Analysis Overview
SHA256
3c0186b73c42ce88cd6124dc54333f70fb7235b35bc32a6b57a8c9c7fca63b2c
Threat Level: Shows suspicious behavior
The file ccleaner_pro_6.09.10300.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Writes to the Master Boot Record (MBR)
Checks installed software on the system
Checks for any installed AV software in registry
Checks system information in the registry
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Modifies registry class
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Runs .reg file with regedit
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-22 18:26
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-22 18:26
Reported
2024-02-22 18:28
Platform
win11-20240221-en
Max time kernel
83s
Max time network
55s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\CCleaner 6.09.10300.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| N/A | N/A | C:\Program Files\CCleaner\CCleaner.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| N/A | N/A | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| N/A | N/A | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| N/A | N/A | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| N/A | N/A | C:\Program Files\CCleaner\CCleaner.exe | N/A |
Reads user/profile data of web browsers
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Software\WOW6432Node\Avast Software\Avast | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000\Software\Avast Software\Avast | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000\Software\AVAST Software\Avast | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000\Software\Avira\Antivirus | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\Avira\AntiVir Desktop | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\WOW6432Node\Avira\AntiVir Desktop | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avira\AntiVir Desktop | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\Avast Software\Avast | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000\Software\KasperskyLab | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\AntiVir Desktop | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000\SOFTWARE\Avira\AntiVirus | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avira\Speedup | C:\Program Files\CCleaner\CCleaner.exe | N/A |
Checks installed software on the system
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Program Files\CCleaner\CCleaner.exe | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files\CCleaner\CCleaner.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\CCleaner\lang\is-8IM3R.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File opened for modification | C:\Program Files\CCleaner\lang\lang-1052.dll | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File opened for modification | C:\Program Files\CCleaner\lang\lang-1053.dll | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File opened for modification | C:\Program Files\CCleaner\lang\lang-2074.dll | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File opened for modification | C:\Program Files\CCleaner\lang\lang-1044.dll | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File opened for modification | C:\Program Files\CCleaner\lang\lang-1066.dll | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File opened for modification | C:\Program Files\CCleaner\lang\lang-1067.dll | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\lang\is-8T9GG.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\lang\is-I4PB5.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File opened for modification | C:\Program Files\CCleaner\lang\lang-1038.dll | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File opened for modification | C:\Program Files\CCleaner\lang\lang-1092.dll | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File opened for modification | C:\Program Files\CCleaner\lang\lang-1034.dll | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\lang\is-QAQM1.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\lang\is-8KM63.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File opened for modification | C:\Program Files\CCleaner\lang\lang-1027.dll | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File opened for modification | C:\Program Files\CCleaner\lang\lang-1058.dll | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\lang\is-PTI33.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\lang\is-8ICHN.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\lang\is-VBSQF.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File opened for modification | C:\Program Files\CCleaner\lang\lang-1054.dll | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File opened for modification | C:\Program Files\CCleaner\lang\lang-1041.dll | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File opened for modification | C:\Program Files\CCleaner\lang\lang-1071.dll | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\lang\is-1HUGJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File opened for modification | C:\Program Files\CCleaner\lang\lang-1060.dll | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\lang\is-3E59P.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\ | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| File created | C:\Program Files\CCleaner\lang\is-1NVDC.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\lang\is-982VE.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\lang\is-JKJCE.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\locales\is-QETLB.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File opened for modification | C:\Program Files\CCleaner | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| File created | C:\Program Files\CCleaner\lang\is-FSDSP.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\locales\is-J40Q5.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\locales\is-EQJQE.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\locales\is-29LKT.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\is-ON7MH.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File opened for modification | C:\Program Files\CCleaner\ccleaner.ini | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| File opened for modification | C:\Program Files\CCleaner\lang\lang-1028.dll | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File opened for modification | C:\Program Files\CCleaner\lang\lang-1035.dll | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\lang\is-UD32F.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\lang\is-NB893.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\lang\is-DJ3GR.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\lang\is-6LT3J.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\lang\is-QT0KL.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\locales\is-MUJ3I.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File opened for modification | C:\Program Files\CCleaner\lang\lang-3098.dll | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File opened for modification | C:\Program Files\CCleaner\CCEnhancer.exe | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\lang\is-5PAEB.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\lang\is-0I6QT.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\lang\is-BHR6B.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\lang\is-VTTI1.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\lang\is-P6GJ7.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\is-A7P8S.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\locales\is-ON6EM.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File opened for modification | C:\Program Files\CCleaner\lang\lang-1029.dll | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File opened for modification | C:\Program Files\CCleaner\lang\lang-1155.dll | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File opened for modification | C:\Program Files\CCleaner\lang\lang-1081.dll | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\lang\is-005P6.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\lang\is-CU4KB.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\lang\is-O656D.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\is-AJ63O.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File created | C:\Program Files\CCleaner\locales\is-LJJU0.tmp | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File opened for modification | C:\Program Files\CCleaner\ccleaner.ini | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| File opened for modification | C:\Program Files\CCleaner\lang\lang-1046.dll | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor | C:\Program Files\CCleaner\CCleaner.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell\open | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell\open\command\ = "\"C:\\Program Files\\CCleaner\\ccleaner.exe\" /%1" | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\URL Protocol | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\ = "URL: CCleaner Protocol" | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell\ | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell\open\ | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
Runs .reg file with regedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\CCleaner\CCleaner.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\CCleaner\CCleaner.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp | N/A |
| N/A | N/A | C:\Program Files\CCleaner\CCleaner.exe | N/A |
| N/A | N/A | C:\Program Files\CCleaner\CCleaner.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\ccleaner_pro_6.09.10300.exe
"C:\Users\Admin\AppData\Local\Temp\ccleaner_pro_6.09.10300.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX0\en-us.cmd" "
C:\Windows\SysWOW64\mode.com
mode con:cols=50 lines=10
C:\Users\Admin\AppData\Local\Temp\RarSFX0\CCleaner 6.09.10300.exe
"CCleaner 6.09.10300.exe" /VERYSILENT /MERGETASKS=desktopicon
C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp
"C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp" /SL5="$500D8,54886285,64512,C:\Users\Admin\AppData\Local\Temp\RarSFX0\CCleaner 6.09.10300.exe" /VERYSILENT /MERGETASKS=desktopicon
C:\Windows\regedit.exe
"C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\RarSFX0\settings.reg"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://getintoway.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc5f663cb8,0x7ffc5f663cc8,0x7ffc5f663cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,1906004412127174233,621835598311859448,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,1906004412127174233,621835598311859448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,1906004412127174233,621835598311859448,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1906004412127174233,621835598311859448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1906004412127174233,621835598311859448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1906004412127174233,621835598311859448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,1906004412127174233,621835598311859448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1906004412127174233,621835598311859448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,1906004412127174233,621835598311859448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
C:\Program Files\CCleaner\CCleaner.exe
"C:\Program Files\CCleaner\CCleaner.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | getintoway.com | udp |
| US | 162.159.137.54:443 | getintoway.com | tcp |
| US | 8.8.8.8:53 | 52.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | tcp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| GB | 216.58.204.65:443 | 6f3b1e186cebe42a8c979b725febb435.safeframe.googlesyndication.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 216.239.32.3:443 | csi.gstatic.com | tcp |
| US | 216.239.32.3:443 | csi.gstatic.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\RarSFX0\en-us.cmd
| MD5 | 237d2bb9ba36d00a76eaef67a431fe02 |
| SHA1 | b6ade83a97c9b7e9ebfc7540acfce56b7786a9f3 |
| SHA256 | eb5ae14666ff40836738d71d39f846cd2f84788359f8a6f6d7e70428c2e51f4c |
| SHA512 | 98d996232aa1f2d15681c6119f9f1f409fd56c977d98df5305025c421fbf61f99f3bde3f55b6b7e585979256496a7b924bac1dd49dbb89c0274bb19bb5a85329 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\CCleaner 6.09.10300.exe
| MD5 | 7343a750daf04cebfacc713c38a3aefa |
| SHA1 | 42ff6ec785ade345bbc3f7897c0273a1f43bc75c |
| SHA256 | ce987ad6a67242c3d18579a971af4ef338c1de4dade576435c1c15699b411c57 |
| SHA512 | cbbc67a39cb75bb2417fb8c499a9052c44ef513943b4e0bf2c739eeef711d407e734388c437f884b1249c59a037e3fc0ddc833c5c7917ed6b57d4f4bf346a21f |
memory/4308-9-0x0000000000400000-0x0000000000417000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RarSFX0\CCleaner 6.09.10300.exe
| MD5 | 64502f50db867adb2a43d053bea59189 |
| SHA1 | a4531fb71788af24b14b419c0dbb3adb669a7519 |
| SHA256 | 7e9c40273a204682a67e5af6a70caba7730a8f63b6acbef3c0d1e9d72af84337 |
| SHA512 | f9963e6b1fb96fdeb446cac4e88e7569ca0db33ef01b621029c5bd570bf885b700c516ace74d91ac7244d35b988bd4a24bafab28b59767f8d2cefdef5202d529 |
C:\Users\Admin\AppData\Local\Temp\is-O2EPC.tmp\CCleaner 6.09.10300.tmp
| MD5 | ffc5577132ce8e70bc0ee08ae8ad9846 |
| SHA1 | 7d0bac57589e6b5d50d9a9817b40288251b5b674 |
| SHA256 | a5d781cdb29a6629439e69dcf3bd22d999c1aca0286e5219bb754cdc6bbd75bc |
| SHA512 | 1d993e9d4adb45a86e15d484694d0d26c9e197ca60d0ba1fc008e0aacb6206fb6a1ab25307026f76d1421f7321de524fa4119247ea8f4c205da7d61d01f8433f |
memory/4776-15-0x0000000002390000-0x0000000002391000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-O98AO.tmp\ISTask.dll
| MD5 | 86a1311d51c00b278cb7f27796ea442e |
| SHA1 | ac08ac9d08f8f5380e2a9a65f4117862aa861a19 |
| SHA256 | e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d |
| SHA512 | 129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec |
memory/4776-26-0x00000000023B0000-0x00000000023C6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-O98AO.tmp\VclStylesInno.dll
| MD5 | b0ca93ceb050a2feff0b19e65072bbb5 |
| SHA1 | 7ebbbbe2d2acd8fd516f824338d254a33b69f08d |
| SHA256 | 0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246 |
| SHA512 | 37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2 |
memory/4776-32-0x0000000006C50000-0x0000000006F6A000-memory.dmp
memory/4776-34-0x00000000070C0000-0x00000000070C1000-memory.dmp
memory/4776-35-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-36-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-37-0x00000000070D0000-0x00000000070D1000-memory.dmp
memory/4776-38-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-39-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-40-0x00000000070E0000-0x00000000070E1000-memory.dmp
memory/4776-41-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-42-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-44-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-43-0x00000000070F0000-0x00000000070F1000-memory.dmp
memory/4776-45-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-46-0x0000000007100000-0x0000000007101000-memory.dmp
memory/4776-47-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-48-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-50-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-51-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-49-0x0000000007110000-0x0000000007111000-memory.dmp
memory/4776-52-0x0000000007120000-0x0000000007121000-memory.dmp
memory/4776-53-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-54-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-56-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-55-0x0000000007130000-0x0000000007131000-memory.dmp
memory/4776-57-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-58-0x0000000007140000-0x0000000007141000-memory.dmp
memory/4776-59-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-60-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-62-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-61-0x0000000007150000-0x0000000007151000-memory.dmp
memory/4776-63-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-64-0x0000000007160000-0x0000000007161000-memory.dmp
memory/4776-65-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-66-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-67-0x0000000007170000-0x0000000007171000-memory.dmp
memory/4776-68-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-69-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-70-0x0000000007180000-0x0000000007181000-memory.dmp
memory/4776-72-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-73-0x0000000007190000-0x0000000007191000-memory.dmp
memory/4776-74-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-76-0x00000000071A0000-0x00000000071A1000-memory.dmp
memory/4776-77-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-75-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-71-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-78-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-79-0x00000000071B0000-0x00000000071B1000-memory.dmp
memory/4776-80-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-81-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-83-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-84-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-82-0x00000000071C0000-0x00000000071C1000-memory.dmp
memory/4776-86-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-85-0x00000000071D0000-0x00000000071D1000-memory.dmp
memory/4776-87-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-88-0x00000000071E0000-0x00000000071E1000-memory.dmp
memory/4776-89-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-90-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-91-0x00000000071F0000-0x00000000071F1000-memory.dmp
memory/4776-92-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-93-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4776-100-0x0000000006B40000-0x0000000006B41000-memory.dmp
C:\Program Files\CCleaner\lang\lang-1049.dll
| MD5 | c73ae8381b0fcf393dab071a33104ebc |
| SHA1 | bf0197b60e005420cdc3f7577b427a37664f41f7 |
| SHA256 | 42cf3c10d48633375c11467dde187e58e2aa8d38174f77a9d79da3a5c45619c8 |
| SHA512 | 470548d49a43de70dcfc094ddff46e2c9571c2373c460bdb0ccd4cdd7ea7b4f4ba9c08bad43e944b1229b0c49e5dd2e2286a0452809e9b7dbb1688ef4ffe6c0c |
C:\Program Files\CCleaner\CCleaner.exe
| MD5 | 63e585677d89f2cae04b88187805aaeb |
| SHA1 | df290688ac6e6d6b941df0476fe8a85d3397ea90 |
| SHA256 | 9620fde053ff66c52d7ee7a26d291889a23eb2e3540627753c0a7cfe0a5b2e30 |
| SHA512 | 9528c1dd546056a78aff85d8c122b4d9a846a528cb7beef44aac34d397274135ecafb560c466aecfcb763ae7c233057bf26e2862cc30f4f40ebab03b2b368134 |
C:\Program Files\CCleaner\CCEnhancer.exe
| MD5 | 928cb9009e248e648280270255d6d44b |
| SHA1 | 5ff1b16d9da12d5325a8169ee1d7a770e62d660a |
| SHA256 | 4d025fad652ec6b890883f64e617f1e5dccfbff0dc857631695c6cf4315c1c23 |
| SHA512 | e0a1e4e667d71853dca434309d48beeb1d2a04f89c7c8bfc94f7a8c8f1cc3ba948f78e06ab6dea9aaeb1fdc3d6f40840de31bf5e4032907698f68f120bcb24e2 |
C:\Program Files\CCleaner\ccleaner.ini
| MD5 | 5678e5bea1b09dc2476377cc2a0de3eb |
| SHA1 | 47f904a061704ec9f3db1c38ded396f0c8bd63ae |
| SHA256 | 04764148098d1825732392f371de3f134d7f5407ab0a6f4f1b1c9c15aa82091b |
| SHA512 | 4343cd2c55be148c7dba4ea137b2964076115cd8e32d26c6d7ef79fa77f0b478d15ac834e37072438d0e300b14bf1c2243ef3dd8fc0b3fba67e8d1ea679384c8 |
memory/4308-392-0x0000000000400000-0x0000000000417000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f2dc80f5403feb8461b7ffa09890d6a0 |
| SHA1 | d5b61e6d672e7e71571e0132e21cead181da8805 |
| SHA256 | eadeadba37eed18e5acba408d7e076270b00403fed372b77164577232232428a |
| SHA512 | 5e2119529b99b76be105c43714e4b9977ee2147172c1c44e92bd9b41fa7a66f55d4073c864aac668a912aff2898bd216fb38f2fe34ef65de69ad12965218caf5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5c48e8b68231fb5b2d7f1188b930bc0e |
| SHA1 | 1822aef5da8fdd47626fb91afcf79a2be175a325 |
| SHA256 | c3b287c29eaa57166b2ab1ba9bd0aaced13cc2f946a04b8d708ac429187fe944 |
| SHA512 | 2bd09b83e44e0104fbe080a8573690217dc9fbf7fd59ff25a1a9e9ebd2d87ac533f9b99350773d081a7e748b39657115a13e94538b153bceb13ecdfc4672a0f8 |
\??\pipe\LOCAL\crashpad_2884_WORHHMYEWMVYYWSG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 656409696283c1e546e91646f20288c1 |
| SHA1 | 3c1fe1c0c68837c74803cfccfb782bc7a4de2e67 |
| SHA256 | affecd9ea2f457c119987daf846b1360626b1a12334fb1ae7fc7bb819cbe1514 |
| SHA512 | 26663ffa7364d3eb683e947c2d1ae252ecb36903317dfbc844952bbae85a4fddee38eb290047441f0d16eeeb39a260787bc3d4c17ae398783cda52dceafeb1c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 49afb43a2b19ccfe6afa155592eec70f |
| SHA1 | 5b6d9951582feb5341742df72a135bb172356745 |
| SHA256 | f3e273f0f9be504297b04810100ba4459a8b74a3ad3e892517cdd27d23222e47 |
| SHA512 | 3ccc14ca5d98db09b0ff66860806e5abe8f4add77d0a9a278716e063204186c7cc4615bfca34cebd0ebc00aa3f23eefaab3fae8023e1c4727ca05f1e7809e8a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b176ead8e1520ae9a5955a7db3b31b77 |
| SHA1 | 7d75fe58c6f6422217d93dd0aacf883621336b57 |
| SHA256 | 907a2f1d93fedba84c54146cc6cea813c11ac11208d11b3c3e3bb016eec3fed1 |
| SHA512 | c57746aca247807f03abfc1652f6e302f96bc29fe7bb418675b9550dec2e46700da387eea08815ea3d9bcd93a7d07a6c80f95057e5870ea9b1a1c8f0330ea8b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 879aecaac6167e5b794ef1f27625fbef |
| SHA1 | 3049822683fb3d4145e2407b3b02aab137b8d8da |
| SHA256 | fb1fdc1a774c53c44c44729c069ac4cd22ea2eda48a23d65c76a3ff87925f9be |
| SHA512 | 0aa088ab741ad7c948882f2fb49ce0a4e04dac7fedc485473c888feacbd3fc3d98e7117344df92dbba934c8be8c0656433de2c46f15c7ac6d575bace6d106eb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 18c2b5a53791c7ccc4685111b8dac014 |
| SHA1 | 62a1f6db6be5957d1d14affd8bf1a1fd11166359 |
| SHA256 | 614aecb4100b511d5006142b4220b10e42d72be03faaa6016b445ca54575515c |
| SHA512 | 78e1d59ff510ce594d0286aba8c5a96eb37432bc646f8c848ace07a6ed9fe9b393129a6cd112e9897c3b43c480593b56d9056cae669b37419871a7e0d756389d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9ca85eb3-05d8-4235-b971-9cf6e21f2fd5.tmp
| MD5 | 402714d611ddc7e2b95458d8c79b3c0b |
| SHA1 | ded333f902d7f96af558672fc5896f008a42aa49 |
| SHA256 | fda8948bc2de0aab85656c51e850733658b4c70df1aaf89b70ddf07accc1a200 |
| SHA512 | 129473e50a5a0269fce9e471c943a17fa75ba7f47153b3d42ab29c0886d82dfbce15517da4dc59c09cfbbe90f9c82cc6fce81bc41966469badb36ad317bc8f44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7a135989867ac4b2dbc583e570cf56b2 |
| SHA1 | 887b8fe05411fbf9bc269e03effac865a431983c |
| SHA256 | f9e44be9b4d1424df28499e7e332382118d606c54ceb69047b518763d1d10340 |
| SHA512 | 35a9e19256659fc28cf45a8791161cc5eb45051d6835ee6e1cbd00be9ee90b474e024edeca20a37d11db25b6b04056f82743317dfb39d53e24a67d7884474329 |
C:\Program Files\CCleaner\CCleaner.exe
| MD5 | abe8d7c6e01d0028193748b8a285dab9 |
| SHA1 | 8643449245092ab4474b306662a08415cd464d49 |
| SHA256 | a5d00e115a3b8fc552787e42a346f62a03dc69bdacb491c7e78e54143538cbc8 |
| SHA512 | d72cf22ba8861b07c4fbfb635c79568c99b561c8161087f9288bd154dcb82bdea0a2948a852091ad85ad3e0ed118914cc28f24582aacd2b66daf820452c480ce |
C:\Program Files\CCleaner\CCleaner.exe
| MD5 | e9ace0377ef53c6e9fe26715bf454d85 |
| SHA1 | 330d00ec8ab700c7b40a730fc81b39426da7a85a |
| SHA256 | 9521b72ba4813d68d764d86e9eb1b4710bbd9c811fb6d399c867113f68d84097 |
| SHA512 | e756c99aaea8661ca4bc841ed745b032faee125ff998815e6d3a7e6d717ac1da46de93e05c01043e5817ee06c3dd45ebef2697afacaff4c3c74a2aab12e28555 |
C:\Program Files\CCleaner\CCleaner64.dll
| MD5 | 7ead3dac9feabef2533465e544269f5e |
| SHA1 | 518f392f75bfe7e207eb7774bef6c4b0335ae9be |
| SHA256 | 8e8acda5509d1afa814bdae4c59b879d380c15eb6e695bb5da7ce46e39c5d201 |
| SHA512 | 5837a92d7ebc8edde665fd0f288642afe9f879f6cb5292bc6631201c6faf1823ba42b5058ac1eb444f6eb8a641ee22c3ba982e677b6a9fa0138a5b3df7f04beb |
memory/4868-640-0x0000000070020000-0x0000000070022000-memory.dmp
C:\Program Files\CCleaner\branding.dll
| MD5 | 705a39c1b61a9cbca3e8e2a71ab4fdde |
| SHA1 | 8179af4878bcfb57f08399e3b74dce849b88ceb8 |
| SHA256 | 631c578e7e2153957e6e07cf02bf9aa05cc7eb1c13d98e7b0270fb216f09e534 |
| SHA512 | e72ff8f7f0f09af06238fd8e1ea46769a35bddcb5e8921956edd9f37637ecf32bda3e533a57fec0c36b0830938a58a37c0777b1d1f8518261c1f579dfbfa5bc5 |
C:\Program Files\CCleaner\gcapi_17086264714868.dll
| MD5 | f17f96322f8741fe86699963a1812897 |
| SHA1 | a8433cab1deb9c128c745057a809b42110001f55 |
| SHA256 | 8b6ce3a640e2d6f36b0001be2a1abb765ae51e62c314a15911e75138cbb544bb |
| SHA512 | f10586f650a5d602287e6e7aeeaf688b275f0606e20551a70ea616999579acdf7ea2f10cebcfaa817dae4a2fc9076e7fa5b74d9c4b38878fbf590ffe0e7d81c9 |
C:\Program Files\CCleaner\ccleaner.ini
| MD5 | 15ae539891ec03d875009bb91d99ca2a |
| SHA1 | d1bd0483c83f61e5d494f3915c7a0988c8da6a68 |
| SHA256 | 9b8ae4b643d07e468ce17013502eeda88ab53aa092b5a7ec432112056861b697 |
| SHA512 | df8618225c15add1419a565f087256d86e607fb5be367c70a3f8d43112ebb16d96881b8c824eb7237a61861e0aba679a6ce6c8ad4feab6dca4fc65b8273a8580 |
C:\Program Files\CCleaner\CCleaner.dat
| MD5 | 26557ece29393618c2ea9e8a68c522e4 |
| SHA1 | e83cdc8f872de25fa625f901c66d3434c72156e2 |
| SHA256 | 6ebc6735c40ab36bcd33f461b5b1ac1cb20d06d481f901700f0c2501bee9908c |
| SHA512 | 1d5fc5059d94f70ca84a8cac7e678a815f6bf69a11fe546cc26ba2549623359a2dd360af72983b73739a3f9f6d63702de04c1eef80256328f079475be4301d24 |
C:\Program Files\CCleaner\ccleaner.ini
| MD5 | 6401d9cecf4562e1f2996b92eee34cea |
| SHA1 | e9e16b76af43449a4fd4b0dafa73103fd496266a |
| SHA256 | be52678e2cbf0d834a0515bcf78a7e67300a0b17e65d270e4c4b66f136eb18e7 |
| SHA512 | 87211e7be235431561cbb4b4910748a339a0233b7d2f47bcd6379bc00dc3454cde4345468438da954694b87469164353cb2a6d7be7d4e0f2f3df178ac02363a4 |
C:\Program Files\CCleaner\ccleaner.ini
| MD5 | 5356d5e8054c9a2f00aa0cb696203d5b |
| SHA1 | 19bf3716f0f616e409208aed32706cacc5306a69 |
| SHA256 | 7a88bfcf71df764e20453611c680cb2ff67bdd6b7e7899a74f2301e2710b098d |
| SHA512 | 6437295e3a43847f99ead2047fedf037db34574efd9805bc3acdd8ab4fcbdbc4d32930bf40c3f86683831232083e561acff11f890466c5659cd2c1a1533d4dbf |
C:\Users\Admin\Desktop\CCleaner.lnk
| MD5 | 41a0e2f372817f57b5e6b14a01898996 |
| SHA1 | 32936b8b146141c4f86e315db83196a7402aa15f |
| SHA256 | 12be2b29c98e615cf42306a2cb662fac38bc7b13576ed842175d720eb8eed9bc |
| SHA512 | aacc7e336766196b3d839dcb2dec1836d382860fb28cc165fc2db1bdb7e45de4f9752f18642226bc48200f0431d2f946ac562cba2b4f6b6904adbb1001358205 |
C:\Program Files\CCleaner\ccleaner.ini
| MD5 | 98e5b9f19e8c34b5719b82e3e90c3443 |
| SHA1 | bf6979815223019679ff74b0429b17d35795b61d |
| SHA256 | b744eb6366331dc1c09f34cb138114d3fa83eff3622142b92b0733c6dd0fcbed |
| SHA512 | 247ebd6284f6893e6f1af37eaaa0d4160f1380debcb80eb7320078f9564ab723ccab4ff55e84f42c21848332eb12d8d31e60d54f83d74ddf1760370c5fa91170 |
C:\Program Files\CCleaner\ccleaner.ini
| MD5 | c92f4b9a643b46b0186786969208cef7 |
| SHA1 | 09e6e1e10a3494957e59dedfb9d714c1c6892cf3 |
| SHA256 | c86d29d7dec44a2c86cff73796cb534db30899b00b2c15f6028e6684f8debe02 |
| SHA512 | 444287e4aeac59e790e22a6b4ccb9203dac8283ec77bcbaa5b702edf949678585437962a1667ad2b8e99aa88c003645fb79765e7be48a2f6bb1984a6d9abef3b |
C:\Program Files\CCleaner\ccleaner.ini
| MD5 | 90c782f5d23a3cb738dc047d4f0d29e1 |
| SHA1 | 3f4ecad743deaaa7296a1d18354cc1619f00d5b9 |
| SHA256 | dbc31c46ff513c2076711de49cebda12d94f5bbffd39e5b6f3dd65be35ec9dc3 |
| SHA512 | cf456746e450c79aeb718c89ab103b0bebbb11e285e90c3ce7105c61c26d8a8fe083a909c4b5f9dfaf83d55c5fbfbd3910a6fd8cc6bf2adef369d40950c3b96a |
C:\Program Files\CCleaner\winapp2.ini
| MD5 | 8b343cf7da66ce060f18375e0387e088 |
| SHA1 | 38456290b0e762bc6b26b377763c9e4a5c5675d2 |
| SHA256 | fd4ce2c4f4fe37ccf189fe9531479b05332bd9edfd0c516da2f24c2d4ece914b |
| SHA512 | 32f41263b4cdee2c9e18ba38ec8f87582bfe795b9a797643da17b93f46755c6aa07a5e4badbc1dfade65cefc3fcdf93023e7a86d84ff6e006c22cac1887b51ed |
C:\Program Files\CCleaner\ccleaner.ini
| MD5 | 318205b9aab1dc7a473457c107f4d129 |
| SHA1 | 6e905bb25bc12c868736101a01d34ca254ed9012 |
| SHA256 | ffa346cd7d3d8be04f5f0ddeddcc45381b147f4404645a8bb1998fabff8a7284 |
| SHA512 | e5d13ec69b28b0cd8def483d781ce65341f20e15e6185f0eb8861b625c6ccb610c7eb358836c9822fb2eb679352e34b1878aab677864b6a5cbc8597dc8979948 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-us\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |