240e39ade0fa6737a8183fc8b80e8bf4ccca8ed1674bd6734b957b95a9f2c661d75f7b0f586a

Download Submit
\Program Files\CCleaner\CCleaner.exe
Filesize
30.8MB

MD5
0a864e78e2244c926ec0ed931e438df6

SHA1
7f60164f0876b0ab7dd3859dd3a2cb6b206a3403

SHA256
dfe62ca60e4f30ce93522038ca18ed0f43dcc07922dcf20c1456ffe527b8499e

SHA512
b7615ad05bc119777f5ed5f5988ffccc2f38b4e3eac0f7ac9099240e39ade0fa6737a8183fc8b80e8bf4ccca8ed1674bd6734b957b95a9f2c661d75f7b0f586a

Download Submit
\Program Files\CCleaner\CCleaner.exe
Filesize
30.8MB

MD5
0a864e78e2244c926ec0ed931e438df6

SHA1
7f60164f0876b0ab7dd3859dd3a2cb6b206a3403

SHA256
dfe62ca60e4f30ce93522038ca18ed0f43dcc07922dcf20c1456ffe527b8499e

SHA512
b7615ad05bc119777f5ed5f5988ffccc2f38b4e3eac0f7ac9099240e39ade0fa6737a8183fc8b80e8bf4ccca8ed1674bd6734b957b95a9f2c661d75f7b0f586a

Download Submit
\Program Files\CCleaner\CCleaner64.exe
Filesize
36.9MB

MD5
51ba771e6ad2ebe444947a737d74615a

SHA1
85e4868407e0247474a995e567374b241ca39a93

SHA256
f7d3243cde281dbc709586312216366880d13001206826c590d7e1b6f01fecbd

SHA512
1a2a104bb7abda141f95c951de7c8153ba676e9bc5a155b73645c1f1605dc46d205c40fdc057883d3e404c398bf497057fac1c081e7032ec61c7ce1d2fe6f7be

Download Submit
\Program Files\CCleaner\CCleaner64.exe
Filesize
36.9MB

MD5
51ba771e6ad2ebe444947a737d74615a

SHA1
85e4868407e0247474a995e567374b241ca39a93

SHA256
f7d3243cde281dbc709586312216366880d13001206826c590d7e1b6f01fecbd

SHA512
1a2a104bb7abda141f95c951de7c8153ba676e9bc5a155b73645c1f1605dc46d205c40fdc057883d3e404c398bf497057fac1c081e7032ec61c7ce1d2fe6f7be

Download Submit
\Program Files\CCleaner\CCleaner64.exe
Filesize
36.9MB

MD5
51ba771e6ad2ebe444947a737d74615a

SHA1
85e4868407e0247474a995e567374b241ca39a93

SHA256
f7d3243cde281dbc709586312216366880d13001206826c590d7e1b6f01fecbd

SHA512
1a2a104bb7abda141f95c951de7c8153ba676e9bc5a155b73645c1f1605dc46d205c40fdc057883d3e404c398bf497057fac1c081e7032ec61c7ce1d2fe6f7be

Download Submit
\Program Files\CCleaner\CCleaner64.exe
Filesize
36.9MB

MD5
51ba771e6ad2ebe444947a737d74615a

SHA1
85e4868407e0247474a995e567374b241ca39a93

SHA256
f7d3243cde281dbc709586312216366880d13001206826c590d7e1b6f01fecbd

SHA512
1a2a104bb7abda141f95c951de7c8153ba676e9bc5a155b73645c1f1605dc46d205c40fdc057883d3e404c398bf497057fac1c081e7032ec61c7ce1d2fe6f7be

Download Submit
\Program Files\CCleaner\CCleaner64.exe
Filesize
36.9MB

MD5
51ba771e6ad2ebe444947a737d74615a

SHA1
85e4868407e0247474a995e567374b241ca39a93

SHA256
f7d3243cde281dbc709586312216366880d13001206826c590d7e1b6f01fecbd

SHA512
1a2a104bb7abda141f95c951de7c8153ba676e9bc5a155b73645c1f1605dc46d205c40fdc057883d3e404c398bf497057fac1c081e7032ec61c7ce1d2fe6f7be

Download Submit
\Program Files\CCleaner\CCleaner64.exe
Filesize
36.9MB

MD5
51ba771e6ad2ebe444947a737d74615a

SHA1
85e4868407e0247474a995e567374b241ca39a93

SHA256
f7d3243cde281dbc709586312216366880d13001206826c590d7e1b6f01fecbd

SHA512
1a2a104bb7abda141f95c951de7c8153ba676e9bc5a155b73645c1f1605dc46d205c40fdc057883d3e404c398bf497057fac1c081e7032ec61c7ce1d2fe6f7be

Download Submit
\Program Files\CCleaner\CCleaner64.exe
Filesize
36.9MB

MD5
51ba771e6ad2ebe444947a737d74615a

SHA1
85e4868407e0247474a995e567374b241ca39a93

SHA256
f7d3243cde281dbc709586312216366880d13001206826c590d7e1b6f01fecbd

SHA512
1a2a104bb7abda141f95c951de7c8153ba676e9bc5a155b73645c1f1605dc46d205c40fdc057883d3e404c398bf497057fac1c081e7032ec61c7ce1d2fe6f7be

Download Submit
\Program Files\CCleaner\CCleaner64.exe
Filesize
36.9MB

MD5
51ba771e6ad2ebe444947a737d74615a

SHA1
85e4868407e0247474a995e567374b241ca39a93

SHA256
f7d3243cde281dbc709586312216366880d13001206826c590d7e1b6f01fecbd

SHA512
1a2a104bb7abda141f95c951de7c8153ba676e9bc5a155b73645c1f1605dc46d205c40fdc057883d3e404c398bf497057fac1c081e7032ec61c7ce1d2fe6f7be

Download Submit
\Program Files\CCleaner\CCleaner64.exe
Filesize
36.9MB

MD5
51ba771e6ad2ebe444947a737d74615a

SHA1
85e4868407e0247474a995e567374b241ca39a93

SHA256
f7d3243cde281dbc709586312216366880d13001206826c590d7e1b6f01fecbd

SHA512
1a2a104bb7abda141f95c951de7c8153ba676e9bc5a155b73645c1f1605dc46d205c40fdc057883d3e404c398bf497057fac1c081e7032ec61c7ce1d2fe6f7be

Download Submit
\Program Files\CCleaner\CCleaner64.exe
Filesize
36.9MB

MD5
51ba771e6ad2ebe444947a737d74615a

SHA1
85e4868407e0247474a995e567374b241ca39a93

SHA256
f7d3243cde281dbc709586312216366880d13001206826c590d7e1b6f01fecbd

SHA512
1a2a104bb7abda141f95c951de7c8153ba676e9bc5a155b73645c1f1605dc46d205c40fdc057883d3e404c398bf497057fac1c081e7032ec61c7ce1d2fe6f7be

Download Submit
\Program Files\CCleaner\Setup\143a3eb6-0515-45e4-a1d7-c55239021980.dll
Filesize
469KB

MD5
fe6f58fb55d9a93502528c3c9bb13a3f

SHA1
516275dddbc9e2f056342201b03a0931d93a6239

SHA256
c427bcf6b065edf06662e0540e3e9a21c07095184e7bb9d05926dc3b79fc3348

SHA512
7f45f187d6c3156b89e2daf0c2bfdc60a59140ff94f8255fa672422abc43aa1252b0fe0fa0a3ef675f9e71c33b26424597c015db83dec7f5e20ee8769c61c619

Download Submit
\Program Files\CCleaner\branding.dll
Filesize
46KB

MD5
e4807cd4c9baf74c2b4fc0812c43db75

SHA1
5484e4bd75c713d13e3efeda17c57a574fad5396

SHA256
8331b56f1bcfe5c619eeac9c644688b6ecfbdc755dcb9fed12a64937220aba22

SHA512
f4b19cd749ff38bdefda9f89730bd3fe29d14e68d7d72dd5530268aa77f9d328194282b3050b39008f43b903a8b2ba8f77cf25362b4a7c0bdab17f6e5f894fcf

Download Submit
\Program Files\CCleaner\branding.dll
Filesize
46KB

MD5
e4807cd4c9baf74c2b4fc0812c43db75

SHA1
5484e4bd75c713d13e3efeda17c57a574fad5396

SHA256
8331b56f1bcfe5c619eeac9c644688b6ecfbdc755dcb9fed12a64937220aba22

SHA512
f4b19cd749ff38bdefda9f89730bd3fe29d14e68d7d72dd5530268aa77f9d328194282b3050b39008f43b903a8b2ba8f77cf25362b4a7c0bdab17f6e5f894fcf

Download Submit
\Program Files\CCleaner\branding.dll
Filesize
46KB

MD5
e4807cd4c9baf74c2b4fc0812c43db75

SHA1
5484e4bd75c713d13e3efeda17c57a574fad5396

SHA256
8331b56f1bcfe5c619eeac9c644688b6ecfbdc755dcb9fed12a64937220aba22

SHA512
f4b19cd749ff38bdefda9f89730bd3fe29d14e68d7d72dd5530268aa77f9d328194282b3050b39008f43b903a8b2ba8f77cf25362b4a7c0bdab17f6e5f894fcf

Download Submit
\Program Files\CCleaner\branding.dll
Filesize
46KB

MD5
e4807cd4c9baf74c2b4fc0812c43db75

SHA1
5484e4bd75c713d13e3efeda17c57a574fad5396

SHA256
8331b56f1bcfe5c619eeac9c644688b6ecfbdc755dcb9fed12a64937220aba22

SHA512
f4b19cd749ff38bdefda9f89730bd3fe29d14e68d7d72dd5530268aa77f9d328194282b3050b39008f43b903a8b2ba8f77cf25362b4a7c0bdab17f6e5f894fcf

Download Submit
\Program Files\CCleaner\branding.dll
Filesize
46KB

MD5
e4807cd4c9baf74c2b4fc0812c43db75

SHA1
5484e4bd75c713d13e3efeda17c57a574fad5396

SHA256
8331b56f1bcfe5c619eeac9c644688b6ecfbdc755dcb9fed12a64937220aba22

SHA512
f4b19cd749ff38bdefda9f89730bd3fe29d14e68d7d72dd5530268aa77f9d328194282b3050b39008f43b903a8b2ba8f77cf25362b4a7c0bdab17f6e5f894fcf

Download Submit
\Program Files\CCleaner\branding.dll
Filesize
46KB

MD5
e4807cd4c9baf74c2b4fc0812c43db75

SHA1
5484e4bd75c713d13e3efeda17c57a574fad5396

SHA256
8331b56f1bcfe5c619eeac9c644688b6ecfbdc755dcb9fed12a64937220aba22

SHA512
f4b19cd749ff38bdefda9f89730bd3fe29d14e68d7d72dd5530268aa77f9d328194282b3050b39008f43b903a8b2ba8f77cf25362b4a7c0bdab17f6e5f894fcf

Download Submit
\Program Files\CCleaner\gcapi_1680064965752.dll
Filesize
740KB

MD5
f17f96322f8741fe86699963a1812897

SHA1
a8433cab1deb9c128c745057a809b42110001f55

SHA256
8b6ce3a640e2d6f36b0001be2a1abb765ae51e62c314a15911e75138cbb544bb

SHA512
f10586f650a5d602287e6e7aeeaf688b275f0606e20551a70ea616999579acdf7ea2f10cebcfaa817dae4a2fc9076e7fa5b74d9c4b38878fbf590ffe0e7d81c9

Download Submit
\Program Files\CCleaner\gcapi_16800649961976.dll
Filesize
740KB

MD5
f17f96322f8741fe86699963a1812897

SHA1
a8433cab1deb9c128c745057a809b42110001f55

SHA256
8b6ce3a640e2d6f36b0001be2a1abb765ae51e62c314a15911e75138cbb544bb

SHA512
f10586f650a5d602287e6e7aeeaf688b275f0606e20551a70ea616999579acdf7ea2f10cebcfaa817dae4a2fc9076e7fa5b74d9c4b38878fbf590ffe0e7d81c9

Download Submit
\Users\Admin\AppData\Local\Temp\nsj2C61.tmp\ButtonEvent.dll
Filesize
5KB

MD5
c24568a3b0d7c8d7761e684eb77252b5

SHA1
66db7f147cbc2309d8d78fdce54660041acbc60d

SHA256
e2da6d8b73b5954d58baa89a949aacece0527dfb940ca130ac6d3fd992d0909d

SHA512
5d43e4c838fd7f4c6a4ab6cc6d63e0f81d765d9ca33d9278d082c4f75f9416907df10b003e10edc1b5ef39535f722d8dbfab114775ac67da7f9390dcc2b4b443

Download Submit
\Users\Admin\AppData\Local\Temp\nsj2C61.tmp\INetC.dll
Filesize
23KB

MD5
7760daf1b6a7f13f06b25b5a09137ca1

SHA1
cc5a98ea3aa582de5428c819731e1faeccfcf33a

SHA256
5233110ed8e95a4a1042f57d9b2dc72bc253e8cb5282437637a51e4e9fcb9079

SHA512
d038bea292ffa2f2f44c85305350645d504be5c45a9d1b30db6d9708bfac27e2ff1e41a76c844d9231d465f31d502a5313dfded6309326d6dfbe30e51a76fdb5

Download Submit
\Users\Admin\AppData\Local\Temp\nsj2C61.tmp\System.dll
Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
\Users\Admin\AppData\Local\Temp\nsj2C61.tmp\UserInfo.dll
Filesize
4KB

MD5
2f69afa9d17a5245ec9b5bb03d56f63c

SHA1
e0a133222136b3d4783e965513a690c23826aec9

SHA256
e54989d2b83e7282d0bec56b098635146aab5d5a283f1f89486816851ef885a0

SHA512
bfd4af50e41ebc56e30355c722c2a55540a5bbddb68f1522ef7aabfe4f5f2a20e87fa9677ee3cdb3c0bf5bd3988b89d1224d32c9f23342a16e46c542d8dc0926

Download Submit
\Users\Admin\AppData\Local\Temp\nsj2C61.tmp\nsDialogs.dll
Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
\Users\Admin\AppData\Local\Temp\nsj2C61.tmp\nsDialogs.dll
Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
\Users\Admin\AppData\Local\Temp\nsj2C61.tmp\nsDialogs.dll
Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
\Users\Admin\AppData\Local\Temp\nsj2C61.tmp\nsProcess.dll
Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nsj2C61.tmp\nsProcess.dll
Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nsj2C61.tmp\nsProcess.dll
Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nsj2C61.tmp\p\ServiceUninstaller.dll
Filesize
497KB

MD5
3053907a25371c3ed0c5447d9862b594

SHA1
f39f0363886bb06cb1c427db983bd6da44c01194

SHA256
0b78d56aceefb4ff259660bd55bbb497ce29a5d60206b5d19d05e1442829e495

SHA512
226530658b3e1530f93285962e6b97d61f54039c1bbfcbc5ec27e9ba1489864aecd2d5b58577c8a9d7b25595a03aa35ee97cc7e33e026a89cbf5d470aa65c3e8

Download Submit
\Users\Admin\AppData\Local\Temp\nsj2C61.tmp\p\pfBL.dll
Filesize
10.4MB

MD5
6ddffba31fda380b0a1a71e2c5918624

SHA1
4bae4d95e8be8d6f1a73f6760791785302b5e4ab

SHA256
ee033fdbd7bd82848426fce765c13eaccb0c0211eb1d586ef8e5288aee25aea0

SHA512
fc6b9e0c1b752bb5068c76e048663fd1492a6d3c3b99c42c4db57009fd111ad6cf94fd37438acd5ed3f5d6f5e50888d6dab4e909e3c796b8d308ae5d513e73cc

Download Submit
\Users\Admin\AppData\Local\Temp\nsj2C61.tmp\ui\pfUI.dll
Filesize
14.8MB

MD5
60c35f3523c9d22e1b502508ff757a96

SHA1
b124d2ad2c9b09181d9ee983ddf7a5d39b6b70cb

SHA256
eb929d174316e6ac2c0a109694f856f348c3c02208b40b34386406f7f572763c

SHA512
5ede92756cfb2da5114e78cf6f539d3015099ebfbb04951d967bfccc73c10cf9a457f218cf6ca0889a13131c651d58ab49d44e8fd1f19e91da65784c9908a3f2

Download Submit
memory/752-639-0x0000000002940000-0x0000000002941000-memory.dmp

Filesize
4KB

Download
memory/752-623-0x0000000002900000-0x0000000002901000-memory.dmp

Filesize
4KB

Download
memory/752-624-0x0000000002910000-0x0000000002911000-memory.dmp

Filesize
4KB

Download
memory/752-618-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download
memory/752-622-0x00000000028F0000-0x00000000028F1000-memory.dmp

Filesize
4KB

Download
memory/752-625-0x0000000002920000-0x0000000002921000-memory.dmp

Filesize
4KB

Download
memory/752-628-0x0000000002930000-0x0000000002931000-memory.dmp

Filesize
4KB

Download
memory/752-621-0x00000000027E0000-0x00000000027E1000-memory.dmp

Filesize
4KB

Download
memory/1932-200-0x00000000073E0000-0x00000000073E1000-memory.dmp

Filesize
4KB

Download
memory/1932-205-0x0000000007390000-0x0000000007391000-memory.dmp

Filesize
4KB

Download
memory/1932-198-0x0000000007570000-0x0000000007578000-memory.dmp

Filesize
32KB

Download
memory/1932-195-0x00000000073F0000-0x00000000073F8000-memory.dmp

Filesize
32KB

Download
memory/1932-172-0x0000000004BA0000-0x0000000004BB0000-memory.dmp

Filesize
64KB

Download
memory/1932-166-0x0000000004A00000-0x0000000004A10000-memory.dmp

Filesize
64KB

Download
memory/1932-165-0x0000000003CF0000-0x0000000003CF1000-memory.dmp

Filesize
4KB

Download
memory/1976-940-0x0000000002B00000-0x0000000002B01000-memory.dmp

Filesize
4KB

Download
memory/1976-833-0x00000000004A0000-0x00000000004A1000-memory.dmp

Filesize
4KB

Download
memory/1976-1318-0x0000000002B00000-0x0000000002B01000-memory.dmp

Filesize
4KB

Download
memory/1976-835-0x0000000002860000-0x0000000002861000-memory.dmp

Filesize
4KB

Download
memory/1976-834-0x0000000002850000-0x0000000002851000-memory.dmp

Filesize
4KB

Download