Analysis

  • max time kernel
    83s
  • max time network
    55s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    22/02/2024, 18:26

General

  • Target

    ccleaner_pro_6.09.10300.exe

  • Size

    52.7MB

  • MD5

    8ab7b57c3562c6a49ced96a51a84bdc0

  • SHA1

    9f506f3255cb86bf3b1491b046e32e0e4e103c15

  • SHA256

    3c0186b73c42ce88cd6124dc54333f70fb7235b35bc32a6b57a8c9c7fca63b2c

  • SHA512

    1874414476cb775a99acbb25f9d7b76f482f6b740425d0d2fefa22470fbdda11af9fb9a6a7a0c3f2dc5f5e13afff22bd5c0001df1b479a0ae243c698a74e2daf

  • SSDEEP

    1572864:4oDnYAR5MPNAOwmzPPU961KXHAGY0tDZCISMa1RVG:jrxRyPNNhzPc961+AGFmRBfG

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 8 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Checks for any installed AV software in registry 1 TTPs 13 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Checks system information in the registry 2 TTPs 2 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 7 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 9 IoCs
  • Runs .reg file with regedit 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ccleaner_pro_6.09.10300.exe
    "C:\Users\Admin\AppData\Local\Temp\ccleaner_pro_6.09.10300.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1352
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX0\en-us.cmd" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2288
      • C:\Windows\SysWOW64\mode.com
        mode con:cols=50 lines=10
        3⤵
          PID:360
        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\CCleaner 6.09.10300.exe
          "CCleaner 6.09.10300.exe" /VERYSILENT /MERGETASKS=desktopicon
          3⤵
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:4308
          • C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp
            "C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp" /SL5="$500D8,54886285,64512,C:\Users\Admin\AppData\Local\Temp\RarSFX0\CCleaner 6.09.10300.exe" /VERYSILENT /MERGETASKS=desktopicon
            4⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Drops file in Program Files directory
            • Modifies registry class
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:4776
            • C:\Windows\regedit.exe
              "C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\RarSFX0\settings.reg"
              5⤵
              • Runs .reg file with regedit
              PID:3748
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://getintoway.com/
          3⤵
          • Enumerates system info in registry
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:2884
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc5f663cb8,0x7ffc5f663cc8,0x7ffc5f663cd8
            4⤵
              PID:1392
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,1906004412127174233,621835598311859448,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
              4⤵
                PID:788
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,1906004412127174233,621835598311859448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
                4⤵
                  PID:3032
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,1906004412127174233,621835598311859448,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
                  4⤵
                    PID:1376
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1906004412127174233,621835598311859448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
                    4⤵
                      PID:3544
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1906004412127174233,621835598311859448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
                      4⤵
                        PID:4492
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1906004412127174233,621835598311859448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
                        4⤵
                          PID:2464
                        • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,1906004412127174233,621835598311859448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
                          4⤵
                            PID:3748
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1906004412127174233,621835598311859448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
                            4⤵
                              PID:4740
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,1906004412127174233,621835598311859448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
                              4⤵
                                PID:4720
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:2484
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:1572
                            • C:\Program Files\CCleaner\CCleaner.exe
                              "C:\Program Files\CCleaner\CCleaner.exe"
                              1⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Checks for any installed AV software in registry
                              • Writes to the Master Boot Record (MBR)
                              • Checks system information in the registry
                              • Drops file in Program Files directory
                              • Checks processor information in registry
                              • Suspicious behavior: GetForegroundWindowSpam
                              • Suspicious use of AdjustPrivilegeToken
                              • Suspicious use of SetWindowsHookEx
                              PID:4868

                            Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Program Files\CCleaner\CCEnhancer.exe

                                    Filesize

                                    835KB

                                    MD5

                                    928cb9009e248e648280270255d6d44b

                                    SHA1

                                    5ff1b16d9da12d5325a8169ee1d7a770e62d660a

                                    SHA256

                                    4d025fad652ec6b890883f64e617f1e5dccfbff0dc857631695c6cf4315c1c23

                                    SHA512

                                    e0a1e4e667d71853dca434309d48beeb1d2a04f89c7c8bfc94f7a8c8f1cc3ba948f78e06ab6dea9aaeb1fdc3d6f40840de31bf5e4032907698f68f120bcb24e2

                                  • C:\Program Files\CCleaner\CCleaner.dat

                                    Filesize

                                    104B

                                    MD5

                                    26557ece29393618c2ea9e8a68c522e4

                                    SHA1

                                    e83cdc8f872de25fa625f901c66d3434c72156e2

                                    SHA256

                                    6ebc6735c40ab36bcd33f461b5b1ac1cb20d06d481f901700f0c2501bee9908c

                                    SHA512

                                    1d5fc5059d94f70ca84a8cac7e678a815f6bf69a11fe546cc26ba2549623359a2dd360af72983b73739a3f9f6d63702de04c1eef80256328f079475be4301d24

                                  • C:\Program Files\CCleaner\CCleaner.exe

                                    Filesize

                                    2.3MB

                                    MD5

                                    63e585677d89f2cae04b88187805aaeb

                                    SHA1

                                    df290688ac6e6d6b941df0476fe8a85d3397ea90

                                    SHA256

                                    9620fde053ff66c52d7ee7a26d291889a23eb2e3540627753c0a7cfe0a5b2e30

                                    SHA512

                                    9528c1dd546056a78aff85d8c122b4d9a846a528cb7beef44aac34d397274135ecafb560c466aecfcb763ae7c233057bf26e2862cc30f4f40ebab03b2b368134

                                  • C:\Program Files\CCleaner\CCleaner.exe

                                    Filesize

                                    5.9MB

                                    MD5

                                    abe8d7c6e01d0028193748b8a285dab9

                                    SHA1

                                    8643449245092ab4474b306662a08415cd464d49

                                    SHA256

                                    a5d00e115a3b8fc552787e42a346f62a03dc69bdacb491c7e78e54143538cbc8

                                    SHA512

                                    d72cf22ba8861b07c4fbfb635c79568c99b561c8161087f9288bd154dcb82bdea0a2948a852091ad85ad3e0ed118914cc28f24582aacd2b66daf820452c480ce

                                  • C:\Program Files\CCleaner\CCleaner.exe

                                    Filesize

                                    6.9MB

                                    MD5

                                    e9ace0377ef53c6e9fe26715bf454d85

                                    SHA1

                                    330d00ec8ab700c7b40a730fc81b39426da7a85a

                                    SHA256

                                    9521b72ba4813d68d764d86e9eb1b4710bbd9c811fb6d399c867113f68d84097

                                    SHA512

                                    e756c99aaea8661ca4bc841ed745b032faee125ff998815e6d3a7e6d717ac1da46de93e05c01043e5817ee06c3dd45ebef2697afacaff4c3c74a2aab12e28555

                                  • C:\Program Files\CCleaner\CCleaner64.dll

                                    Filesize

                                    2KB

                                    MD5

                                    7ead3dac9feabef2533465e544269f5e

                                    SHA1

                                    518f392f75bfe7e207eb7774bef6c4b0335ae9be

                                    SHA256

                                    8e8acda5509d1afa814bdae4c59b879d380c15eb6e695bb5da7ce46e39c5d201

                                    SHA512

                                    5837a92d7ebc8edde665fd0f288642afe9f879f6cb5292bc6631201c6faf1823ba42b5058ac1eb444f6eb8a641ee22c3ba982e677b6a9fa0138a5b3df7f04beb

                                  • C:\Program Files\CCleaner\branding.dll

                                    Filesize

                                    50KB

                                    MD5

                                    705a39c1b61a9cbca3e8e2a71ab4fdde

                                    SHA1

                                    8179af4878bcfb57f08399e3b74dce849b88ceb8

                                    SHA256

                                    631c578e7e2153957e6e07cf02bf9aa05cc7eb1c13d98e7b0270fb216f09e534

                                    SHA512

                                    e72ff8f7f0f09af06238fd8e1ea46769a35bddcb5e8921956edd9f37637ecf32bda3e533a57fec0c36b0830938a58a37c0777b1d1f8518261c1f579dfbfa5bc5

                                  • C:\Program Files\CCleaner\ccleaner.ini

                                    Filesize

                                    382B

                                    MD5

                                    5678e5bea1b09dc2476377cc2a0de3eb

                                    SHA1

                                    47f904a061704ec9f3db1c38ded396f0c8bd63ae

                                    SHA256

                                    04764148098d1825732392f371de3f134d7f5407ab0a6f4f1b1c9c15aa82091b

                                    SHA512

                                    4343cd2c55be148c7dba4ea137b2964076115cd8e32d26c6d7ef79fa77f0b478d15ac834e37072438d0e300b14bf1c2243ef3dd8fc0b3fba67e8d1ea679384c8

                                  • C:\Program Files\CCleaner\ccleaner.ini

                                    Filesize

                                    417B

                                    MD5

                                    15ae539891ec03d875009bb91d99ca2a

                                    SHA1

                                    d1bd0483c83f61e5d494f3915c7a0988c8da6a68

                                    SHA256

                                    9b8ae4b643d07e468ce17013502eeda88ab53aa092b5a7ec432112056861b697

                                    SHA512

                                    df8618225c15add1419a565f087256d86e607fb5be367c70a3f8d43112ebb16d96881b8c824eb7237a61861e0aba679a6ce6c8ad4feab6dca4fc65b8273a8580

                                  • C:\Program Files\CCleaner\ccleaner.ini

                                    Filesize

                                    437B

                                    MD5

                                    6401d9cecf4562e1f2996b92eee34cea

                                    SHA1

                                    e9e16b76af43449a4fd4b0dafa73103fd496266a

                                    SHA256

                                    be52678e2cbf0d834a0515bcf78a7e67300a0b17e65d270e4c4b66f136eb18e7

                                    SHA512

                                    87211e7be235431561cbb4b4910748a339a0233b7d2f47bcd6379bc00dc3454cde4345468438da954694b87469164353cb2a6d7be7d4e0f2f3df178ac02363a4

                                  • C:\Program Files\CCleaner\ccleaner.ini

                                    Filesize

                                    521B

                                    MD5

                                    5356d5e8054c9a2f00aa0cb696203d5b

                                    SHA1

                                    19bf3716f0f616e409208aed32706cacc5306a69

                                    SHA256

                                    7a88bfcf71df764e20453611c680cb2ff67bdd6b7e7899a74f2301e2710b098d

                                    SHA512

                                    6437295e3a43847f99ead2047fedf037db34574efd9805bc3acdd8ab4fcbdbc4d32930bf40c3f86683831232083e561acff11f890466c5659cd2c1a1533d4dbf

                                  • C:\Program Files\CCleaner\ccleaner.ini

                                    Filesize

                                    547B

                                    MD5

                                    98e5b9f19e8c34b5719b82e3e90c3443

                                    SHA1

                                    bf6979815223019679ff74b0429b17d35795b61d

                                    SHA256

                                    b744eb6366331dc1c09f34cb138114d3fa83eff3622142b92b0733c6dd0fcbed

                                    SHA512

                                    247ebd6284f6893e6f1af37eaaa0d4160f1380debcb80eb7320078f9564ab723ccab4ff55e84f42c21848332eb12d8d31e60d54f83d74ddf1760370c5fa91170

                                  • C:\Program Files\CCleaner\ccleaner.ini

                                    Filesize

                                    572B

                                    MD5

                                    c92f4b9a643b46b0186786969208cef7

                                    SHA1

                                    09e6e1e10a3494957e59dedfb9d714c1c6892cf3

                                    SHA256

                                    c86d29d7dec44a2c86cff73796cb534db30899b00b2c15f6028e6684f8debe02

                                    SHA512

                                    444287e4aeac59e790e22a6b4ccb9203dac8283ec77bcbaa5b702edf949678585437962a1667ad2b8e99aa88c003645fb79765e7be48a2f6bb1984a6d9abef3b

                                  • C:\Program Files\CCleaner\ccleaner.ini

                                    Filesize

                                    572B

                                    MD5

                                    90c782f5d23a3cb738dc047d4f0d29e1

                                    SHA1

                                    3f4ecad743deaaa7296a1d18354cc1619f00d5b9

                                    SHA256

                                    dbc31c46ff513c2076711de49cebda12d94f5bbffd39e5b6f3dd65be35ec9dc3

                                    SHA512

                                    cf456746e450c79aeb718c89ab103b0bebbb11e285e90c3ce7105c61c26d8a8fe083a909c4b5f9dfaf83d55c5fbfbd3910a6fd8cc6bf2adef369d40950c3b96a

                                  • C:\Program Files\CCleaner\ccleaner.ini

                                    Filesize

                                    572B

                                    MD5

                                    318205b9aab1dc7a473457c107f4d129

                                    SHA1

                                    6e905bb25bc12c868736101a01d34ca254ed9012

                                    SHA256

                                    ffa346cd7d3d8be04f5f0ddeddcc45381b147f4404645a8bb1998fabff8a7284

                                    SHA512

                                    e5d13ec69b28b0cd8def483d781ce65341f20e15e6185f0eb8861b625c6ccb610c7eb358836c9822fb2eb679352e34b1878aab677864b6a5cbc8597dc8979948

                                  • C:\Program Files\CCleaner\gcapi_17086264714868.dll

                                    Filesize

                                    740KB

                                    MD5

                                    f17f96322f8741fe86699963a1812897

                                    SHA1

                                    a8433cab1deb9c128c745057a809b42110001f55

                                    SHA256

                                    8b6ce3a640e2d6f36b0001be2a1abb765ae51e62c314a15911e75138cbb544bb

                                    SHA512

                                    f10586f650a5d602287e6e7aeeaf688b275f0606e20551a70ea616999579acdf7ea2f10cebcfaa817dae4a2fc9076e7fa5b74d9c4b38878fbf590ffe0e7d81c9

                                  • C:\Program Files\CCleaner\lang\lang-1049.dll

                                    Filesize

                                    230KB

                                    MD5

                                    c73ae8381b0fcf393dab071a33104ebc

                                    SHA1

                                    bf0197b60e005420cdc3f7577b427a37664f41f7

                                    SHA256

                                    42cf3c10d48633375c11467dde187e58e2aa8d38174f77a9d79da3a5c45619c8

                                    SHA512

                                    470548d49a43de70dcfc094ddff46e2c9571c2373c460bdb0ccd4cdd7ea7b4f4ba9c08bad43e944b1229b0c49e5dd2e2286a0452809e9b7dbb1688ef4ffe6c0c

                                  • C:\Program Files\CCleaner\winapp2.ini

                                    Filesize

                                    1.1MB

                                    MD5

                                    8b343cf7da66ce060f18375e0387e088

                                    SHA1

                                    38456290b0e762bc6b26b377763c9e4a5c5675d2

                                    SHA256

                                    fd4ce2c4f4fe37ccf189fe9531479b05332bd9edfd0c516da2f24c2d4ece914b

                                    SHA512

                                    32f41263b4cdee2c9e18ba38ec8f87582bfe795b9a797643da17b93f46755c6aa07a5e4badbc1dfade65cefc3fcdf93023e7a86d84ff6e006c22cac1887b51ed

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                    Filesize

                                    152B

                                    MD5

                                    f2dc80f5403feb8461b7ffa09890d6a0

                                    SHA1

                                    d5b61e6d672e7e71571e0132e21cead181da8805

                                    SHA256

                                    eadeadba37eed18e5acba408d7e076270b00403fed372b77164577232232428a

                                    SHA512

                                    5e2119529b99b76be105c43714e4b9977ee2147172c1c44e92bd9b41fa7a66f55d4073c864aac668a912aff2898bd216fb38f2fe34ef65de69ad12965218caf5

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                    Filesize

                                    152B

                                    MD5

                                    5c48e8b68231fb5b2d7f1188b930bc0e

                                    SHA1

                                    1822aef5da8fdd47626fb91afcf79a2be175a325

                                    SHA256

                                    c3b287c29eaa57166b2ab1ba9bd0aaced13cc2f946a04b8d708ac429187fe944

                                    SHA512

                                    2bd09b83e44e0104fbe080a8573690217dc9fbf7fd59ff25a1a9e9ebd2d87ac533f9b99350773d081a7e748b39657115a13e94538b153bceb13ecdfc4672a0f8

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9ca85eb3-05d8-4235-b971-9cf6e21f2fd5.tmp

                                    Filesize

                                    7KB

                                    MD5

                                    402714d611ddc7e2b95458d8c79b3c0b

                                    SHA1

                                    ded333f902d7f96af558672fc5896f008a42aa49

                                    SHA256

                                    fda8948bc2de0aab85656c51e850733658b4c70df1aaf89b70ddf07accc1a200

                                    SHA512

                                    129473e50a5a0269fce9e471c943a17fa75ba7f47153b3d42ab29c0886d82dfbce15517da4dc59c09cfbbe90f9c82cc6fce81bc41966469badb36ad317bc8f44

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    744B

                                    MD5

                                    879aecaac6167e5b794ef1f27625fbef

                                    SHA1

                                    3049822683fb3d4145e2407b3b02aab137b8d8da

                                    SHA256

                                    fb1fdc1a774c53c44c44729c069ac4cd22ea2eda48a23d65c76a3ff87925f9be

                                    SHA512

                                    0aa088ab741ad7c948882f2fb49ce0a4e04dac7fedc485473c888feacbd3fc3d98e7117344df92dbba934c8be8c0656433de2c46f15c7ac6d575bace6d106eb6

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                    Filesize

                                    2KB

                                    MD5

                                    7a135989867ac4b2dbc583e570cf56b2

                                    SHA1

                                    887b8fe05411fbf9bc269e03effac865a431983c

                                    SHA256

                                    f9e44be9b4d1424df28499e7e332382118d606c54ceb69047b518763d1d10340

                                    SHA512

                                    35a9e19256659fc28cf45a8791161cc5eb45051d6835ee6e1cbd00be9ee90b474e024edeca20a37d11db25b6b04056f82743317dfb39d53e24a67d7884474329

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    656409696283c1e546e91646f20288c1

                                    SHA1

                                    3c1fe1c0c68837c74803cfccfb782bc7a4de2e67

                                    SHA256

                                    affecd9ea2f457c119987daf846b1360626b1a12334fb1ae7fc7bb819cbe1514

                                    SHA512

                                    26663ffa7364d3eb683e947c2d1ae252ecb36903317dfbc844952bbae85a4fddee38eb290047441f0d16eeeb39a260787bc3d4c17ae398783cda52dceafeb1c0

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                    Filesize

                                    7KB

                                    MD5

                                    b176ead8e1520ae9a5955a7db3b31b77

                                    SHA1

                                    7d75fe58c6f6422217d93dd0aacf883621336b57

                                    SHA256

                                    907a2f1d93fedba84c54146cc6cea813c11ac11208d11b3c3e3bb016eec3fed1

                                    SHA512

                                    c57746aca247807f03abfc1652f6e302f96bc29fe7bb418675b9550dec2e46700da387eea08815ea3d9bcd93a7d07a6c80f95057e5870ea9b1a1c8f0330ea8b9

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                    Filesize

                                    11KB

                                    MD5

                                    49afb43a2b19ccfe6afa155592eec70f

                                    SHA1

                                    5b6d9951582feb5341742df72a135bb172356745

                                    SHA256

                                    f3e273f0f9be504297b04810100ba4459a8b74a3ad3e892517cdd27d23222e47

                                    SHA512

                                    3ccc14ca5d98db09b0ff66860806e5abe8f4add77d0a9a278716e063204186c7cc4615bfca34cebd0ebc00aa3f23eefaab3fae8023e1c4727ca05f1e7809e8a7

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                    Filesize

                                    11KB

                                    MD5

                                    18c2b5a53791c7ccc4685111b8dac014

                                    SHA1

                                    62a1f6db6be5957d1d14affd8bf1a1fd11166359

                                    SHA256

                                    614aecb4100b511d5006142b4220b10e42d72be03faaa6016b445ca54575515c

                                    SHA512

                                    78e1d59ff510ce594d0286aba8c5a96eb37432bc646f8c848ace07a6ed9fe9b393129a6cd112e9897c3b43c480593b56d9056cae669b37419871a7e0d756389d

                                  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\CCleaner 6.09.10300.exe

                                    Filesize

                                    11.2MB

                                    MD5

                                    64502f50db867adb2a43d053bea59189

                                    SHA1

                                    a4531fb71788af24b14b419c0dbb3adb669a7519

                                    SHA256

                                    7e9c40273a204682a67e5af6a70caba7730a8f63b6acbef3c0d1e9d72af84337

                                    SHA512

                                    f9963e6b1fb96fdeb446cac4e88e7569ca0db33ef01b621029c5bd570bf885b700c516ace74d91ac7244d35b988bd4a24bafab28b59767f8d2cefdef5202d529

                                  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\CCleaner 6.09.10300.exe

                                    Filesize

                                    9.8MB

                                    MD5

                                    7343a750daf04cebfacc713c38a3aefa

                                    SHA1

                                    42ff6ec785ade345bbc3f7897c0273a1f43bc75c

                                    SHA256

                                    ce987ad6a67242c3d18579a971af4ef338c1de4dade576435c1c15699b411c57

                                    SHA512

                                    cbbc67a39cb75bb2417fb8c499a9052c44ef513943b4e0bf2c739eeef711d407e734388c437f884b1249c59a037e3fc0ddc833c5c7917ed6b57d4f4bf346a21f

                                  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\en-us.cmd

                                    Filesize

                                    593B

                                    MD5

                                    237d2bb9ba36d00a76eaef67a431fe02

                                    SHA1

                                    b6ade83a97c9b7e9ebfc7540acfce56b7786a9f3

                                    SHA256

                                    eb5ae14666ff40836738d71d39f846cd2f84788359f8a6f6d7e70428c2e51f4c

                                    SHA512

                                    98d996232aa1f2d15681c6119f9f1f409fd56c977d98df5305025c421fbf61f99f3bde3f55b6b7e585979256496a7b924bac1dd49dbb89c0274bb19bb5a85329

                                  • C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp

                                    Filesize

                                    911KB

                                    MD5

                                    ffc5577132ce8e70bc0ee08ae8ad9846

                                    SHA1

                                    7d0bac57589e6b5d50d9a9817b40288251b5b674

                                    SHA256

                                    a5d781cdb29a6629439e69dcf3bd22d999c1aca0286e5219bb754cdc6bbd75bc

                                    SHA512

                                    1d993e9d4adb45a86e15d484694d0d26c9e197ca60d0ba1fc008e0aacb6206fb6a1ab25307026f76d1421f7321de524fa4119247ea8f4c205da7d61d01f8433f

                                  • C:\Users\Admin\AppData\Local\Temp\is-O98AO.tmp\ISTask.dll

                                    Filesize

                                    66KB

                                    MD5

                                    86a1311d51c00b278cb7f27796ea442e

                                    SHA1

                                    ac08ac9d08f8f5380e2a9a65f4117862aa861a19

                                    SHA256

                                    e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d

                                    SHA512

                                    129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

                                  • C:\Users\Admin\AppData\Local\Temp\is-O98AO.tmp\VclStylesInno.dll

                                    Filesize

                                    3.0MB

                                    MD5

                                    b0ca93ceb050a2feff0b19e65072bbb5

                                    SHA1

                                    7ebbbbe2d2acd8fd516f824338d254a33b69f08d

                                    SHA256

                                    0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246

                                    SHA512

                                    37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-us\default.dic

                                    Filesize

                                    2B

                                    MD5

                                    f3b25701fe362ec84616a93a45ce9998

                                    SHA1

                                    d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                    SHA256

                                    b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                    SHA512

                                    98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                  • C:\Users\Admin\Desktop\CCleaner.lnk

                                    Filesize

                                    878B

                                    MD5

                                    41a0e2f372817f57b5e6b14a01898996

                                    SHA1

                                    32936b8b146141c4f86e315db83196a7402aa15f

                                    SHA256

                                    12be2b29c98e615cf42306a2cb662fac38bc7b13576ed842175d720eb8eed9bc

                                    SHA512

                                    aacc7e336766196b3d839dcb2dec1836d382860fb28cc165fc2db1bdb7e45de4f9752f18642226bc48200f0431d2f946ac562cba2b4f6b6904adbb1001358205

                                  • memory/4308-392-0x0000000000400000-0x0000000000417000-memory.dmp

                                    Filesize

                                    92KB

                                  • memory/4308-9-0x0000000000400000-0x0000000000417000-memory.dmp

                                    Filesize

                                    92KB

                                  • memory/4776-51-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-61-0x0000000007150000-0x0000000007151000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4776-65-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-66-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-67-0x0000000007170000-0x0000000007171000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4776-68-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-69-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-70-0x0000000007180000-0x0000000007181000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4776-72-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-73-0x0000000007190000-0x0000000007191000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4776-74-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-76-0x00000000071A0000-0x00000000071A1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4776-77-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-75-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-71-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-78-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-79-0x00000000071B0000-0x00000000071B1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4776-80-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-81-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-83-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-84-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-82-0x00000000071C0000-0x00000000071C1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4776-86-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-85-0x00000000071D0000-0x00000000071D1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4776-87-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-88-0x00000000071E0000-0x00000000071E1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4776-89-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-90-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-91-0x00000000071F0000-0x00000000071F1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4776-92-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-93-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-100-0x0000000006B40000-0x0000000006B41000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4776-63-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-64-0x0000000007160000-0x0000000007161000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4776-62-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-60-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-59-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-58-0x0000000007140000-0x0000000007141000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4776-57-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-55-0x0000000007130000-0x0000000007131000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4776-56-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-54-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-53-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-52-0x0000000007120000-0x0000000007121000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4776-49-0x0000000007110000-0x0000000007111000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4776-50-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-48-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-47-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-46-0x0000000007100000-0x0000000007101000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4776-45-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-43-0x00000000070F0000-0x00000000070F1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4776-15-0x0000000002390000-0x0000000002391000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4776-44-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-42-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-41-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-40-0x00000000070E0000-0x00000000070E1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4776-39-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-38-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-37-0x00000000070D0000-0x00000000070D1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4776-36-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-35-0x0000000006F70000-0x00000000070B0000-memory.dmp

                                    Filesize

                                    1.2MB

                                  • memory/4776-34-0x00000000070C0000-0x00000000070C1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/4776-32-0x0000000006C50000-0x0000000006F6A000-memory.dmp

                                    Filesize

                                    3.1MB

                                  • memory/4776-26-0x00000000023B0000-0x00000000023C6000-memory.dmp

                                    Filesize

                                    88KB

                                  • memory/4868-640-0x0000000070020000-0x0000000070022000-memory.dmp

                                    Filesize

                                    8KB