Analysis Overview
Threat Level: Likely malicious
The file https://soft98.ir/software/optimization/212-ccleaner.html was found to be: Likely malicious.
Malicious Activity Summary
Credentials from Password Stores: Credentials from Web Browsers
Possible privilege escalation attempt
Drops file in Drivers directory
Downloads MZ/PE file
Event Triggered Execution: Image File Execution Options Injection
Executes dropped EXE
Reads user/profile data of web browsers
Modifies file permissions
Loads dropped DLL
Adds Run key to start application
Checks for any installed AV software in registry
Writes to the Master Boot Record (MBR)
Checks installed software on the system
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Checks system information in the registry
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates physical storage devices
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Uses Volume Shadow Copy service COM API
Suspicious behavior: GetForegroundWindowSpam
NTFS ADS
Views/modifies file attributes
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Delays execution with timeout.exe
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious use of SetWindowsHookEx
Modifies registry class
Opens file in notepad (likely ransom note)
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-08-09 19:04
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-09 19:04
Reported
2024-08-09 19:21
Platform
win11-20240802-en
Max time kernel
623s
Max time network
1036s
Command Line
Signatures
Credentials from Password Stores: Credentials from Web Browsers
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\drivers\etc\hosts | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Windows\system32\drivers\etc\hosts | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\system32\drivers\etc\hosts | C:\Windows\system32\attrib.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\msisadrv.sys | C:\Windows\system32\DrvInst.exe | N/A |
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe\ab6d359c4cdd6b94_PD | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\appvlp.exe\UseFilter = "1" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoev.exe\b6cf088aaed5f530_PD\Debugger = "\"C:\\Program Files\\CCleaner\\CCleanerReactivator.exe\"" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msotd.exe\UseFilter = "1" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe\b6cf088aaed5f530_PD\FilterFullPath = "c:\\program files\\microsoft office\\root\\office16\\powerpnt.exe" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\b6cf088aaed5f530_PD\FilterFullPath = "c:\\program files\\microsoft office\\root\\office16\\winword.exe" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msotd.exe\b6cf088aaed5f530_PD | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe\UseFilter = "1" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe\UseFilter = "1" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe\b6cf088aaed5f530_PD\Debugger = "\"C:\\Program Files\\CCleaner\\CCleanerReactivator.exe\"" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\appvlp.exe\710eccaedf4af036_PD | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\appvlp.exe\710eccaedf4af036_PD\Debugger = "\"C:\\Program Files\\CCleaner\\CCleanerReactivator.exe\"" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe\b6cf088aaed5f530_PD\Debugger = "\"C:\\Program Files\\CCleaner\\CCleanerReactivator.exe\"" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msotd.exe\b6cf088aaed5f530_PD\Debugger = "\"C:\\Program Files\\CCleaner\\CCleanerReactivator.exe\"" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msotd.exe\b6cf088aaed5f530_PD\FilterFullPath = "c:\\program files\\microsoft office\\root\\office16\\msotd.exe" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe\UseFilter = "1" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\appvlp.exe | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\appvlp.exe\710eccaedf4af036_PD\FilterFullPath = "c:\\program files\\microsoft office\\root\\client\\appvlp.exe" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msotd.exe | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe\b6cf088aaed5f530_PD\Debugger = "\"C:\\Program Files\\CCleaner\\CCleanerReactivator.exe\"" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe\b6cf088aaed5f530_PD\FilterFullPath = "c:\\program files\\microsoft office\\root\\office16\\onenote.exe" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe\b6cf088aaed5f530_PD | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe\ab6d359c4cdd6b94_PD\Debugger = "\"C:\\Program Files\\CCleaner\\CCleanerReactivator.exe\"" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe\UseFilter = "1" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoev.exe | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\UseFilter = "1" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoev.exe\b6cf088aaed5f530_PD | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoev.exe\b6cf088aaed5f530_PD\FilterFullPath = "c:\\program files\\microsoft office\\root\\office16\\msoev.exe" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe\b6cf088aaed5f530_PD | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\b6cf088aaed5f530_PD\Debugger = "\"C:\\Program Files\\CCleaner\\CCleanerReactivator.exe\"" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoev.exe\UseFilter = "1" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe\b6cf088aaed5f530_PD | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe\b6cf088aaed5f530_PD\Debugger = "\"C:\\Program Files\\CCleaner\\CCleanerReactivator.exe\"" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe\UseFilter = "1" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\b6cf088aaed5f530_PD | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe\b6cf088aaed5f530_PD | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe\b6cf088aaed5f530_PD\FilterFullPath = "c:\\program files\\microsoft office\\root\\office16\\excel.exe" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setlang.exe\b6cf088aaed5f530_PD\FilterFullPath = "c:\\program files\\microsoft office\\root\\office16\\setlang.exe" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe\ab6d359c4cdd6b94_PD\FilterFullPath = "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\msoxmled.exe" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Windows\CurrentVersion\Run\CCleaner Smart Cleaning = "\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR" | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Windows\CurrentVersion\Run\CCleaner Smart Cleaning = "\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR" | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Avast Software\Avast | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\AntiVir Desktop | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avira\Speedup | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\AVAST Software\Avast | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\AVAST Software\Avast | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\WOW6432Node\Avast Software\Avast | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\Avast Software\Avast | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\Avira\Antivirus | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avira\Speedup | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\SOFTWARE\Avira\AntiVirus | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\avira\launcher\ | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\avira\launcher\ | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\Avast Software\Avast | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\WOW6432Node\Avast Software\Avast | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Avast Software\Avast | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avira\AntiVir Desktop | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\AntiVir Desktop | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\Avira\Antivirus | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avira\AntiVir Desktop | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\SOFTWARE\Avira\AntiVirus | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
Checks installed software on the system
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Program Files\CCleaner\CCUpdate.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Program Files\CCleaner\CCUpdate.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_4930e9ac235a7d97\cpu.PNF | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{c08c6870-3348-d345-88d3-24f1dafaef8c}\SET1888.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{c08c6870-3348-d345-88d3-24f1dafaef8c}\SET1899.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c08c6870-3348-d345-88d3-24f1dafaef8c}\RtNicProp64.dll | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\ich9core.inf_amd64_11099e449d0dade9\ich9core.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{c08c6870-3348-d345-88d3-24f1dafaef8c}\SET189A.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_84ea762c0a90c362\mshdc.PNF | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{8fda17e9-f2a1-364a-8abd-8c2cf91163c5}\tstamd64.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{8fda17e9-f2a1-364a-8abd-8c2cf91163c5}\cdrom.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_970e40f68a7583a1\tstamd64.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{bacf555e-d14a-6c42-91fd-734ed856878c}\ich9core.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\vhdmp.inf_amd64_1493e724f07f9b39\vhdmp.PNF | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{bacf555e-d14a-6c42-91fd-734ed856878c}\SETAFD.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\ich9core.inf_amd64_11099e449d0dade9\ich9core.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c08c6870-3348-d345-88d3-24f1dafaef8c}\Netrtl64.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_b9219faf432b1e25\cdrom.PNF | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_5ab7d1c25144fcab\msmouse.PNF | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\cdrom.inf_amd64_970e40f68a7583a1\cdrom.PNF | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{bacf555e-d14a-6c42-91fd-734ed856878c}\SETAFC.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{bacf555e-d14a-6c42-91fd-734ed856878c}\SETAFC.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{c08c6870-3348-d345-88d3-24f1dafaef8c}\SET189B.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\hdaudio.inf_amd64_e61357c1a331ecc4\hdaudio.PNF | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_3bf6c0d173eb26c6\swenum.PNF | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{8fda17e9-f2a1-364a-8abd-8c2cf91163c5}\SET928.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{bacf555e-d14a-6c42-91fd-734ed856878c}\ich9core.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\addinutil.exe.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_726cea1f0f349cf7\machine.PNF | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{8fda17e9-f2a1-364a-8abd-8c2cf91163c5}\SET927.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{8fda17e9-f2a1-364a-8abd-8c2cf91163c5}\SET928.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_970e40f68a7583a1\cdrom.PNF | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\monitor.inf_amd64_5653ba7de4b18c6f\monitor.PNF | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\disk.inf_amd64_46a68184927df9e8\disk.PNF | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{bacf555e-d14a-6c42-91fd-734ed856878c}\SETAFD.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{8fda17e9-f2a1-364a-8abd-8c2cf91163c5}\SET927.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{8fda17e9-f2a1-364a-8abd-8c2cf91163c5} | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c08c6870-3348-d345-88d3-24f1dafaef8c}\SET1888.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_cc6edbde0940344f\keyboard.PNF | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_585900615f764770\usbport.PNF | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\umbus.inf_amd64_0a89aff902a5c3a9\umbus.PNF | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\pci.inf_amd64_429878ca49a21d99\pci.PNF | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\ich9core.inf_amd64_11099e449d0dade9\ich9core.PNF | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\ich9core.inf_amd64_11099e449d0dade9\ich9core.PNF | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_702fdf2336d2162d\input.PNF | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_1facf5c0b549e8ff\acpi.PNF | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c08c6870-3348-d345-88d3-24f1dafaef8c}\SET1899.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c08c6870-3348-d345-88d3-24f1dafaef8c}\SET189A.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c08c6870-3348-d345-88d3-24f1dafaef8c}\Rtnic64.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c08c6870-3348-d345-88d3-24f1dafaef8c}\SET189B.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{bacf555e-d14a-6c42-91fd-734ed856878c} | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_8207ba80cf22e40a\hdaudbus.PNF | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_970e40f68a7583a1\cdrom.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{c08c6870-3348-d345-88d3-24f1dafaef8c}\netrtl64.cat | C:\Windows\system32\DrvInst.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\CCleaner\Data\package_download\c159b16b2d5bcacea4edce02720f3e2fb1220bfc.sig | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Program Files\CCleaner\Data\package_download\853c8e15e9910004b3aedff1cf9474b5b42f363c.sig.part | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-1055.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-1062.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File created | C:\Program Files\CCleaner\CCleanerDU.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File opened for modification | C:\Program Files\CCleaner\gcapi_17232307106712.dll | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Program Files\CCleaner\LOG\su_telemetry.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Program Files\CCleaner\Data\DownloadJobs\036f52b8-40a3-444e-83f0-1c4774ce73bf.winhttp_job | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-1041.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-1044.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-1155.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File created | C:\Program Files\CCleaner\wa_3rd_party_host_32.exe | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File opened for modification | C:\Program Files\CCleaner\LOG\su_adapter.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-5146.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-9999.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File created | C:\Program Files\CCleaner\Setup\ad494186-1679-4f5e-a9bd-9602437ce2c0.xml | C:\Program Files\CCleaner\CCUpdate.exe | N/A |
| File opened for modification | C:\Program Files\CCleaner\LOG\su_controller.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Program Files\CCleaner\CCUpdate.exe | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-1043.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-1067.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File opened for modification | C:\Program Files\CCleaner\Data\package_download\5ab31921e7608b750e5af368503de5de1f7440f8.zip.part | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-1087.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File created | C:\Program Files\CCleaner\libwaresource.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File created | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File opened for modification | C:\Program Files\CCleaner\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\def438d0-cc94-452e-80c4-f8a33101a96e | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Program Files\CCleaner\Data\package_download\df2052ab846c543608316e16ec18ed5eb296f4fe | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-1028.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-1045.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-1071.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File opened for modification | C:\Program Files\CCleaner\Data\DownloadJobs\4131631f-2c2e-4d92-a359-53a3811d5f57.winhttp_job | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Program Files\CCleaner\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\ca7ace8e-151e-467a-b450-bf531b17cbe5 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Program Files\CCleaner\Data\package_download\c159b16b2d5bcacea4edce02720f3e2fb1220bfc.sig.part | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-1027.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-1061.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-1104.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File created | C:\Program Files\CCleaner\LOG\DriverUpdEngTask.log.tmp.497d86ee-7987-4264-a77f-4cf639dcfb94 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Program Files\CCleaner\LOG\DriverUpdEngTask.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Program Files\CCleaner\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\44ED97C8-2D40-4A50-913D-673F6858B9AF | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Program Files\CCleaner\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\ca7ace8e-151e-467a-b450-bf531b17cbe5 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-1029.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-1036.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-1037.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-1048.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-1030.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-1038.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-1065.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File opened for modification | C:\Program Files\CCleaner\Data\package_download\df2052ab846c543608316e16ec18ed5eb296f4fe.zip.part | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Program Files\CCleaner\CCleanerPerformanceOptimizer.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File opened for modification | C:\Program Files\CCleaner\LOG\DriverUpdaterLib.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Program Files\CCleaner\LOG\event_manager.log | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| File opened for modification | C:\Program Files\CCleaner\Data\StateHistory\DUState 2024-08-09 19-12-03-244.dat | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Program Files\CCleaner\LOG\pd.log | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| File opened for modification | C:\Program Files\CCleaner\Data\package_download\5ab31921e7608b750e5af368503de5de1f7440f8 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-1052.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-1058.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-2052.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File created | C:\Program Files\CCleaner\LOG\su_controller.log.tmp.6deedbf0-44ea-4e86-bf7d-c7e418e6549a | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-1034.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-1059.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| File created | C:\Program Files\CCleaner\LOG\su_adapter.log.tmp.38411870-bf06-43de-8353-89b82afd1ad4 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Program Files\CCleaner\Data\package_download\5ab31921e7608b750e5af368503de5de1f7440f8\tstamd64.cat | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Program Files\CCleaner\Data\StateHistory\DUState 2024-08-09 19-14-41-474.dat | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Program Files\CCleaner\Data\package_download\d3309a95bdd4456290d2571593848ea9323e84b9.zip | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Program Files\CCleaner\Lang\lang-1046.dll | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Panther\UnattendGC\setupact.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\security\logs\scesetup.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\Panther\setupact.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\SoftwareDistribution\DataStore\Logs\edb00006.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\SoftwareDistribution\DataStore\Logs\edb00008.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\SoftwareDistribution\DataStore\Logs\edb0000C.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\SoftwareDistribution\DataStore\Logs\edb0000F.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Tasks\CCleanerCrashReporting.job | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File created | C:\Windows\Tasks\CCleanerCrashReporting.job | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\setupact.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\Debug\sammui.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\SoftwareDistribution\DataStore\Logs\edb0000B.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Debug\PASSWD.LOG | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\SoftwareDistribution\DataStore\Logs\edb00003.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\inf\oem4.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Logs\CBS\CBS.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\Logs\DPX\setupact.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\SoftwareDistribution\DataStore\Logs\edb0000D.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\SoftwareDistribution\DataStore\Logs\edb0000E.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\lsasetup.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\WindowsUpdate.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\SoftwareDistribution\DataStore\Logs\edb00004.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\SoftwareDistribution\DataStore\Logs\edbtmp.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setuperr.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\Panther\setuperr.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\SoftwareDistribution\DataStore\Logs\edb00007.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Logs\DPX\setuperr.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\Debug\NetSetup.LOG | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\SoftwareDistribution\DataStore\Logs\edb00009.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\SoftwareDistribution\DataStore\Logs\edb0000A.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\Logs\MoSetup\UpdateAgent.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\SoftwareDistribution\DataStore\Logs\edb00005.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\TEMP | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| File created | C:\Windows\inf\oem4.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\setuperr.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\SoftwareDistribution\ReportingEvents.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\DtcInstall.log | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\CCleaner\CCUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\CCleaner\CCUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Patch 64bit\Patch.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\CCleaner\wa_3rd_party_host_32.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002\ | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Driver | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0003\ | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000B | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Driver | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0003 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ConfigFlags | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0007 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0007 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0011 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0007 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0012 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064\ | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0006\ | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064\ = "0" | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0003 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\000F | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064 | C:\Windows\system32\DrvInst.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0006\ | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0013 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009\ | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000B\ | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ConfigFlags = "32" | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0012 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\LIVE.COM | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\TypedURLs | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19 | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Piriform\CCleaner | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\OneDriveSetup = 020000000000000000000000 | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Piriform\CCleaner\AutoICS = "1" | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Piriform\CCleaner\AutoICS = "1" | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Open CCleaner...\command | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell\open\command\ = "\"C:\\Program Files\\CCleaner\\ccleaner.exe\" /%1" | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\ = "URL: CCleaner Protocol" | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E} | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Open CCleaner... | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Run CCleaner | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Software | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Software\Piriform\CCleaner\AutoICS = "1" | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\URL Protocol | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Run CCleaner\command | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Run CCleaner\command\ = "C:\\Program Files\\CCleaner\\ccleaner.exe /AUTORB" | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "65F115A51CCCDBF623206AEDE3B3D8A4" | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell\ | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Software\Piriform\CCleaner | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Software\Piriform | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "6363e5bd-33e3-49d6-9ca3-6404fb9c42be" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Run CCleaner\command | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Open CCleaner...\command\ = "C:\\Program Files\\CCleaner\\ccleaner.exe /FRB" | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\5E1D6A55-0134-486E-A166-38C2E4919BB1 = "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAFYbCXk3jR0+sI9UVuRJ/PgQAAAACAAAAAAAQZgAAAAEAACAAAABTtBtH2Vz2i+yViQ2BUk2KB/DgO3Jwis2T7XRZqTar5gAAAAAOgAAAAAIAACAAAAB10/LOx0NXVvEGJVVDjaU/tDmQILD0iEA1cg6j3ticHkAAAAC822i4+CTfghk4hQk9E1TiSqNaI2s9YL4Ld6cQGG2hjZFn1pH6RJ0Hw/58gobotFuzkGvWGBn0Wisek169I1mSQAAAAH+sdAm6NTxgrAArxc5B4whs2Qs5AUUpgDtdPprpI+bWUh3Q+c0Gtt0tHTUJPHvbdnM3RpuljNOcXlMGAZU/GuE=" | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Open CCleaner...\command | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell\open | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "6363e5bd-33e3-49d6-9ca3-6404fb9c42be" | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "65F115A51CCCDBF623206AEDE3B3D8A4" | C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell\open\ | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\cclaunch\shell\open\command | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169.rar:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
| N/A | N/A | C:\Program Files\CCleaner\CCleaner64.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://soft98.ir/software/optimization/212-ccleaner.html"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://soft98.ir/software/optimization/212-ccleaner.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae5b0870-a1bb-40c1-b740-3a48808cbda6} 4056 "\\.\pipe\gecko-crash-server-pipe.4056" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2432 -parentBuildID 20240401114208 -prefsHandle 2296 -prefMapHandle 2300 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0918d8a-a231-431d-85ff-e628803e608b} 4056 "\\.\pipe\gecko-crash-server-pipe.4056" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3200 -childID 1 -isForBrowser -prefsHandle 3192 -prefMapHandle 3188 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13717a6b-f6bb-4e54-93c7-0ba66fa184cc} 4056 "\\.\pipe\gecko-crash-server-pipe.4056" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3704 -childID 2 -isForBrowser -prefsHandle 3696 -prefMapHandle 3692 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c5a8f8f-60c1-4d5a-802c-9384dcc7a45c} 4056 "\\.\pipe\gecko-crash-server-pipe.4056" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4496 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4508 -prefMapHandle 2792 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7967e0a-b3ea-4921-8711-0896b65a8ad6} 4056 "\\.\pipe\gecko-crash-server-pipe.4056" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5416 -childID 3 -isForBrowser -prefsHandle 5392 -prefMapHandle 5344 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba3a5055-9ce0-4c9e-97a0-5ab1c2982047} 4056 "\\.\pipe\gecko-crash-server-pipe.4056" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5556 -childID 4 -isForBrowser -prefsHandle 5632 -prefMapHandle 5628 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec15192a-79df-4cd2-b615-696585da5bc1} 4056 "\\.\pipe\gecko-crash-server-pipe.4056" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5396 -childID 5 -isForBrowser -prefsHandle 5520 -prefMapHandle 5528 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {165b61cb-5f03-4304-b5b9-a69c9f09ad6c} 4056 "\\.\pipe\gecko-crash-server-pipe.4056" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6176 -childID 6 -isForBrowser -prefsHandle 6152 -prefMapHandle 6148 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fa45d46-d5eb-4dc6-9e1d-163f34366014} 4056 "\\.\pipe\gecko-crash-server-pipe.4056" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3552 -childID 7 -isForBrowser -prefsHandle 4064 -prefMapHandle 4228 -prefsLen 30901 -prefMapSize 244658 -jsInitHandle 1324 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4334ff8c-b171-4dad-9235-1c7ca7bd4b4f} 4056 "\\.\pipe\gecko-crash-server-pipe.4056" tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\" -ad -an -ai#7zMap2215:122:7zEvent18839
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Block Host [ Run Administrator ].cmd
C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe
"C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Setup.exe"
C:\Program Files\CCleaner\CCleaner64.exe
"C:\Program Files\CCleaner\CCleaner64.exe" /createSkipUAC
C:\Program Files\CCleaner\CCUpdate.exe
"C:\Program Files\CCleaner\CCUpdate.exe" /reg
C:\Program Files\CCleaner\CCUpdate.exe
CCUpdate.exe /emupdater /applydll "C:\Program Files\CCleaner\Setup\61c8d31d-e0b0-4b1e-95b0-1793a93f621c.dll"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=2&a=2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe41f63cb8,0x7ffe41f63cc8,0x7ffe41f63cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,10835259004460969832,6962661984961529710,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1844 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,10835259004460969832,6962661984961529710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,10835259004460969832,6962661984961529710,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10835259004460969832,6962661984961529710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10835259004460969832,6962661984961529710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10835259004460969832,6962661984961529710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10835259004460969832,6962661984961529710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,10835259004460969832,6962661984961529710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,10835259004460969832,6962661984961529710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3752 /prefetch:8
C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Patch 64bit\Patch.exe
"C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Patch 64bit\Patch.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Block Host [ Run Administrator ].cmd" "
C:\Windows\system32\fltMC.exe
fltmc
C:\Windows\system32\timeout.exe
timeout -1
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32\drivers\etc\hosts" /a
C:\Windows\system32\icacls.exe
icacls "C:\Windows\System32\drivers\etc\hosts" /grant administrators:F
C:\Windows\system32\attrib.exe
attrib -h -r -s "C:\Windows\System32\drivers\etc\hosts"
C:\Windows\system32\find.exe
FIND /C /I "# Piriform Blocker Key Verificator" C:\Windows\system32\drivers\etc\hosts
C:\Windows\system32\find.exe
FIND /C /I "license.piriform.com" C:\Windows\system32\drivers\etc\hosts
C:\Windows\system32\find.exe
FIND /C /I "www.license.piriform.com" C:\Windows\system32\drivers\etc\hosts
C:\Windows\system32\find.exe
FIND /C /I "speccy.piriform.com" C:\Windows\system32\drivers\etc\hosts
C:\Windows\system32\find.exe
FIND /C /I "www.speccy.piriform.com" C:\Windows\system32\drivers\etc\hosts
C:\Windows\system32\find.exe
FIND /C /I "recuva.piriform.com" C:\Windows\system32\drivers\etc\hosts
C:\Windows\system32\find.exe
FIND /C /I "www.recuva.piriform.com" C:\Windows\system32\drivers\etc\hosts
C:\Windows\system32\find.exe
FIND /C /I "defraggler.piriform.com" C:\Windows\system32\drivers\etc\hosts
C:\Windows\system32\find.exe
FIND /C /I "www.defraggler.piriform.com" C:\Windows\system32\drivers\etc\hosts
C:\Windows\system32\find.exe
FIND /C /I "ccleaner.piriform.com" C:\Windows\system32\drivers\etc\hosts
C:\Windows\system32\find.exe
FIND /C /I "www.ccleaner.piriform.com" C:\Windows\system32\drivers\etc\hosts
C:\Windows\system32\find.exe
FIND /C /I "license-api.ccleaner.com" C:\Windows\system32\drivers\etc\hosts
C:\Windows\system32\attrib.exe
attrib +h +r +s "C:\Windows\system32\drivers\etc\hosts"
C:\Windows\system32\timeout.exe
timeout -1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10835259004460969832,6962661984961529710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10835259004460969832,6962661984961529710,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10835259004460969832,6962661984961529710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10835259004460969832,6962661984961529710,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Program Files\CCleaner\CCleaner64.exe
"C:\Program Files\CCleaner\CCleaner64.exe"
C:\Program Files\CCleaner\CCleaner64.exe
"C:\Program Files\CCleaner\CCleaner64.exe" /monitor
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Program Files\CCleaner\wa_3rd_party_host_32.exe
--pid=5176
C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
"C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,10835259004460969832,6962661984961529710,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3756 /prefetch:2
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:3
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{9e8c4c29-4b22-e742-9dd3-fbdaef7cb9ad}\cdrom.inf" "9" "4c2199133" "000000000000014C" "WinSta0\Default" "0000000000000158" "208" "\\?\C:\Program Files\CCleaner\Data\package_download\5ab31921e7608b750e5af368503de5de1f7440f8"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "1" "SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000" "C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_970e40f68a7583a1\cdrom.inf" "oem3.inf:*:*:6.3.9600.16384:GenCdRom," "4c2199133" "000000000000014C" "ee52"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{a3ca6837-a4b6-8c4f-b203-41e953f162fe}\ich9core.inf" "9" "4a5bb1cab" "000000000000014C" "WinSta0\Default" "0000000000000180" "208" "\\?\C:\Program Files\CCleaner\Data\package_download\df2052ab846c543608316e16ec18ed5eb296f4fe"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "1" "PCI\VEN_8086&DEV_2918&SUBSYS_11001AF4&REV_02\3&11583659&0&F8" "C:\Windows\System32\DriverStore\FileRepository\ich9core.inf_amd64_11099e449d0dade9\ich9core.inf" "oem4.inf:*:*:9.1.9.1005:PCI\VEN_8086&DEV_2918," "4a5bb1cab" "000000000000014C" "ee52"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{9367f647-c20f-724a-9f4e-83a0869c982d}\Netrtl64.inf" "9" "4ce682def" "000000000000015C" "WinSta0\Default" "0000000000000178" "208" "\\?\C:\Program Files\CCleaner\Data\package_download\d3309a95bdd4456290d2571593848ea9323e84b9"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "1" "PCI\VEN_10EC&DEV_8139&SUBSYS_11001AF4&REV_20\3&11583659&0&18" "C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_3c359b290aa86d32\netrtl64.inf" "oem5.inf:*:*:6.111.723.2009:PCI\VEN_10EC&DEV_8139&REV_20," "4ce682def" "000000000000015C" "ee52"
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49743 | tcp | |
| US | 8.8.8.8:53 | soft98.ir | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| IR | 79.127.127.35:443 | soft98.ir | tcp |
| IR | 79.127.127.35:443 | soft98.ir | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| IR | 79.127.127.35:443 | soft98.ir | udp |
| IR | 79.127.127.102:443 | cdn.soft98.ir | tcp |
| IR | 79.127.127.102:443 | cdn.soft98.ir | tcp |
| IR | 79.127.127.102:443 | cdn.soft98.ir | tcp |
| IR | 79.127.127.102:443 | cdn.soft98.ir | tcp |
| IR | 79.127.127.102:443 | cdn.soft98.ir | tcp |
| IR | 79.127.127.102:443 | cdn.soft98.ir | tcp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| IR | 79.127.127.102:443 | cdn.soft98.ir | tcp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| NL | 172.217.23.200:443 | ssl.google-analytics.com | tcp |
| NL | 172.217.23.200:443 | ssl.google-analytics.com | udp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| N/A | 127.0.0.1:49751 | tcp | |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| NL | 142.250.179.174:443 | redirector.gvt1.com | tcp |
| NL | 142.250.179.174:443 | redirector.gvt1.com | udp |
| DE | 74.125.111.136:443 | r3---sn-4g5edn6k.gvt1.com | tcp |
| DE | 74.125.111.136:443 | r3---sn-4g5edn6k.gvt1.com | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| IR | 193.151.157.174:443 | dl2.soft98.ir | tcp |
| IR | 193.151.157.174:443 | dl2.soft98.ir | tcp |
| IR | 193.151.157.106:443 | dl2soft98.82.ir.cdn.ir | tcp |
| IR | 193.151.159.52:443 | edge11.82.ir.cdn.ir | tcp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| GB | 23.49.163.75:443 | service.piriform.com | tcp |
| GB | 23.49.163.75:443 | service.piriform.com | tcp |
| US | 34.160.176.28:443 | shepherd.ff.avast.com | tcp |
| US | 34.149.149.62:443 | ip-info.ff.avast.com | tcp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| GB | 92.123.143.240:80 | ncc.avast.com | tcp |
| GB | 92.123.140.9:80 | emupdate.avcdn.net | tcp |
| GB | 92.123.140.24:80 | ccleaner.tools.avcdn.net | tcp |
| US | 34.149.149.62:443 | ip-info.ff.avast.com | tcp |
| NL | 142.251.36.46:80 | www.google-analytics.com | tcp |
| GB | 184.26.133.226:80 | www.ccleaner.com | tcp |
| GB | 184.26.133.226:80 | www.ccleaner.com | tcp |
| GB | 184.26.133.226:443 | www.ccleaner.com | tcp |
| US | 104.18.86.42:443 | cdn.cookielaw.org | tcp |
| US | 104.18.86.42:443 | cdn.cookielaw.org | tcp |
| US | 104.18.86.42:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.86.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.36.251.142.in-addr.arpa | udp |
| GB | 184.26.44.174:443 | s.go-mpulse.net | tcp |
| GB | 184.26.57.29:443 | assets.adobedtm.com | tcp |
| GB | 92.123.142.24:443 | s1.pir.fm | tcp |
| GB | 92.123.142.24:443 | s1.pir.fm | tcp |
| GB | 184.26.134.46:443 | s7.addthis.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 104.18.28.127:443 | geolocation.onetrust.com | tcp |
| GB | 92.123.142.24:443 | s1.pir.fm | tcp |
| GB | 92.123.142.24:443 | s1.pir.fm | tcp |
| GB | 92.123.142.24:443 | s1.pir.fm | tcp |
| GB | 92.123.142.24:443 | s1.pir.fm | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| IE | 34.253.253.34:443 | dpm.demdex.net | tcp |
| GB | 184.26.132.163:443 | www.nortonlifelock.com | tcp |
| NL | 20.50.2.53:443 | mstatic.ccleaner.com | tcp |
| GB | 184.26.57.149:443 | wave.outbrain.com | tcp |
| GB | 87.248.114.11:443 | s.yimg.com | tcp |
| GB | 108.156.39.8:443 | www.mczbf.com | tcp |
| IE | 34.248.175.81:443 | symantec.demdex.net | tcp |
| IE | 52.48.198.240:443 | cm.everesttech.net | tcp |
| IE | 66.235.152.225:443 | oms.ccleaner.com | tcp |
| NL | 216.58.208.98:443 | googleads.g.doubleclick.net | tcp |
| US | 64.74.236.63:443 | tr.outbrain.com | tcp |
| GB | 184.26.57.149:443 | wave.outbrain.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| IE | 3.248.141.173:443 | c5.adalyser.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| GB | 108.156.39.8:443 | www.mczbf.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| NL | 172.217.168.195:443 | www.google.co.uk | tcp |
| NL | 142.250.102.156:443 | stats.g.doubleclick.net | tcp |
| IE | 66.235.152.221:443 | oms.ccleaner.com | tcp |
| GB | 23.200.208.174:443 | c.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | 11.114.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.175.248.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.198.48.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.152.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.102.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.141.248.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.236.74.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.208.200.23.in-addr.arpa | udp |
| US | 104.17.208.240:443 | siteintercept.qualtrics.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 104.86.110.128:443 | tcp | |
| GB | 92.123.142.112:443 | r.bing.com | tcp |
| GB | 92.123.142.112:443 | r.bing.com | tcp |
| GB | 92.123.142.112:443 | r.bing.com | tcp |
| GB | 92.123.142.112:443 | r.bing.com | tcp |
| GB | 92.123.142.112:443 | r.bing.com | tcp |
| GB | 92.123.142.112:443 | r.bing.com | tcp |
| US | 20.42.65.85:443 | browser.pipe.aria.microsoft.com | tcp |
| DE | 34.159.85.52:443 | alpha-crap.ff.avast.com | tcp |
| GB | 92.123.142.208:80 | ncc.avast.com | tcp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 34.149.149.62:443 | ip-info.ff.avast.com | tcp |
| GB | 184.26.133.226:443 | www.ccleaner.com | tcp |
| DE | 34.159.85.52:443 | alpha-crap.ff.avast.com | tcp |
| NL | 142.250.179.131:80 | o.pki.goog | tcp |
| GB | 92.123.143.240:80 | ncc.avast.com | tcp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| GB | 184.26.57.169:443 | download.avira.com | tcp |
| GB | 184.26.57.169:443 | download.avira.com | tcp |
| GB | 184.26.57.169:443 | download.avira.com | tcp |
| GB | 184.26.57.169:443 | download.avira.com | tcp |
| GB | 184.26.57.169:443 | download.avira.com | tcp |
| GB | 184.26.57.169:443 | download.avira.com | tcp |
| GB | 184.26.57.169:443 | download.avira.com | tcp |
| GB | 184.26.57.169:443 | download.avira.com | tcp |
| GB | 184.26.57.169:443 | download.avira.com | tcp |
| GB | 184.26.57.169:443 | download.avira.com | tcp |
| GB | 184.26.57.169:443 | download.avira.com | tcp |
| GB | 184.26.57.169:443 | download.avira.com | tcp |
| GB | 184.26.57.169:443 | download.avira.com | tcp |
| GB | 184.26.57.169:443 | download.avira.com | tcp |
| GB | 184.26.57.169:443 | download.avira.com | tcp |
| GB | 184.26.57.169:443 | download.avira.com | tcp |
| GB | 184.26.57.169:443 | download.avira.com | tcp |
| GB | 184.26.57.169:443 | download.avira.com | tcp |
| GB | 184.26.57.169:443 | download.avira.com | tcp |
| GB | 184.26.57.169:443 | download.avira.com | tcp |
| GB | 184.26.57.169:443 | download.avira.com | tcp |
| GB | 184.26.57.169:443 | download.avira.com | tcp |
| GB | 184.26.57.169:443 | download.avira.com | tcp |
| GB | 184.26.57.169:443 | download.avira.com | tcp |
| US | 34.149.202.126:443 | driver-updater.ff.avast.com | tcp |
| N/A | 127.0.0.1:443 | tcp | |
| N/A | 127.0.0.1:443 | tcp | |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 104.18.29.127:443 | geolocation.onetrust.com | tcp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 40.71.11.133:443 | healthcheck.ccleaner.com | tcp |
| US | 34.149.202.126:443 | driver-updater.ff.avast.com | tcp |
| GB | 92.123.142.192:443 | drup.avcdn.net | tcp |
| GB | 92.123.142.192:443 | drup.avcdn.net | tcp |
| GB | 92.123.142.192:443 | drup.avcdn.net | tcp |
| GB | 92.123.142.192:443 | drup.avcdn.net | tcp |
| GB | 92.123.142.192:443 | drup.avcdn.net | tcp |
| GB | 92.123.142.192:443 | drup.avcdn.net | tcp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | javadl.oracle.com | udp |
| GB | 2.22.96.153:443 | javadl.oracle.com | tcp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| GB | 2.16.234.57:443 | aka.ms | tcp |
| GB | 2.16.234.57:443 | aka.ms | tcp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 237.202.12.49.in-addr.arpa | udp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| GB | 184.26.188.105:443 | sdlc-esd.oracle.com | tcp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| GB | 184.26.188.105:443 | sdlc-esd.oracle.com | tcp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| GB | 184.25.193.234:80 | www.microsoft.com | tcp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| FR | 213.36.253.2:443 | download.videolan.org | tcp |
| FR | 195.154.241.219:443 | get.videolan.org | tcp |
| DE | 83.133.245.233:443 | vlc.pixelx.de | tcp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| DE | 83.133.245.233:443 | vlc.pixelx.de | tcp |
| US | 8.8.8.8:53 | 233.245.133.83.in-addr.arpa | udp |
| US | 34.117.35.28:443 | ftp.mozilla.org | tcp |
| US | 34.117.35.28:443 | ftp.mozilla.org | tcp |
| US | 8.8.8.8:53 | 110.39.251.142.in-addr.arpa | udp |
| GB | 92.123.142.211:443 | ardownload3.adobe.com | tcp |
| GB | 92.123.142.211:443 | ardownload3.adobe.com | tcp |
| US | 8.8.8.8:53 | 211.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.57.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | javadl-esd-secure.oracle.com | udp |
| GB | 2.22.96.153:443 | javadl-esd-secure.oracle.com | tcp |
| US | 8.8.8.8:53 | rps-svcs.oracle.com | udp |
| GB | 2.22.96.153:443 | rps-svcs.oracle.com | tcp |
| GB | 104.86.110.128:443 | tcp | |
| US | 8.8.8.8:53 | fp-afd.azureedge.net | udp |
| US | 8.8.8.8:53 | 4bd3b32c2f8ed985cad38ebfd08b4c5c.nrb.footprintdns.com | udp |
| US | 13.107.246.64:443 | fp-afd.azureedge.net | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | 123.208.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ecs.office.com | udp |
| US | 52.113.194.132:443 | ecs.office.com | tcp |
| US | 8.8.8.8:53 | 92.129.74.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.194.113.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 184.25.193.234:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| AU | 52.98.143.50:443 | 4bd3b32c2f8ed985cad38ebfd08b4c5c.nrb.footprintdns.com | tcp |
| US | 13.107.246.64:443 | fp-afd.azureedge.net | tcp |
| US | 8.8.8.8:53 | 317f865c49165b54d67c17ecd472d44b.nrb.footprintdns.com | udp |
| GB | 104.86.110.128:443 | tcp | |
| US | 8.8.8.8:53 | t-ring-s.msedge.net | udp |
| US | 52.96.157.82:443 | 317f865c49165b54d67c17ecd472d44b.nrb.footprintdns.com | tcp |
| US | 13.107.246.254:443 | t-ring-s.msedge.net | tcp |
| US | 8.8.8.8:53 | 856a1d8b8b8ec66698c71962a32e9001.azr.footprintdns.com | udp |
| IN | 52.140.48.131:443 | 856a1d8b8b8ec66698c71962a32e9001.azr.footprintdns.com | tcp |
| US | 8.8.8.8:53 | 254.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.143.98.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.157.96.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.197.79.204.in-addr.arpa | udp |
| US | 20.42.65.85:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | 131.48.140.52.in-addr.arpa | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| GB | 92.123.142.185:443 | www.bing.com | tcp |
| GB | 23.206.78.251:443 | cxcs.microsoft.net | tcp |
| US | 8.8.8.8:53 | 185.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.78.206.23.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\pending_pings\bc4b6f4b-7f87-4d77-a90e-e19bdd4a6c21
| MD5 | 31c02e85b3dededa8b8780f68e98a097 |
| SHA1 | 931ddf59cd40a49e74aa8d4c3225b6224f898b53 |
| SHA256 | 728871e1978faf92f56a9cfbecdfdbc9ced8a48cd20919631e6cf4487dee26fc |
| SHA512 | 4f2ade15bd10e6fce7a9a1f0e7e05cdb1859c07ad5770c3eeeda0d225aae58aeedf86665563b5baf7a95dcbf0b479511c6f91928a189445e0e21a779619a50b0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | a79dbe36d91b283954317c8e32e41409 |
| SHA1 | f00ca3002ddd00658e634bc3992956c4959b1330 |
| SHA256 | 632d679fa048e36ff0a63784f012b3493575777c42d21165b3963626438ba035 |
| SHA512 | 71ea0cb7f9dffc2c45b6d89bc9563ee537a9d1531f63ea8211bd685458c266f942e4a144aae8e0a2886dde5d023959d57a8d026ccb641c7626f832164bf0d0a0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\pending_pings\fe390636-d550-4289-ad0d-9ca1fddc69cc
| MD5 | f41157b8499ce1ba567ad29ac62b9f82 |
| SHA1 | 9b1cd788184ca4008fc00f41ffc98f711e49ba8f |
| SHA256 | 529f26535bf807235d6e972899e3a17cc45f6bd1c1c18a80f7deac72c96caf00 |
| SHA512 | 6338269c3cbcedf69db63e09d807fbe4fe66f197568eb64536f5c0d843e1282b2b0e340ecb01c1e1e5922882f404add907d2f2ecd1ebdec10df5aed29e3f9457 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\pending_pings\f1718499-e88e-4972-a4e0-d6bccf82a3c9
| MD5 | 539a5061c1bf539ac4deb8387c89bea8 |
| SHA1 | a814bb35f6c54f95e0dc5c1869fd314ea3faf119 |
| SHA256 | 6bc1e9155d97ec5606dcbef124224543faca17d1b09f138815e0fefe88838d32 |
| SHA512 | 478db7935ee30d3c316e59f7f51efc550dd000215720891a6d9386d52a040b3f4c6de6be6bfc681eb72336ae37657ae1a21b8d2e024d9a2d65028377a845721d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 7b1b97f62251961fc3032a024f789eb4 |
| SHA1 | 36d10f01033f31de8ba20ae664f966ca4b6c7af0 |
| SHA256 | 015868a6aee0f529f35378f5f37abad7ebe119931e53563f72c43e1e5a3703cb |
| SHA512 | cec38df4ece72939f5c016da513235ebd5afed7bcba07ce63e6474c843e5d344ff396c8bd2a14043cd17e37cac84741599b31b77400a55f054d01905c0cf0419 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\seoxtri5.default-release\activity-stream.discovery_stream.json
| MD5 | 10d66df2459a0b4b3f44e42fad944dc5 |
| SHA1 | a50bc9169e5f12eb727acec9db8c622d70278969 |
| SHA256 | b571f23ef986b309c85cc35a0bcfba23179aa4a800d71674442f1ccf829ddcd4 |
| SHA512 | 1b4917336017bfdcea023f4d2b184092f6890b7526fe8069ec6c226f94cd37f719622b9034f06ff7954f792b734133f06f38d17e92c5cf2de6ab5219a7142729 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\AlternateServices.bin
| MD5 | 479e87f40ab452f9821a4b9fec2e4174 |
| SHA1 | a59fd9f2ac3a3d732673a8ee3e53bd335d9c2cc0 |
| SHA256 | 86c33799df378fe0dd37faa06b3856d2ce8c15d4356128328a21358cf16109bb |
| SHA512 | 7b06c7f77e8c5887fb8e0a6faaad42166737f267c58020ec777310a092b6d994caaa214e71e04c484490c76e127b769e7be4399afacfc2e22b28e6e5b43cc656 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\prefs.js
| MD5 | 80c797980a5854dfa861b5cda70d9865 |
| SHA1 | 7e1a2db6dcb7f4068850b146ef5eed658c866aff |
| SHA256 | 6034a13b61f3108fae175ec0e5584b824b7ccf10008201c10dd5b65aa3b7ecd0 |
| SHA512 | d4f7b5a81729d2c98c9b9343bbaa9793e21b41dccbb78410c838086f8ee9c7cf58333ca40383da2535b43899ade405a501812eeb34cadcf61743396a00741e51 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\prefs-1.js
| MD5 | 63a029efc12b1b01225b82751f6ed807 |
| SHA1 | c586247002adfd55fba2d5f3b91b9b58f32f4786 |
| SHA256 | 2074a4784341ebdd3ed2f6aecdabf6b59587242a0c31601a10e060d43675209c |
| SHA512 | f55d1d46ad7c1100ad3c0d52aa0e644aa3f26b6e6991a9604d2c8cf25271774e5522bf77a938fb93a6d5b549c1d2b82d47ae75535e5c2351fdd8c3d80d14d84e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | c5299d456bd838f595ecc8df1f70f9a9 |
| SHA1 | c1d5ada20ec08274e87adc480a237025587b833e |
| SHA256 | 3d7505f389e40c57b8805147ebb14068c100148af72053819b6e534f55693b2b |
| SHA512 | 172f9a6557806eb79da65278c52c4434dbab4523b9bc69135781b764a96e03e7e8c456d61ccfe82f5238cc0ebcbf7bf039e6d83cd193ccbec8d8e0da6c88ce77 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\seoxtri5.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B
| MD5 | a1aadf6365e0ea1e3df52ee9560397fc |
| SHA1 | eee26293bcd5d408a926fe1a1717975278387296 |
| SHA256 | fd022abb655af2892236d1b270fa230a292411d114b4f018d80030b56336b3c5 |
| SHA512 | 09e594527c7653e821fa00ac10bf571b99cad064cd40810c0f03be97c2b54445ff4ee346780b201fdb9daf0f4529c63383e359c372ede6691776434b0a17ead5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\prefs-1.js
| MD5 | 5cf294b611912ee433520c3ee8269d32 |
| SHA1 | 036441628fd717fdde79da8c70c09b7a126a83dc |
| SHA256 | 9ee2f23b7a3ffcf328dd7dc934b1db343bdde1f345e71552dace44da2be8127c |
| SHA512 | 5c28a2ad0b09b97233143defcc8853287cb6d22271617d60a388c5a4b26bf212674c7aa15f1fcb289e6dd057e544cc164fa02ceab4728948e7b8adf46dd56cdb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | ffae6740c6404099a3961eb1dba18b4f |
| SHA1 | 41d2e18c2f5a938b41199434dd93c08b19a3a9f1 |
| SHA256 | a71f0eab4871040de959105203d85adaa0a357f9979ef47a223b0781d7a2a669 |
| SHA512 | 5ded045003cbaed8b448d84bb647b99ddb45b42ab7e35762f1e8249712fbe312f2e45fb6d6b32e82f57eb1177320197ed631bd274635ddfd86c41b4eb352473e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 9ff6b44ec956434fdb80183e00ca40ea |
| SHA1 | 76ce59338ddaa4690354dd292a18abcea5c72ce3 |
| SHA256 | 2afe231d5ca59cf18ff15224f0715cd3c05979060b0a2910713d012f3dc2b8a6 |
| SHA512 | 7734afc05f291d768755a6eb87ae7dc23fe975fa7fac9e36d8ea96ef889163f9037ad7627df673684d24b1119124f76508c06f6344d091e239f5a63bab3dc8f8 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | a30a89f79df8888ae9c1728f2a2dfcf3 |
| SHA1 | 840bdd66e9d7a49288a6298f9c3c1a43c11396e6 |
| SHA256 | 91991cea15b83aaa64bdab8e522c0d324d6f7df18f9e294af43d62fee3e1d459 |
| SHA512 | 1ed6e15d3cba1585c0e88c2ff53cd4f6021bd8d6cf9f3fb17c119715b0a03d946064d549ec66559dc594bc3d2fc3cc55914f0e9d176e7be07986bd8e6fd4848f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\prefs-1.js
| MD5 | d2d4939aa85d600208a7becea1f6c667 |
| SHA1 | 1d08b01da02a2848e857da6e44a14cdebafcaf58 |
| SHA256 | d0fcaa3e5df8d79cd68402b7e9daf99956b926e19769189468ffe86161875550 |
| SHA512 | 7ece2eeebda93ea70df3ae3322e8a5987cf21d4dfa5ed1c8399cae5306841d967d0d4316f0641ff9c7feec8f8d863eb95510b3f13b1360405fbae9e409d6d109 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 1187d43c22872b7a93fe48ed8edf61fd |
| SHA1 | c4e2a011960fdbabb58b24df1cd1548e71adcb08 |
| SHA256 | 90af4102e519bb786e5159a981e7210e69cc00a262e9f9287607c8e7d90dca7d |
| SHA512 | 1b9351c60a7ee5c1853f0a65cf04357880a78c2301dd69f51f1312bac11524f1bf45998cebb1a429fd418ce4cae4998245ad40bae4545eb6ab4e2088468ca17c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 44d49700c1660d827de6faa85e32b436 |
| SHA1 | f2475ede1fb33bb8784f649994b31a0247946c09 |
| SHA256 | 31c907158a3d47093a6031c264bf74c4244b166015d7edd1c12b84f3241ba445 |
| SHA512 | f709582e1f46e6e003cbc5061c64ab67932fd127bb0c51c9a783f1795b3f85a0561857ac315ab19286361f20402898ed3097f31cd18df6ab97e9431a9111ff95 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | b257a1eff4070b8db5ccab943466768a |
| SHA1 | d3e25482d5a954085ab6bb5c916cc8ebbcf58524 |
| SHA256 | b59df596ac78818466bcd3f709760323d2fc04d2dc900d9e4c440b9c424e2b47 |
| SHA512 | 17e45242417a81be938f5f56cc399c4dcc291d03e8c1bd7bece55e05cafdd04169fc9068ad58bb612669884947432a48a9bd0158c4d73f1fa54b998ae9cdccd4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 2d29a76d61cd8a1df79451dfe3e46ba5 |
| SHA1 | 2491a9107c1801f1f69079f544c3aa7c2af2c053 |
| SHA256 | 8acc4086d062dbd341cfcf9ca2cdcdb7d320d1285f42f770cb3498cf6c032533 |
| SHA512 | 40dc121510f5e08bf777a97e954696a726033bfe5f44fe1ba3ca1a7a51f529803ae3628bd629e7eeb7977094b6313b5d4cb781e4c7743452c871ba09dd74f54b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 4e25f7b34541ee3708df2376b71d735c |
| SHA1 | aabefcae78eac1e5a7904a5e2de6ef36aa9c48b3 |
| SHA256 | 06ee2810ab3b171e4d3b7d24b39eabb4fba32f68b5e4f7525f43f6d54ba8208b |
| SHA512 | 6c636c685f6aee7f817c0a5cae53cc92afcd5e77767f3d63f5e896f183ad16d1bdf52368b363f29ba65ff83aa078735dfcedab7d2330a4ce72766169b01addad |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\K4L2ZGV9Y9CPX5EMEF8C.temp
| MD5 | 9eb83501d6f0ec678b8938c667cad008 |
| SHA1 | 4dfccc46d9d9720310d6b63eb304aecf952d5897 |
| SHA256 | 6506af36e03eea2448bb3b86e9b585df0682952f311a1aa8ae65fedd70ecf896 |
| SHA512 | 1c3596d089417392e11cbb5bfbf93cd870c979f90b69ecdfd112e4579f0995a1371d9182716c26b241b18b0cd7f7252df04c42402f7dd15f0b01732cab0f7c9d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 5268c8514b205f4268bf2768e10aa40a |
| SHA1 | eeb70fafdab2739f1193e8ba70b179688ace15f3 |
| SHA256 | 9c1619afb27accb0a9aee2e1440e8d7cc5aba994885b25f3d715021b6388632f |
| SHA512 | 48c149c0ba89cb518dd65f7a1ac2460eabe0229518a1ee21a91ae46543af22f06a73f283e4ba47cbf3fc0c74ab67f2a7b4b30dcec6e2a9cca4b05d5f530f346d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | b35776ab172b25d77e6ab8b72771469d |
| SHA1 | 4625988d088898b36d6c3e2d6ebf8a8451431963 |
| SHA256 | 164e7aa273f43b8f0915ce5cc88979c078b6be22d9e3b519eb60e65250437d90 |
| SHA512 | 7338b801285be86abca446cb06d4d2b476aaf84afa17b129f85e955cff2f2444e6b5b0b2f09a94cbbf6f6bf84b84b86e8a9928381a88d60df71ee61d4a484efa |
C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Block Host [ Run Administrator ].cmd
| MD5 | 6ba5c46261ff52e7438f21ccef5f8c7e |
| SHA1 | acdf309fbfebecb7a93b78068fc1498fae4d9e62 |
| SHA256 | f7d87d0a3977d9ed4ed6eaa2da2fe2aea9564f58cf062f828dec0aa21d9ec11e |
| SHA512 | 106b05fbeca31c78e5e5f33cbd62580aac1b4ef781a78ac2cbe80f92eb01f75beeaa480772dcf2f9f2bbea178e681aff2247dd3d08387b35ca507b90b4a5cc43 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\prefs-1.js
| MD5 | 2601abd09ef927a1b8d1e5e354dfa770 |
| SHA1 | 7982fe33f25e03bddfb3dbdbdbde41bae7a3d60b |
| SHA256 | 5770ed26b6f27750806b7be97ea3b200a073fb45f63c81023193337c6568d0fb |
| SHA512 | 3fe5ef259506d81ded7ca6843c0ea0b43a97b9c80843a14d149a19850f715cce8b78e67711cbac711c7cabcfa312ac5969ce5e5f1aea75500e49a445e7669558 |
C:\Users\Admin\AppData\Local\Temp\nsw7374.tmp\UserInfo.dll
| MD5 | 2f69afa9d17a5245ec9b5bb03d56f63c |
| SHA1 | e0a133222136b3d4783e965513a690c23826aec9 |
| SHA256 | e54989d2b83e7282d0bec56b098635146aab5d5a283f1f89486816851ef885a0 |
| SHA512 | bfd4af50e41ebc56e30355c722c2a55540a5bbddb68f1522ef7aabfe4f5f2a20e87fa9677ee3cdb3c0bf5bd3988b89d1224d32c9f23342a16e46c542d8dc0926 |
C:\Users\Admin\AppData\Local\Temp\nsw7374.tmp\System.dll
| MD5 | cff85c549d536f651d4fb8387f1976f2 |
| SHA1 | d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e |
| SHA256 | 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8 |
| SHA512 | 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88 |
C:\Users\Admin\AppData\Local\Temp\nsw7374.tmp\p\pfBL.dll
| MD5 | b17e3a7bcb1cf4a0d5959a21ffe3336c |
| SHA1 | c1bc1b1b715007c05f79162cab00ba3c23d94efc |
| SHA256 | aac187b6ca8256f90f64d940cbd9aa457f3b52229cca5bb17d5ec4ac3f8993c4 |
| SHA512 | 9e02ff8f279fe0e17ef03dec289c7ae623b2ec2b12434bc08479d8c676e25ed3d0ebac54a44a7e571b6bd65e50aa056338b5db90e94ab5ed3b279d514efcde47 |
C:\Users\Admin\AppData\Local\Temp\nsw7374.tmp\ButtonEvent.dll
| MD5 | c24568a3b0d7c8d7761e684eb77252b5 |
| SHA1 | 66db7f147cbc2309d8d78fdce54660041acbc60d |
| SHA256 | e2da6d8b73b5954d58baa89a949aacece0527dfb940ca130ac6d3fd992d0909d |
| SHA512 | 5d43e4c838fd7f4c6a4ab6cc6d63e0f81d765d9ca33d9278d082c4f75f9416907df10b003e10edc1b5ef39535f722d8dbfab114775ac67da7f9390dcc2b4b443 |
C:\Users\Admin\AppData\Local\Temp\nsw7374.tmp\nsDialogs.dll
| MD5 | 6c3f8c94d0727894d706940a8a980543 |
| SHA1 | 0d1bcad901be377f38d579aafc0c41c0ef8dcefd |
| SHA256 | 56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2 |
| SHA512 | 2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355 |
C:\Users\Admin\AppData\Local\Temp\nsw7374.tmp\nsProcess.dll
| MD5 | f0438a894f3a7e01a4aae8d1b5dd0289 |
| SHA1 | b058e3fcfb7b550041da16bf10d8837024c38bf6 |
| SHA256 | 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11 |
| SHA512 | f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7 |
C:\Users\Admin\AppData\Local\Temp\nsw7374.tmp\p\ServiceUninstaller.dll
| MD5 | 3053907a25371c3ed0c5447d9862b594 |
| SHA1 | f39f0363886bb06cb1c427db983bd6da44c01194 |
| SHA256 | 0b78d56aceefb4ff259660bd55bbb497ce29a5d60206b5d19d05e1442829e495 |
| SHA512 | 226530658b3e1530f93285962e6b97d61f54039c1bbfcbc5ec27e9ba1489864aecd2d5b58577c8a9d7b25595a03aa35ee97cc7e33e026a89cbf5d470aa65c3e8 |
C:\Users\Admin\AppData\Local\Temp\nsw7374.tmp\INetC.dll
| MD5 | 7760daf1b6a7f13f06b25b5a09137ca1 |
| SHA1 | cc5a98ea3aa582de5428c819731e1faeccfcf33a |
| SHA256 | 5233110ed8e95a4a1042f57d9b2dc72bc253e8cb5282437637a51e4e9fcb9079 |
| SHA512 | d038bea292ffa2f2f44c85305350645d504be5c45a9d1b30db6d9708bfac27e2ff1e41a76c844d9231d465f31d502a5313dfded6309326d6dfbe30e51a76fdb5 |
\??\PIPE\srvsvc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Program Files\CCleaner\CCleaner64.exe
| MD5 | 4ee9df4bef3571c74b1a4556e6afae6c |
| SHA1 | 4cd037edf6984b026f25572298e5c6345cbd7b0a |
| SHA256 | c02731acaa708f929e4935da2338cda307afb4729c962722708e5a4e3b8aeb33 |
| SHA512 | a295f2d91639db79c496b31c3f03f175a9b1649d1f4c5342bdcb01c2e8871d3ef48938cfda72c57cc8724ad94d9284fb8f8e9135886e51d69f075b01a8d95085 |
C:\Program Files\CCleaner\CCUpdate.exe
| MD5 | 943a4f169e9a3303ed6defc1ac3690bd |
| SHA1 | e0bd76b866624164c10b85d37efb6474b84164df |
| SHA256 | e531742a357907248de84b99f68ed7e8edd70e7ca918d21b24cc17ee4c128240 |
| SHA512 | da29cafdd63fd3ab3d2378fc6c2810d7579ebd6b62a4f99248458094cd2e42dc0071b83f0aee4185ca1c81139dec2991212ac383d77a737937558bbcb29d688c |
C:\Program Files\CCleaner\branding.dll
| MD5 | eea64d3d3dc333abf45869d252b77d0a |
| SHA1 | fa64bd25c6d50a92c2be6e5313dc2eacc2560760 |
| SHA256 | 01ba7443a3c81d33f1c722606d5673adac580360f8febb70797d2be796f73606 |
| SHA512 | 7f4a54a6405a32022c118fbc1075b0067c401a4fe4b8c200c86d223dfe06c577f89bc11e94086018e77f6227f096506e1b0a8480bc77888ec32ec0afd84f6239 |
C:\Program Files\CCleaner\CCleaner.exe
| MD5 | 6b4c65034b779fa91129d036f2854a55 |
| SHA1 | b0c21f129f58f4195cbffb8268b5693b0a4c4f2a |
| SHA256 | 9cea0bdcf677382833e973158a0c7c9b5dee86fbd7c6fdb8b114aa7b23e64d58 |
| SHA512 | b3d16086c09b23b6e8fa796e307348c005a2885c6067a5d180eeba39178d1a37fa6dffd4aad6f7a1624c9e150bf3b62f49ebfaa7612ebb26dc34264fcee88dba |
memory/8048-3746-0x00007FFDE54D0000-0x00007FFDE54D1000-memory.dmp
memory/8048-3747-0x00007FFDE54E0000-0x00007FFDE54E1000-memory.dmp
memory/8048-3745-0x00007FFDE54C0000-0x00007FFDE54C1000-memory.dmp
memory/8048-3748-0x00007FFDE54F0000-0x00007FFDE54F1000-memory.dmp
memory/8048-3749-0x00007FFDE5550000-0x00007FFDE5551000-memory.dmp
memory/8048-3750-0x00007FFDE5500000-0x00007FFDE5501000-memory.dmp
memory/8048-3751-0x00007FFDE3DB0000-0x00007FFDE3DB1000-memory.dmp
memory/8048-3743-0x00007FFDE54B0000-0x00007FFDE54B1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsw7374.tmp\modern-wizard.bmp
| MD5 | 8bd95fbd159e00b9823fe8d60ccf9b50 |
| SHA1 | c55e1a485062efcae2ac4d4aa43172a0d8dc9413 |
| SHA256 | 6ef238fafc028ba028eacbff28bcc670cd7213df9318f99f619ac3e2988d16f3 |
| SHA512 | 1bbf9d41d3180cfddb99e300142b619ddbc225a099a43e8755aecb44000a4248a7606d04bbea3c1e65143fc488c40d30fcf9bdd418174bd821247b932977f86f |
C:\Program Files\CCleaner\Setup\ab440ba7-a8f9-485e-b7d7-9124ff5a27bf.ini
| MD5 | 2af9f69df769f876f6e02da18e966020 |
| SHA1 | 5d21312d9bd23a498a294844778c49641a63d5e2 |
| SHA256 | 473d48a44a348f6c547aefd2c60dd4b9de0092e1fb94a7611bdd374783ef3b2c |
| SHA512 | a4705e5491cf03867fd46e63293181bf761d04fe0cccb86e373dd567c68d646634f64ef95d5b910d2266468b93bf7cdf6f9acbf576c6f42a4ff6c3caa09d2274 |
C:\Program Files\CCleaner\Setup\61c8d31d-e0b0-4b1e-95b0-1793a93f621c.dll
| MD5 | fe6f58fb55d9a93502528c3c9bb13a3f |
| SHA1 | 516275dddbc9e2f056342201b03a0931d93a6239 |
| SHA256 | c427bcf6b065edf06662e0540e3e9a21c07095184e7bb9d05926dc3b79fc3348 |
| SHA512 | 7f45f187d6c3156b89e2daf0c2bfdc60a59140ff94f8255fa672422abc43aa1252b0fe0fa0a3ef675f9e71c33b26424597c015db83dec7f5e20ee8769c61c619 |
C:\Users\Admin\AppData\Local\Temp\asw9821107274b621ed.tmp
| MD5 | 28d6814f309ea289f847c69cf91194c6 |
| SHA1 | 0f4e929dd5bb2564f7ab9c76338e04e292a42ace |
| SHA256 | 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 |
| SHA512 | 1d68b92e8d822fe82dc7563edd7b37f3418a02a89f1a9f0454cca664c2fc2565235e0d85540ff9be0b20175be3f5b7b4eae1175067465d5cca13486aab4c582c |
C:\Program Files\CCleaner\Setup\ad494186-1679-4f5e-a9bd-9602437ce2c0.xml
| MD5 | ae6a8195071ca62513212cc891097046 |
| SHA1 | 59e970ce9228067477754b352217bcf6aa7624a6 |
| SHA256 | 6670a81a48ea5c942c3617f0cfa026352adfa1a9bcbb7848f4c41ea427585ff0 |
| SHA512 | ceae43a60089f75f654e9a639a06afbdc213f031d5aceebb73ef5cb41e300e7ea209c17bbd3c5f1de5b5eb7bf3770ae7222263c0ba23202ef48ecfb91072014e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b0177afa818e013394b36a04cb111278 |
| SHA1 | dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5 |
| SHA256 | ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d |
| SHA512 | d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c78f8988e0518bcf8ab9b17756d32224 |
| SHA1 | 97c52cf09b499638511e1db80ac618a9b1a5169b |
| SHA256 | 7f826f0988ffee8cbcd6f3174de581270ec79592f9cb571f72a5e6fb5ce59959 |
| SHA512 | 3917eba55a19a9971bf95e881928208420db8009001759d9461babc3d541c3264e70e21f369c575130aa30e87a5f71dd4add982b6443d6cb3b6d4c53001f4d28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | 6252e6fd2df17d09da5cd211f30b5d3c |
| SHA1 | 0131eae8c576b70ff9cd43e9acebf908510fa134 |
| SHA256 | ecf68318687d842e7bd02f5f19fa911e925ae5e28da49ff5b39911dc3a8bb832 |
| SHA512 | f95ff07da07813aa5693e3c0b21691144635371d5b66f4d6634c5d8cd631be989c74bc98be12d3311fd131906848a4151daa7b9b3ea57ddebb6e068f52afab0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | b66a5adb48b3f2ed1cce4d04379c3ffc |
| SHA1 | fca3b11b488b1130423d28a077e56de65261833a |
| SHA256 | f1d6c96baee9f26f3430addff9a995f4a2ed9795ae5d0eb1268f3183fda4a9e2 |
| SHA512 | 5564a254504aca32353981b3fa2f838791e3ea9ebef958511226fa11c6a928ef3e2c6a6df6e483f4d18aaa618fc958cc2edbc4061eff1fc6438f950a44368658 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | dafd74bb9227bfd2a61ca2c2185f1798 |
| SHA1 | ea053b0295ce1c42dcc492f7897d47402438a855 |
| SHA256 | d2e27c01f7ab805bd54cee52cfbf8f0014a88c8ef075ff347ea7fce2cdf6e285 |
| SHA512 | dfcaa1839f7dab8a2cedf9b5709566b63d2bef701378f10ad66c9b6b982aa5a4396f0d98b5eb8f2f8383126c16624f90a612992d7d6faf1fdb8a4d038381f74e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | ad3b35a5ca76e0a648ca41fb7147d772 |
| SHA1 | fa514d9f56fa7eaa93a96c61a2d5e5cc82e44ab0 |
| SHA256 | 4724906c68305be2e6b3411d24f27eeffd77e38b69518714a0ff674504b38b89 |
| SHA512 | d096ffeab868e23bb9e8842212cf02e90d15dd0b171ccbf7b35ce9474ad6350a6fbfa9d4f3b034d8e48a26381f5ba92a9ba688829cfc9256469065955186897e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | d9b322a9437b5cc5a3bb7f3804227ba7 |
| SHA1 | a765fda0aaaeb1e0f0f7d4ea9ab46d2b8282c89e |
| SHA256 | da96ec773298a65fb6dd39e284e3c4e5df16b96bfed992900f7294032ee2658b |
| SHA512 | d58caf819a4c4dcd8347095a92e8b27d07601decd8982ac63cff56dcddeb5d9230a8a9bd9e2c1e476f20f9d21ecf1ed0c0cc0ead2f2ddbd54c73dae9d952b19b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ceb8310fd876c4dd49487c54d8ffe65b |
| SHA1 | 3f98c9f6b5f85ec1bcc98a93966f1f55f03a281e |
| SHA256 | 08c003520954a204011598de16609eefd98684d3db1d9af7c8399bbee0551b53 |
| SHA512 | eaf813c3499e803bd53ce10d3ea2312ac4466f6c09c6dfe9ca7e2b1802430c744e506a2d05d7e7359470d3d024a1c9c7a0c647c1633b1513dd7320f7d065de2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 74b92d921538718ef4a90085ed927af1 |
| SHA1 | 0477889074642281a40175b61f7fb58ca528ef48 |
| SHA256 | 05c2b43037296bb2d88e1a48a43ee65861c9b1d018b9e55d6288bb07c8d3bab1 |
| SHA512 | 323f17c5189d329e3ff78a944bd2f7f06862014ea20f16ee39100080d9313987d940f867be8cdeda0ff5c2081917ea351fe2f33f5a9e55f78f376eb3e6270afb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | abaa9f5b61dda3205be679795f820dce |
| SHA1 | a8f23b5986a6bc121934e7c5c731b9452373b371 |
| SHA256 | b3dfa258137edf2dff988c781d5e0962ed939903de158eb3fe192d3e14e47823 |
| SHA512 | 75bb846afbe5fa76bb57f1860a9615b914c1133bde1ddb54a2e48c59c7a2082b25bd5bc8adf8ec37fd9af06bf805bf0647b7954bbcfb2b962a2e663dcdfba648 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | f067ec6387af9962b8ddf98c46826c9d |
| SHA1 | 87f914b4560dfc85b93fe5197d6a1c78170c69c8 |
| SHA256 | be7248321c98f8dbceb61b98610982eeb1ac54465a34de4048ae51dee6450d9c |
| SHA512 | 38bdbd415e0fe84f8572f4c469798b93bea39be5834b5f69553f5cfbc357422976e8f1bd3312c200297f29ff547668ce240278b83b6f492d97267e208e18438b |
C:\Users\Admin\Downloads\CCleaner.Technician.6.26.11169\CCleaner.Technician.6.26.11169\Patch 64bit\Patch.exe
| MD5 | f3f183ba8a3c43dfcbef0396ad5d917b |
| SHA1 | 8a6edcfa27a7f29cab0d6e2f0595eec2c8b2c123 |
| SHA256 | 849d56ebcfdc2cb97c4a7ab9c961c3b7b80700d43963b7db2b6934609de6104d |
| SHA512 | 2b997fa759e206ac1576615e048f0f11665c2ae57abe55e780022796c02214aaf66fbe6d7ea37152908f833ab8c6ddbdf9a53fa96910f499aa9850e6e3170c77 |
C:\Users\Admin\AppData\Local\Temp\dup2patcher.dll
| MD5 | 0aed5af9cae586f68e77d952e2df6e38 |
| SHA1 | 6bfa5f7f33089145911ec87936aa2454a8a70455 |
| SHA256 | ec98d49254b648dae0dafc81f2ea9f2a71fee1c7c21a11640f30d9b9b501693c |
| SHA512 | 9dc72e67d04b2feb8b0ec03a48abe6bdf18696adf5fe479794080e8f3a48011e6b1b9948e49f1b5979f92e4cc9da7716d326009816e4af9d889b50e56c2b5253 |
memory/7120-4009-0x0000000075830000-0x0000000075856000-memory.dmp
C:\Windows\system32\drivers\etc\hosts
| MD5 | 70809cd25a7156ceaa842a6d11d98fcf |
| SHA1 | 52eeef0faf1fb4d76366229fb14d0d5c77489fce |
| SHA256 | fd1a1472795deb9f898f0ee8d14be6f39c72a13e09be36aa6b2308f353a4f900 |
| SHA512 | e00702864a178e24fa41f6096a7d9e3062257710c6130f94739f1f70bcb83b2973596d9e191909c79e3dc1df2cfc6df2ede24201c44cda2abb8cc46dc6d87a22 |
C:\Windows\system32\drivers\etc\hosts
| MD5 | ad0b57ce666c9c3d169da07aed9af78b |
| SHA1 | e9e4233995efe326c3c627c856fc95b9aefcf9c6 |
| SHA256 | 37e59dcaa10f3c38eea641c753a8be9c16feab65095857a040c2003d74c9100f |
| SHA512 | 6df1ee11a97c6a0d2790c89bdc69d7b9e83defaa7e2a90e0677e2faeaf05c848155e06ee7fc924f7621b09d9b7564c764204b1381f01acafc602d6c19de07caa |
C:\Windows\system32\drivers\etc\hosts
| MD5 | b45200515c29a4beac5d3dcb914a7fc4 |
| SHA1 | 49b6450f15336ed7f9980c4f5476d81b54fefc29 |
| SHA256 | 957b94d5a0ad789fc5e6970757f8dc9c246423ea92055ddf60d2844dea745133 |
| SHA512 | d62555cbc390be0a16ce311c0fbf5876a1f506f25d5bbb4e49640d805db50c17eacba580d53533fa3f1b4fd9210a6c6ca5878d369116d477c30df83472b83c4c |
C:\Windows\system32\drivers\etc\hosts
| MD5 | 5c91a3889e4a188e80312f93f9881d58 |
| SHA1 | d89657fe43a98d45d4af5490b62dd714e26daddc |
| SHA256 | 60282a234ba110d3ed9f1d2018d8828f08aea4231f3c817b23e57f012b7ce55a |
| SHA512 | 5a112b2236218ed00d31bd7880ba9bd4598689c6ed6715ab71c4e86661a8030cb764c951e59261b2073363d26ff2a2b5125e16cf3215aa40428968b4a776251a |
C:\Windows\system32\drivers\etc\hosts
| MD5 | 8e01c79df4903471d0b5a822770b3ace |
| SHA1 | 72700ce1969e75ee52d6db0811f34a3fa4ff7731 |
| SHA256 | d1f073bdf8ebc6a227dd6e9244cd5ef23cf6981a87157d3c5f77b0321f91f5e3 |
| SHA512 | 3cfcf744c9ccbb583935a340f997ae46fa18d6c1741eea535c502b5b915e2a88725874f84c434997135cb2f64a43f97ff42b9421a83291882d906e226bb4fe7e |
C:\Windows\system32\drivers\etc\hosts
| MD5 | 79d033feb5668b9617389d58be8f8ead |
| SHA1 | ec216d3223200e427c1fb7bb563cb0af25e3cf61 |
| SHA256 | 1312905ca1051276ae1e0b8bf811e1a80fdaede690b44979290d14ebcc82e9b0 |
| SHA512 | cb0c32963e31db40e2062ba59c5ee476e224f785ae1eb02654169b724d6d302b0a76df431b5471bd2053aba2aadb89c12af93b94960d8b9f3b6c744b425d568f |
C:\Windows\system32\drivers\etc\hosts
| MD5 | 3f358de74cf8a61f7e6fbc5e24535ec4 |
| SHA1 | 598ee1c79f324fb4181489bff2fa7782c18b4334 |
| SHA256 | 4fb35d4656edc4e693d990c67acd21fed25f0e3376e7b946863eadbd02fbbe9c |
| SHA512 | 553079ffd0c00961130141bee90b3d7038b94394c4b430838c84164c3f738feb3849ab9ddf87f2eb14c80085e5dce77c0c7844f144c99d0baa82b935cbf448e0 |
C:\Windows\system32\drivers\etc\hosts
| MD5 | 05ede6389e1581ee8d56e468699ecf87 |
| SHA1 | 40643b63b6f1d95f70469db0e2164197fefba265 |
| SHA256 | 99942c3c7b073592f0da6eb296fb63daa1e139f05a9bd6dc3685bdb9ef6a2768 |
| SHA512 | 2b3d1159bd73b5d840b2872d85a25ffef3c5e200c2027166385392ee80889c89aa73a769e1882bec82654f0ff7a353744322024381c7710ffd3ef1ba20b3771d |
C:\Windows\system32\drivers\etc\hosts
| MD5 | a3b83bc2bbc323a0fe9591b4f2341f5d |
| SHA1 | 12a9049771222e39822293f2e49b5cef56b6f11c |
| SHA256 | 8231fa62369f0ab4fb4de709a9f2f8f7092fae9c2aab9a369bf4fadbf031e638 |
| SHA512 | 96d550687ee82f4b0435906e37646bcd1fa7a9c2f44f6de35868838711064f5c7fa9d6a508383bf4b17472ada1b1e4ea13334b918b6dc7644bf33286768dff8f |
C:\Windows\system32\drivers\etc\hosts
| MD5 | 6e1461c4232df9de51d7499c3a5830f5 |
| SHA1 | 735fc6cfcd8950ffc5dce3c3ba95341532ed6e1f |
| SHA256 | ca72cb1641543719081fb6607ab405add80d99e4c2d1690cd74868164823eb12 |
| SHA512 | f7d0a50444cde595473285891e8c154e4064ca16754c9d82bf71a17fa0237f43bf9f85818080a24b16de42f3fe3597d412bbdd01faebf08c43470167e8761f00 |
C:\Windows\system32\drivers\etc\hosts
| MD5 | 276aabf22b1439a4b420d405f7cd71ca |
| SHA1 | bc08f7ee108c533ca754c7a34253122a9a3fd32c |
| SHA256 | 492b95567565fb33e4bf5f1ecaeb4be8aee8a20a67c54660f0deda8f6d38ebd8 |
| SHA512 | aa026f61bfd832578099f42a9dec1b90e8cae01f13cacd027ff6e2a78c9fa8250edcc3434a127393c4d78e050a87f0ae40b79758918f0d2660dd789136e6b4ae |
C:\Windows\system32\drivers\etc\hosts
| MD5 | 996c623bbabea0c23e55b1a7a3a23460 |
| SHA1 | 2a7be56aabc8d469ba2e51ce1abc3b2202d44fe8 |
| SHA256 | 09103bae19af0841e6ce4687d5108e5c26739bb464e7fd33b5959e235b7b6d6d |
| SHA512 | 7abb4b9eda2305aada65eabfee06dc6da8a2957edac78b0cceaa7893e41094873b97ff4ea1feb6427313c6c8826e8829989c9ecec9596b728ef4c9f6aa941efa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 80963ee7221f0a972f796a1ca1ce37a9 |
| SHA1 | 329d12c4320d4a09537138797f29474e97bb3fb8 |
| SHA256 | 51bab64fa714265aaf1aae189240198c6bf314661ff8c4a98d519ecf9e293ea6 |
| SHA512 | 2d8816231175870f72f17b630e6fef3533fcb4c983892fc55dea04d31b0b09a2a3f62ade040597e5ad61caa0dedf475659c5f73ddc5da671270f6139a764110c |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | c474d74e7614680164db48fa83d1be11 |
| SHA1 | cdd680532d8f6f63b0b500b51b8876da7f494154 |
| SHA256 | 193d860a670118faefa95486ede5b5c335262730edcb0d2ac0b45b62c92d4570 |
| SHA512 | 421fd8d7665ea657f228e1065f71fb6db30e86d6d215420650fa36c178000b09e4486fdad7687aa8168f51c3a1512fb12d70b916016d4aed6de9731742a0ba5c |
C:\Program Files\CCleaner\Setup\config.def
| MD5 | 05927e894c81eb42c3b4dae5a5a6c937 |
| SHA1 | 7ec0660aac7c3396599447a49f30ba18e1f0db49 |
| SHA256 | 09c65b39bc891e12956ab7bb30fae147ef7c8fa37542b6f040613436b566e7f8 |
| SHA512 | c06e2788952a3550597f5b539cf8f5cf7a569e33192951bc8ce97d4570bd4ba35abce99586f309f3e1cffe6f1d83aee98b79c0c26503ef4cd4d1fbfb40e1ba4e |
C:\Windows\Tasks\CCleanerCrashReporting.job
| MD5 | b434d315b133404b868307293cd15dac |
| SHA1 | 83a3278c43ca69d03144cf0da73016a8f758dc42 |
| SHA256 | c073dc6e3b31badce1789d93c514ff5436e133c8effcbf73e7960bce0b470059 |
| SHA512 | 1840bb0e0404bcd1d87abb44fe06c8f790aef156027581fed5deac353b2ff6d36f8a41922b9b0d5d89ae3382a4157061dc91c37f34056a2acd3ae9bd497c1140 |
memory/5176-4136-0x000002094CAB0000-0x000002094CAC0000-memory.dmp
memory/5176-4128-0x0000020949CC0000-0x0000020949CD0000-memory.dmp
memory/5176-4160-0x0000020955090000-0x0000020955098000-memory.dmp
memory/5176-4162-0x0000020954F40000-0x0000020954F41000-memory.dmp
memory/5176-4161-0x0000020954F50000-0x0000020954F58000-memory.dmp
memory/5176-4164-0x0000020954F50000-0x0000020954F58000-memory.dmp
memory/5176-4167-0x0000020954F40000-0x0000020954F48000-memory.dmp
memory/5176-4170-0x0000020954F00000-0x0000020954F01000-memory.dmp
memory/5176-4178-0x0000020954F80000-0x0000020954F88000-memory.dmp
memory/5176-4180-0x0000020955050000-0x0000020955058000-memory.dmp
memory/5176-4183-0x0000020954F40000-0x0000020954F41000-memory.dmp
memory/5176-4187-0x0000020954F00000-0x0000020954F01000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
| MD5 | 4473253da606797a4322536ceb018eb3 |
| SHA1 | a4e01b1ef1bd54da20e4073ec293ff1a35fd33f0 |
| SHA256 | 43a42a4dad3746478d650147da3e3eee68c752089912c82fb1d461c0e19c5c1b |
| SHA512 | a50b2b6471d46aa720a96419f9a199ee39745aa9c1d3f5bd9497c5b40b34a15d813d8de66bc68cb2e9c3948211042091809167267e638720782b97483b04c0b2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01.log
| MD5 | 78451de73936ab55658f57be7d17f869 |
| SHA1 | 035e56b23cc86cd4e3c89dbaed7fca0f69e8edb8 |
| SHA256 | 3c913e725c01db0d6e85ffe4438792a6e9de04d379126945025d5d079e73f9be |
| SHA512 | 7391cf4eb8df3330fef2603670eb09a18e9fa10d4332532220efcd4399de76b3a51645d065d6094a3a95b09bebcb4df457ef998560769f2a95e30715ad2925ff |
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01.chk
| MD5 | 8306332f5bc6920dd4c696cb711822c3 |
| SHA1 | 6c03faf40267c41e204a29f674f8afb568da49d8 |
| SHA256 | 9a6b170dbef8a633c4733357f2875d2e0978f09ddd876877cfc82e3624466c7a |
| SHA512 | f02f016b980afc782429d03815afa4c7ab0010c81dd7095faca99941f83d24e173ce76b327e87aecb2e4016aa87b74214355fe9e6da57925df8e847c8329357e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
| MD5 | e6337fda1bd68f60afa7c247cb80e366 |
| SHA1 | a97a8607aad654f2d92d5722f9a912a53ce9a81a |
| SHA256 | 0f8b015f40a8f0f04e4b967d28aba37e291e5e543e11dc3e7527aee526c0e7f1 |
| SHA512 | daff22502489f8819d0993b0510ac5932932599f52aa3f991e78f7d30f94b7b0140b79ac8bcc3e1eadca8e79c1d6c42b848fc7a1cf3727742f17f0f3e584c76b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01.chk
| MD5 | 72d50cf1e9eec6ef4b5fb5fa077d0a22 |
| SHA1 | d43bfbfc76ef46958f0bdf1c79f250d29d330525 |
| SHA256 | 60bfdce6d6c14bad9ba0d2d9502b0d7abf501e172300c763c9ea2f2af4b4a9fb |
| SHA512 | 9280844da5e9d50a29d54ce23dc6f9c449a363590ea1494c1875ac99d3ac6c8a802ef799d8a7befd9c489fcafcc6d777806b0aa08642c7148ea1a58892bb3a2d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
| MD5 | 3b12a3a16922b526d979d743922bdac9 |
| SHA1 | 72c97fb32e08e86663364c725bf6a311a2f92d17 |
| SHA256 | c50c73a8ae41d920cc1f81f2a480cdb639d266da8668fd937dcc7d641ecb557b |
| SHA512 | 345290c44a567aa318403424ab36880bb568216fce05289bccf2f5546f8c9257b6bf3c252a8a88c70e2ee390c08454571accb4da47772bbd95ffdaa165775837 |
C:\Program Files\CCleaner\gcapi_dll.dll
| MD5 | f17f96322f8741fe86699963a1812897 |
| SHA1 | a8433cab1deb9c128c745057a809b42110001f55 |
| SHA256 | 8b6ce3a640e2d6f36b0001be2a1abb765ae51e62c314a15911e75138cbb544bb |
| SHA512 | f10586f650a5d602287e6e7aeeaf688b275f0606e20551a70ea616999579acdf7ea2f10cebcfaa817dae4a2fc9076e7fa5b74d9c4b38878fbf590ffe0e7d81c9 |
memory/7092-4392-0x00000000038D0000-0x00000000038DA000-memory.dmp
memory/7092-4393-0x00000000064A0000-0x0000000006ACA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5kjpxsjj.5rc.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/7092-4402-0x00000000062E0000-0x0000000006346000-memory.dmp
memory/7092-4403-0x00000000063C0000-0x0000000006426000-memory.dmp
memory/7092-4404-0x00000000062A0000-0x00000000062BA000-memory.dmp
memory/7092-4405-0x0000000006430000-0x0000000006466000-memory.dmp
memory/7092-4406-0x0000000007150000-0x00000000077CA000-memory.dmp
memory/7092-4408-0x0000000006390000-0x00000000063B2000-memory.dmp
memory/7092-4407-0x0000000006B70000-0x0000000006C06000-memory.dmp
memory/7092-4409-0x0000000007D80000-0x0000000008326000-memory.dmp
memory/7092-4411-0x0000000006C60000-0x0000000006CAA000-memory.dmp
memory/7092-4410-0x0000000006B10000-0x0000000006B2E000-memory.dmp
memory/7092-4416-0x000000000C390000-0x000000000C6E7000-memory.dmp
memory/7092-4417-0x0000000007A90000-0x0000000007AB2000-memory.dmp
memory/7092-4418-0x000000000C820000-0x000000000C86C000-memory.dmp
C:\Windows\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3
| MD5 | cf7d2ba867042501d22fe4651ec2084b |
| SHA1 | ee2b6143daeb6693a034f46fa69cafeb798a7449 |
| SHA256 | 50e2919ba15af354d757bdd8ae19eb931e4fb9ad8c0a05b6acab7a97898935a6 |
| SHA512 | 4f8807fa9c3fb81b6a3b53396a0bc18aa7cb68f1a61b804c3b848f433baaed380baccdbfc50442dab5a225031ba8ad1e9c9024823ba3306f92334ee79d7ffe53 |
C:\Program Files\CCleaner\Data\DUState.dat
| MD5 | 333d99d5a1f0d6272365b891bc9ca4b0 |
| SHA1 | 17ff37719e686ab252f2bcf266488cec051ba3e3 |
| SHA256 | 7fa8a4ae18ca8a46a824501049718b6272d7758b38e33e5cd4336077f20f59d4 |
| SHA512 | 474bdd93a7c5d2698f6b56799158a6fd9d740e7fb9b1a251d67ae907ae77ec56025be692b54150e7d417350c718d799ea6d924e945a963902049af7b0f86ec22 |
C:\Program Files\CCleaner\Data\usercfg.ini
| MD5 | 67f004f0da91095ebc35059fc7cb9c91 |
| SHA1 | d547df4fbcb60cb4a1fdc8d13c493218c15c7903 |
| SHA256 | 6cee77f42305df556e2ef7d8ab8b0e9056f7792da80172a52b3d3a087438ad3d |
| SHA512 | fe3bd34447acdcb95d21a33318e426e634ee8ead3b97ea0e85de3680e0fb941f64dbc389c1265807ceae44568ff936dc8ca0aea7ec576b290a1c95507b39e739 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 7fed1a89281d7e93a7a0c0494cf9578e |
| SHA1 | 7c8f94c5457aeb8121b35465c096a159266a3b3b |
| SHA256 | 86c02a22e3ba1a2dad84902521b9274fd63de4ea05486c2371bbea20c9fd2078 |
| SHA512 | 5e3bc0b42e80af817d7378036b2d895098e3268e07a4b1a6bf790b7fb7a3145c10697f4df44743e0799cb53ed4deb156fd96fc30498a6f7e1d5d5145a8694e1b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5f6635.TMP
| MD5 | 43bc396d0bb62ef6eeb004ff5f601f85 |
| SHA1 | 144253540bd5d2cd75754def383945d02e03e651 |
| SHA256 | ddc9d43e831bcca13369b05ea4a88627e11c9b0e0decf079642562bb5657c75a |
| SHA512 | e9f29c22dacedc224712cf71c5021ac2107a12db5836b5009ad1df28f1f43e6799cd1804029f8e9dab35a27ae1c7ed15951aefab477ad63e353d5bb5743036a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\567582ba-0b0a-4bfa-b173-fccd9f29034e.tmp
| MD5 | b147821e69fe651fb064ee08e7d501e9 |
| SHA1 | 2d2c99a097a299712b25ae5ddd2746432d9ef22a |
| SHA256 | cea121e7df8ea67683e3a3330f851c387f5af158445324cac2b4746cf7d33ff0 |
| SHA512 | 51aec1d5153f056ae99946035dd76ece4aa89e29102e763892dbaafb97d1fc72bd8eb501a76aca7d87964d4658e4e1c71c9bccd504df0983d074dfbd46c2f47d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
| MD5 | baeec8c41912dddad83738647623eb8d |
| SHA1 | 77c9dde301355a34225a74410e4af833a1850835 |
| SHA256 | 8fca12c0e819527384809e983637e1ee28b178afef658efde6df8487d5c9c45e |
| SHA512 | 2b9f01aa71ff378d62c14db456531e317b6965ee5899e7889f6ac8e92e9f94d48f28c6b1a727b13b2e4960bbc8812d8fc147079c2e3751659f5417906fbebcb3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
| MD5 | 6369d6a68a8dd290aa8e8ec2f04a1be7 |
| SHA1 | 218cb6a10757ce77871594ca4ee7f58f1041225c |
| SHA256 | 54f01b2000e38a52ed9835ed2b7c65d5c63fdc823286b7525a5d5722b01e99b4 |
| SHA512 | 0a5e6812d5fba1aec93f796901f99e34a6d95984d47a926780dd01d222de4a8b57d4e44a89275774ca7fb20050452e0a9bcf489fee3a49bdc37733e5f7718e30 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01.chk
| MD5 | 708e959d3f43c4e045eb87915c3319d1 |
| SHA1 | 536142e047ba649d2aae885431a489e37625cc93 |
| SHA256 | a07d32a786589fe208411c86aee2bf19e6fcfc895122ea387cfcfbb66949ecf2 |
| SHA512 | 247177cd262ba50f8ce4f567616834b47ad8b550f4f234f13af513a6e724e000c6e31eba1ae831f46dff0fd3f3491664b2cbada0bec770ce80c6807933f0c3a1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
| MD5 | 869c218cc803e570326b6c0789fc4377 |
| SHA1 | 039e86afd73a733e3a92b375d1bb818c9881e270 |
| SHA256 | 61519af81a1a6a9106c7fb591f9ca3d3fcb26f340359b40049de219b0eaa38b4 |
| SHA512 | 31df5c73de3e8c59b4a42110570d1724e263307186571662fedc21d343962d1cccba4139775e3ef9db8239b65c502ad72591a50001f949fca0c29b33df5da9bc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01.chk
| MD5 | bd8970baa17ecc791d1f2c9c6612020a |
| SHA1 | 67852dfb5165d735354b19b02c2e3306e52d505a |
| SHA256 | c05275da7aa6fa5b54300646924914b816a47fba8c96e4088cd06e3e2b917f69 |
| SHA512 | f38b09302b90dad7064b6f41f5a775a8f20065c7240dd63064338d8d9cc582b6e6fdc927bee9964f22d12d8f1275096a0cc81fed4c59c90e92af32c58d6afc69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 15b3c630918474f4fa3ef97ef42ff937 |
| SHA1 | 45499a23e282b11ca9482474549aa93b7fb74a1d |
| SHA256 | aefb68bfc3f33157d435de590d98daa84493272bd4ae7ee1fbead9ca5b3301bc |
| SHA512 | d52c9089ea45db0335ffaf2fb19ab36cf4c9efe377f87d00442be151b37400b6b0bb7df6eeee0090e480846c9af5ba0dc2f161676d73b92a76de17eac79e930e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
| MD5 | 29208332bae4d22f38ac42298e53c621 |
| SHA1 | abb33802af576a774d7bdeca15b54d8c620645ae |
| SHA256 | c23aec960406572158208a5fe75549614f0ae60c80b78b29025492aa7d79fd45 |
| SHA512 | 4302865ed3839031dd9a077be5b7260313f4ffe6361f5d19476e329181e79aff0ce82cb1b7e77cd28a7c3e50bb6fae8d0fef37eda6ca3a497bf054837f761eb4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
| MD5 | 3075c97cef41306bee2d37ecb351e423 |
| SHA1 | ee36413ba3378eaa0c2ff2d6056966b07ba60bf5 |
| SHA256 | 0c2c782d942258b914052c40adcfeaa370c4fc5fa7c153e2c5ca43b9a9d226ac |
| SHA512 | 688bf6ad230077d739137d4f63d7dc310c3684050e83bc94a45b23e40f2756820bcd432efe1907321dd4f2d8ed46a53b19ab18a22786cd1d59ad8956c858da56 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ZZZZZZ.ZZZ
| MD5 | ce338fe6899778aacfc28414f2d9498b |
| SHA1 | 897256b6709e1a4da9daba92b6bde39ccfccd8c1 |
| SHA256 | 4fe7b59af6de3b665b67788cc2f99892ab827efae3a467342b3bb4e3bc8e5bfe |
| SHA512 | 6eb7f16cf7afcabe9bdea88bdab0469a7937eb715ada9dfd8f428d9d38d86133945f5f2f2688ddd96062223a39b5d47f07afc3c48d9db1d5ee3f41c8d274dccf |
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
| MD5 | ed7ce1a4b854131e3e7478dd9e54a015 |
| SHA1 | ef2e67e09298d44864b912a0c546873ed05fb365 |
| SHA256 | a65a8d1926d90b754c9de6dd571af184d12f9b45a4ebe459e86853c92c061210 |
| SHA512 | 00606402fad94fb66d0315208e35ea46477ef69f90d147daed37703ef4000d613a6822b68469712edc012ab9f3afa9cf12ec00b99d30b697cddf9e57c1ea1b25 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01.log
| MD5 | 8b8d47f36fd8f80d1cb5c58255813089 |
| SHA1 | 3a03536b495afb4ebee3df803906a6298a136302 |
| SHA256 | 457beb4cd27043d6f62bfc4a01e204e94ea5f2e2270b24ba1da62c68a915339f |
| SHA512 | fb421be546c80443080016eafb3224c7eea74c9f17da47b0b62338ffddc677d4050c5b0aa484a4398d1bbec2ca3f436c1373ca6ccdfe338010c3adec319c0f9a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
| MD5 | 7252c56584082839b280b78032aac5f6 |
| SHA1 | fd26149f686e7a0fce3b3fcda8a6699652d2b7e1 |
| SHA256 | 4f01fb1be92a5d9b796471ef96937e17b455aa653be701a4e373d82a1697934d |
| SHA512 | 84d0a62399215102d6f59cb79ab35849763119ab1c69496b8703827e50ef39dc28ac6579cc5b0009707c28efdcd9ccea66c760e0efd1da9c726131562020713f |
C:\Users\Admin\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0
| MD5 | 2893d2f470ce917bb13832d9dd103e05 |
| SHA1 | 6551645a8179e79fe30cdcfce32931ee56da876b |
| SHA256 | ebc7c006dbeedb1ea29ba183bccf6f86e2e5ab874a7787d477accc34df1c0213 |
| SHA512 | 35354db31228d7bcf74e1007846e2d9e0507d5e62cf4568eef564f3af8f0de9251c3c9a0147acd80b0ed46814a54816e6d9373099018a5c651ebf7a33ab2fe0b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01.chk
| MD5 | 4a3b02de85eebb2e908021e6bb99d1d0 |
| SHA1 | 6c92d6197483b15c4c280e036eb33ae2d9ae867f |
| SHA256 | 94f23306569be8730a09fa473c12290f68341d697c252fc895ef276056ffaadd |
| SHA512 | 0dc3417e898e9def48e1b5a3b88000ff7c758908750ae1107440c393c5d341bd1ad139f38e16d9cd05aeeef00e76190d40cc811f1d8f8a653636ba3359508313 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
| MD5 | e79ca79fa36da13ae06b7485a31ec6c0 |
| SHA1 | a433cd13153769dae1f5ea9e6a8cff8ac71f1b46 |
| SHA256 | 193f1bd9c3a6e8cfe3c66f412a6ab20f19be9dc41497fcb1d831475ba5720224 |
| SHA512 | fcdffc4a1cbac79f2eac55a8e9c80e74766855130b94e8734722dc53a0b87332a943f319100b3e3138ed76c9984d2e4fc73ed61027d68b70cb84ab06eb1084d6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
| MD5 | 7da9a79986914b697a41c83bf38e484a |
| SHA1 | 6f17e9cce43493a074fdfd8935f4c4b6faa06b40 |
| SHA256 | 44ea10ac6c2d4c9cde0537ba37d06e5ec4895125b5deeb6637ec584e8a4d04f1 |
| SHA512 | 31cea0d88857c9cc167afe075f4bb49264e1ac3cbcef18fcccd8b1a17e90fb42d6fec6bd6daf9fa8132fe7e0f338aaed33313c6d1f2d5f10525791e132160f04 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
| MD5 | cb272b99840018ff4ceebb40ce2b9621 |
| SHA1 | dbdcebed4afc9e47ba0f8a955eeae7e131c8273d |
| SHA256 | ee3cbabc74a18e3c043dfafc7c9f4096941da0c51f7d632ed845b58f908e9e39 |
| SHA512 | 8f77098f2077ae2319b44568f0a9f769650dea88ad9b467200109a1291723a308c93bf8a5d52b3b25a26e0a4292803b38c4253894259beebdabce2b01ebe47e8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
| MD5 | bfc7131cea32c3e9c6788dbb2ff7f178 |
| SHA1 | 0078cf3ad51ac8f2e53a85c07fcc85a0b7eef769 |
| SHA256 | ff3c1a40937086ebe6bebc5fbba4dfc53c5ffcdcf0215c90828608e956f84f91 |
| SHA512 | 35340819ec3eab8fb85373a20dde1b37664f273545cc18e7ae253ed6d5e6b4ad0a45c0056e659ea9d4279fc90f10e329c29c326d4c69c38fae12a63f1937c11c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
| MD5 | ac5cbd03be6ef7cc361b84891a8c3e0a |
| SHA1 | 788d9f8f2af5e880d764b729782ebd16b6c029b5 |
| SHA256 | 544ea4388295200ddc05f3fd2faba9f3dff1fd78c870bc2805336371b38b389c |
| SHA512 | c968196922eb37823a7969de4f9620a11e6c312a1a51657cdd3d7dd52ba9fe89cc55f45c4289ef8173a1e6118d142b18d4e19ee40957e8cec18396a47f29d7e2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01.log
| MD5 | a79c47d3daa0c2ea56c76caa657c2577 |
| SHA1 | 7172b22c28e4f38b99d84531a998e2ea2ac75606 |
| SHA256 | e6ba95917ac4599ddb62553650a0f04083fc45f8fcac6803dffcee41fa59eec2 |
| SHA512 | 423e98f2607a4c3cca01b61833db3ae7f25771b2b18133e0cb34541ba1ab7cdffdc85875a686f403b07bfd6820047d9fe1a6a730b761e8af511ec37694a3e2a1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
| MD5 | 2ebf1c44a607d662ab5df00f78c6de49 |
| SHA1 | 1bcc61dd7d0ee99873b5efe7a52bad40041029b8 |
| SHA256 | 14584e3c6e2e1316e07861ce1d4b1226020addb8bb28b8f63fc3f8c67614647c |
| SHA512 | a5c7c5a6be573d258cd919428b3322a7ca591320bae75d0b0d93db8b628ac421f7a97de48669abc1b5625b4e2cf73922c566dfdd6bdd0c542b82e2ea5c8a1714 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
| MD5 | 7285397ecb2bf082b6aa5ddfa673fc64 |
| SHA1 | b0771acdbd64b5798095959e8dba9abc9a96a7a9 |
| SHA256 | c5d9ceeb7b5759c9542daadad3b29fd14734277a620cba8b60cb88d4a0916c29 |
| SHA512 | 160848a2965e6f18ee3878454260179a18c0d2235971aaf1b5cf6f281351da60804424b4c9acc0abe1675d643c9672306d3932e500c61d740465fe6e6f2b8390 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
| MD5 | 0598e4e7bbfed0f4994d8134d9e5ba5c |
| SHA1 | dc8a95fbe5d555bf0e9234824542eadc3fe405e2 |
| SHA256 | 72f0e482fc7169bdf79debd23cf8b5af4007d8ef68f650a8fdb48c348274c4ce |
| SHA512 | 3f1ed0dc2f8ad424a15b2e3075ad21cc9a83fead1e820b840d73be03ed7b084cfc8c61c7efe59f9d34d31ea662b57f83914962a1b0130dbde722bc93b39b3e03 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_exif.db
| MD5 | d614a3572ff336119a699b94b6f7a489 |
| SHA1 | e5cfb534e9316dd0821e28449e4183da5974de37 |
| SHA256 | fcd6ef71df2aa1134bad38a9ffddc1ccbe7d20667340197454a01d4463beacbf |
| SHA512 | bd6a914a205c150bbc60c3d61037050088fd4ac777aae2cd5849a570956b1a8ef1bb15ac1dffc28a532b1998cd507b1a1754765a2826a08f6a0ce2eb427175fb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db
| MD5 | c251be09b85bfb247096bf24d538ded9 |
| SHA1 | 8857aa800ac2f5ee0365eeb10619d0f87d5e3e0a |
| SHA256 | b72211ff34392a0c9bcb52424a7392f45b490b77302c0753d61b5294ce865a6f |
| SHA512 | 92da61faa6e75a1f85227cbfd310626071715a8503ee1da9785f569581643983465b10721a62b8de6da8c6aeea1205a8f8f082e7da0b4a592e47c748e8d66111 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
| MD5 | ce19e5a951a8593fc2f00a3d8a9c20be |
| SHA1 | c08512cb6a1ab512e3fc01738924b74208d4e15e |
| SHA256 | 7f047d62d9f647fb1ca8d7fd7227528c781c0a13e4c5cc5e830c261bd8babee7 |
| SHA512 | 9a2b5d7ee30ac4d9e82d478d381a15f7488a07c941ad1567e0700ea5b9be6ef74b8cd3a7429a98c2072529a4a795943e35604f111df46a3fddd4517ed4b74a2f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_48.db
| MD5 | c5429b2b4fec66f1b566588b8637f82b |
| SHA1 | 5514370f6ae8b67a25677e915b9933597f19cc88 |
| SHA256 | 9655d302cfdd780e5eccfc297f277af2d2b87f8f850b1fee522efc82f0355cd8 |
| SHA512 | 84d2bc5edb402f23c5a11dddfac0374636c76c4ea2c3697d66beb3c7f09a73ecbb1ee4adc901ea25aef9b918f7632a4d369c1457aaa3cf93a9707557439866bb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
| MD5 | 6f2ff2bcb8b0c09fe1e5d74f3e41abc4 |
| SHA1 | 54a721ef26d29ec175bf563e28f2deecd67e0fe7 |
| SHA256 | 7190fa9449fd51b4dac65d68c40530ff359c96229d1b7148b236f35dfa662db6 |
| SHA512 | efdaac09d0749bbcfd2f3c41e20056089566331130b266943c3bd66f35e8b3fd1ac00ede715e5a53fedc4674b24b8223790ec4c1293bd6163f8ba31191a95858 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
| MD5 | eeb195a9e8455140c4e8a94e56fe24e4 |
| SHA1 | 5f58532505ee033ed2f95b92a47b67c14ba93e33 |
| SHA256 | 6fac3cba525b7d4b75e056c6c5c849840eaa70436032985f0914e1ba69b967f0 |
| SHA512 | cea1470eba257a4420e52e891caafd3bc036be7525e98d6edd49059d4dbe72522a33e4eb3b33b32cabca68766dc1ef0a272fed1f983f92d01585ba9145f678f6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_768.db
| MD5 | e073961a203975828821f7ba84bd9f90 |
| SHA1 | e6199549a5ad7dd9c97e764ca8b24d35996dc6ab |
| SHA256 | 581ae7382ea9ae4935984bb6f95411d2146e207f4bc39539a30a186d8d68f17a |
| SHA512 | 354b0d2fa014702676dab6b194aec31c7095a1fe7fc8e4da6af3d142313ac5cc02ce9771014a9ac1d3f951f67e297bbc84e6e6ed01f8de0e5b424200e335f272 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1280.db
| MD5 | b6524640ef23112389026e0d54865993 |
| SHA1 | 0d51175befbe70fecc2c928cd92859d8f161edf7 |
| SHA256 | a59331eee6ce259d384008f0ff9d0cc67c70b6a94a3573fc67bb7808983077f1 |
| SHA512 | aa39e2e1acf1026e6f26506c351992d3c616cb29b5184a96f8c868722919d90b088ad9665258c2be60e73be6a929ad7607cd79bfaba83e32f1dd2cfabac35248 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1920.db
| MD5 | cea28b78f8d13a0606abc12ae5f31ace |
| SHA1 | f8dcc9234ab6dc9f86bb6eb0d928fc26abe415b3 |
| SHA256 | 8f7a066fba201d4bb9aa992e0bddad1162618beebaff5c47943a32328b57e21a |
| SHA512 | a5672ad0b418b0d7968f3c9c375242bbf384b53800506761411882938a5d170c09b08343f8d85977142d7e24b0940c23e9d766be8972a554aff8a72352ea18e8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_2560.db
| MD5 | fa44ec4ab7c0fdc1113f4c732d1b57a2 |
| SHA1 | 366eca0008f113efa6ecd5699f7448e3f5ee5afb |
| SHA256 | 05d6268bc072e615dd5c3b2f258e5574c504b5bf478060127151a4937fb000bd |
| SHA512 | d87b34b8b794f2a252060a20c749eec9b011dccfa93f09a4f7efa881ab5cf33334940ac4fc0d8d3119a4f219a4ef4e854a746027db02e1443e0b1c4fde0dc460 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
| MD5 | 82f31078a2f87673ba8c42f10bcea507 |
| SHA1 | bdbd3274d55a99cf2aa5997a3badd0559608497b |
| SHA256 | 8db0c20fc61a982687144f7d64f77ba65324c1920d376d0f44933267510155bf |
| SHA512 | 5813ca3d1f7a13a38ddfc07f7a4a791e611aeec446dffeddcc7e00ea8e806d8a322b44ec2f0558cabc21e3d31a951d7278bc3c4e9b5263b01e392ff3a72df63e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide.db
| MD5 | 1a07b0e2f77f61034a7d612e1e5f470e |
| SHA1 | 9360c180041c05d5ef664148adfa1abd11581f1b |
| SHA256 | 50292d63f45b6b65351f0398605b0c48be6ad6b615580302403823ddc8d6e6b3 |
| SHA512 | 69c02313273c085a752316bf92fd5b88d02512e876497968f971c3f414ffb073c605b98913afab688432a5ec9be392d1294a89bd33341a2687a6be9273dd4a17 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide_alternate.db
| MD5 | ebd53ed843732cfb616bd5b28a20209f |
| SHA1 | 2275cc01a69d04a4ac495dfc1a6b2a5f0f42a236 |
| SHA256 | 6a956576b437f458dd3ef22d81f1f699ea218020825016d8f045cb318aaa4057 |
| SHA512 | 42e7363e3427bbd97615a2b6491db89d047daf1fe0aaad84eb762e51c4f5c970616af1a74ca691a9f67f7da1221d62fe546d2f18494ba9c4c9cf0667a4126742 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_custom_stream.db
| MD5 | 85df711aea9a66b31e77560048ed4b39 |
| SHA1 | 59fb6fb7a99ab79ff58668e2ed4d1fd1bfdd76ec |
| SHA256 | f813172fba3106896a1fe49af010959fafd1a8fea2cf1fd776418c45e957819d |
| SHA512 | 26e3b5d16111c7e0fc4f0c1993c766917bd9d228ad46a544924a5462aa402227c5141a09abbd45651accbf1f3f244d20dcb261040dbd6aa679cc7199e15118a6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
| MD5 | f8a4359251b02a841ce22945bcd9b19e |
| SHA1 | 1693bf5f34781b590214b471fb8fe81d8f748f91 |
| SHA256 | 7b39841487d0e06d41ea079117152034dad265c7786d59d4c98204ae90979e52 |
| SHA512 | 77cb16f3fda817c082819ffea92968316e95ba035e3d4060cb99cab90f5480ae13ae9b72f7e0e163ed260d8bb9d5a60d6540cff543e239dcc58d1e77f538f449 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\cookies.sqlite
| MD5 | 7b6c71a538007678e4c50c7256453710 |
| SHA1 | 445be273c09fa1500fc7bf7e7a838acfcbc2e3b2 |
| SHA256 | f27da636889e0f45596c10bf74d6878172d46b0ad230ff8024790c3d96c1ee20 |
| SHA512 | fd7a52886f9f2348bc26632a54910e62e6ec42f0b3561c85c662274678f59c0e5764f14e7a66b4b484cf792dba08211f726b73198d402ed63a69e09d653c0aad |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\places.sqlite
| MD5 | f5e62fd89606c17e58fac48a47202c2d |
| SHA1 | 03538236437f4cf123c4cd000e671d89128aec5c |
| SHA256 | 00697632ec1a5db20c5d46242b031a307f2591f8502afc5a3f30f0460a7fd6ed |
| SHA512 | 40d80974a9ba8548e3655e58770e2233ef3c0787e87a5e2bd114e66aca852d56b50c9db00cd463f0dbae0086888d205d25821149f9a7f4d469deea3413cf22c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
| MD5 | 21af19046b0bc7ddbbc0bcf6a8b66d15 |
| SHA1 | a476996c623d928715205f20b57baebada03618d |
| SHA256 | 1ee66eda487f80facf836ce8f5cbdc1847ebbb61879ef008332f70aceafbfca0 |
| SHA512 | 20835d5eafb4683f5e6da470098e24ea2c5048fc7d59a584cc46cf57367b761560c825ba28540cbe60cfffe3d6e698ad1f3ef47be0a1a939936033b9979addad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0140aa0e16081e5bd9aaf88588d41b12 |
| SHA1 | d3b8aaf88c9564ee06b5b54e9a357766e0440af1 |
| SHA256 | 51f244c726aafbff6c7fb57ed602d149bf2593440a7f2c17663a4e9badccd622 |
| SHA512 | d05a9f8c2b40a8ed89d41b12f015e86207d04b7323bad646fd4eb90e7eb0a0953abf0efd221d36120f6a3daa8429276af96705d099c5661181a85bfb2fef7314 |
C:\Program Files\CCleaner\Data\StateHistory\DUState 2024-08-09 19-14-41-474.dat
| MD5 | 0a1a6f7cdf61e40eaaf2270a84192b31 |
| SHA1 | 541374bf7cae2e05f450db223ea945f7ce72571d |
| SHA256 | ac3c7bd4cd2e5fdb105789e81968c4c8695b9bcf26a5d84a0c788b33d3362fb9 |
| SHA512 | d154a548aed536a0926705d2688d6f8400356a4c52c16d05b296196ef951074f09dc612873d1a60b0d5f926bf703f2916e051b0f82c66ff50d1b37172455e60f |
C:\Program Files\CCleaner\Data\usercfg.ini
| MD5 | b061fcf4daf701b54c39a57171b57001 |
| SHA1 | 71c4442fbbd5f8ebea9a1cd37a9a02ed4d9ab596 |
| SHA256 | 02dd879915114fca120a3ac4db4b52973acbb4bd558c60c5a62f1a744e0ea3bd |
| SHA512 | d4b58769ac166edcfb8ff892e8c9042a027b63204d163bde8f471df96e9cb06ad57ab191852ffdbff0ac2afa88c2c4cd8fab2177dbfc87647a86d07dd6e0a731 |
C:\Program Files\CCleaner\Data\package_download\603584132f9204bb981aa93aa1a64f284858effc.sig
| MD5 | 3001b388b37161962ce4f9795f6bcc23 |
| SHA1 | d29594979382b8d0491355cd6d6e33b2a57a6db1 |
| SHA256 | a863478d458508befc80cb3e4644cd032d3770d196c9a55274fe6076eb78c9ec |
| SHA512 | 61c8122ebfd0c563d7339aba4c8e9c172d18c86531b4e6c313318e48f37e388f9d1f5ce14de94880c417ab8b354af48b5da08d0837e6e450060937b523771efb |
C:\Program Files\CCleaner\Data\package_download\5ab31921e7608b750e5af368503de5de1f7440f8.zip
| MD5 | ba25338429003f64b2df2a0b0ee847e5 |
| SHA1 | 43819abbbd8f9fcc8ed3b2ef89d4e2ef3f6ee2c6 |
| SHA256 | 3fe26c1dc1b4b00ddcd1a474a7deb332a6bf5e40b9e9a38020eb43acea97242c |
| SHA512 | e547a3bc955760030aa55b32927beb01d4ed98ca439a6fca2ea509b2784d2bdb58fb87804fa024777b48f2636ec7ab765b9af9a5b0c8055f605feac104dde8e4 |
C:\Program Files\CCleaner\Data\package_download\5ab31921e7608b750e5af368503de5de1f7440f8\cdrom.inf
| MD5 | 011c578ee95ffa84fd413045776a8387 |
| SHA1 | bc543c4377b4788f36180bb2b045c5500835191a |
| SHA256 | 56a5a9c23f802264a963f17ef1631aee662cdde971753dd6ec30242ab78db608 |
| SHA512 | fd6297dc14454470dfbdc6738a880b475d7a75b97c6940278628e410bab90207731821a511d74b00e06529a430490aa64a860e470f559e94f83433dc50a2ea6c |
C:\Program Files\CCleaner\Data\package_download\5ab31921e7608b750e5af368503de5de1f7440f8\tstamd64.cat
| MD5 | db7ee31f61cb4aa3464cf92eb6824b5d |
| SHA1 | 5c5db1ba51da70dd552704ae5b35cb108f7215ba |
| SHA256 | b70afedf8be7d9df46e65a6c30f258d3e03ceebcf505f44682aacb3a8a0dd2a6 |
| SHA512 | afe3131103092d3ea3bd7adee1e7caabfbdd31f77ff472059fc615e26f3c9eac0700c8c4c035141c902bd31285b347ee2f4e8187e4de2960bb47c46d66aaf6e3 |
C:\Program Files\CCleaner\Data\package_download\853c8e15e9910004b3aedff1cf9474b5b42f363c.sig
| MD5 | aa62de79a5486153af2a4562ac171545 |
| SHA1 | 86f82041f1d2237052179d0ad23d1325fec26c2b |
| SHA256 | 6ed8efdcf0a813207991cfc87e2aa2a46e6a958bea842f558538940bfd602286 |
| SHA512 | cc4af034e5530d4581a5acc5dc7d29c961217b3f89aa3a726f39bc87b39dacce38d4b800d70aa7d258c7bb49006e46a5d944dcbd999aadd92c731db737fb697e |
C:\Program Files\CCleaner\Data\package_download\df2052ab846c543608316e16ec18ed5eb296f4fe\ich9core.inf
| MD5 | bc7ff14dda8cb5df1fc5f5e1bfee7491 |
| SHA1 | b081e57b1455374fb610eec26f6154a8870b8859 |
| SHA256 | 791623f421c6c6cacbaa1b04d339c23ea527471a970ac65b7a81940cb9d655ba |
| SHA512 | a062b227766217a3e55b8b13a12118667453e5047cd2b9cb29336a8a2ceb29791f01fdd0ccff844958b6150129d7a3d5bd40aab4f86607b4caf0170d439e21a2 |
C:\Program Files\CCleaner\Data\package_download\df2052ab846c543608316e16ec18ed5eb296f4fe.zip
| MD5 | cf4255ef5a4c58040f8ad1fd810e676d |
| SHA1 | 85079b7050ebfd52ab46fcf78e57845ad89daeb2 |
| SHA256 | c3ffd03177145aeed6a389b81995c48a2dfd8ad44a95e4a0e48df176fdc9b024 |
| SHA512 | 5a5d7162092a9de68737f62dae718c93576a7b4836d0fefa064767cbc0f0809e8e557e8198d80f683de2cf0d130a202d13ec0ca406cf51ad94ebb93667c77466 |
C:\Program Files\CCleaner\Data\package_download\df2052ab846c543608316e16ec18ed5eb296f4fe\ich9core.cat
| MD5 | 411a36c3a680de7b6ddea05daee17a71 |
| SHA1 | 1d61d17d2803b22911b5d35914301aefb36d8a6d |
| SHA256 | 6e1d3f88ff843f3b824b3606409e67015092bb4b262e68d9bfd9cfef29adf953 |
| SHA512 | a0f370f5b16f2695fb1c945df93baf58cd0c378f8316b48431de7f1836c50f20f6e9673d3bffea606e1acf3af0c446bcdd41687a395aa5dc215d29a2c9ffbb3a |
C:\Program Files\CCleaner\Data\package_download\c159b16b2d5bcacea4edce02720f3e2fb1220bfc.sig
| MD5 | 2fa94d9cb96d8b1861efb8c9e3169874 |
| SHA1 | af73f0646ccaf40a1a549c427fcdc6d8ea9bc5fe |
| SHA256 | f19d3b6d94bbe9d89bc84afb9d6e90eb2a1bf320aa5b5ab1a93e18e6e450ba66 |
| SHA512 | 30411ce9bea88bf5307787567427ee02b02957cf5e3a164c65cb068393bb610ea02c9828a947e5115bdd8e4e0513adad5381eb0aba4ed4b5e1977b76fc41a5cf |
C:\Program Files\CCleaner\Data\package_download\d3309a95bdd4456290d2571593848ea9323e84b9.zip
| MD5 | 4d996fd9e91c80748afad1de3a38c70e |
| SHA1 | 9bc5bbf85c9d7d01380c84d9748678e5daf3df5f |
| SHA256 | cee5f833126832bcf6118327cede07a4d1f43cdbb1a1fb84c62a83ca4800697d |
| SHA512 | be6d3c2741a5ce93bf306fdc7e7d449a7bc231b9b5dcdd5a50019b50152a6c65aaeafbba74b5e013954984979a39706f07db87241ea584b80da37a24955a6270 |
C:\Program Files\CCleaner\Data\package_download\d3309a95bdd4456290d2571593848ea9323e84b9\Netrtl64.inf
| MD5 | 74d25cd2f242dd012b789a72830fd20f |
| SHA1 | 66fbe5eee86a6de50f6f61bbadbc1e11169f71b3 |
| SHA256 | 3345152381359ab8363ab0aae9a4defc5984c0182743008951135d0e60607659 |
| SHA512 | b1c2f0726339c6134c72498aa7489e2bebb7cbfcf5985d6ef8d0c85a4bb4aab50f5a71544f853f7fafae061b22d6dd706464e9caaaa1136cc49b8fabc40066a0 |
C:\Program Files\CCleaner\Data\package_download\d3309a95bdd4456290d2571593848ea9323e84b9\netrtl64.cat
| MD5 | 7e72f9e83dcd9de4f61bee95fc124f60 |
| SHA1 | 2c96f9d62e751d1207bef6a3904a4a908acbbad7 |
| SHA256 | 34083f817b214ec27860c6ca743f163b3e81a631b99a53474a7848950734da91 |
| SHA512 | da7329da973f7675e4dfa42cbc89bfa3eb5d8c50bccbf99ea259e52a3fc49635934095ebe60f00bd606b029e2a72af6d2faaa7ce6089c3be10e437bb30a06f55 |
C:\Program Files\CCleaner\Data\package_download\d3309a95bdd4456290d2571593848ea9323e84b9\RtNicprop64.DLL
| MD5 | 45fab8bac606608166f774f3970cc17c |
| SHA1 | 06bc3d94bcfb0c764cb34355c91dc2b5812e0226 |
| SHA256 | 740e5ce1fc7749daab3e44505248cadd303f05aeaddb5ebceb922d51f6dc30bf |
| SHA512 | ac05d29368c80507b72f4a6f0326f53b119360a0e0aeb456da977984688e20abb01be9c0a61cb0222b1b6e30dd8037c23d2547b139886751c1ad54ec320ef24f |
C:\Program Files\CCleaner\Data\package_download\d3309a95bdd4456290d2571593848ea9323e84b9\Rtnic64.sys
| MD5 | 04c2d5bd8d0776320230978a0aec3bd0 |
| SHA1 | 7349c1471fc9f76a4a7500a69973d6fe7ff793d0 |
| SHA256 | 88a58e4a2ca66cbe5bf07cb82800b25206c90955067187e96adfee5263bd0612 |
| SHA512 | c9dda00b706014ac6ac04e10a4239a91a7df7be36b5a846ddc9f6d7ac77a30765a93f782b165776b52ec06c51a02170aa93fa2270d2721dccac936666f5e0581 |
memory/8048-3746-0x00007FFDE54D0000-0x00007FFDE54D1000-memory.dmp
memory/8048-3747-0x00007FFDE54E0000-0x00007FFDE54E1000-memory.dmp
memory/8048-3745-0x00007FFDE54C0000-0x00007FFDE54C1000-memory.dmp
memory/8048-3748-0x00007FFDE54F0000-0x00007FFDE54F1000-memory.dmp
memory/8048-3749-0x00007FFDE5550000-0x00007FFDE5551000-memory.dmp
memory/8048-3750-0x00007FFDE5500000-0x00007FFDE5501000-memory.dmp
memory/8048-3751-0x00007FFDE3DB0000-0x00007FFDE3DB1000-memory.dmp
memory/8048-3743-0x00007FFDE54B0000-0x00007FFDE54B1000-memory.dmp
memory/7120-4009-0x0000000075830000-0x0000000075856000-memory.dmp
memory/5176-4136-0x000002094CAB0000-0x000002094CAC0000-memory.dmp
memory/5176-4128-0x0000020949CC0000-0x0000020949CD0000-memory.dmp
memory/5176-4160-0x0000020955090000-0x0000020955098000-memory.dmp
memory/5176-4162-0x0000020954F40000-0x0000020954F41000-memory.dmp
memory/5176-4161-0x0000020954F50000-0x0000020954F58000-memory.dmp
memory/5176-4164-0x0000020954F50000-0x0000020954F58000-memory.dmp
memory/5176-4167-0x0000020954F40000-0x0000020954F48000-memory.dmp
memory/5176-4170-0x0000020954F00000-0x0000020954F01000-memory.dmp
memory/5176-4178-0x0000020954F80000-0x0000020954F88000-memory.dmp
memory/5176-4180-0x0000020955050000-0x0000020955058000-memory.dmp
memory/5176-4183-0x0000020954F40000-0x0000020954F41000-memory.dmp
memory/5176-4187-0x0000020954F00000-0x0000020954F01000-memory.dmp
memory/7092-4392-0x00000000038D0000-0x00000000038DA000-memory.dmp
memory/7092-4393-0x00000000064A0000-0x0000000006ACA000-memory.dmp
memory/7092-4402-0x00000000062E0000-0x0000000006346000-memory.dmp
memory/7092-4403-0x00000000063C0000-0x0000000006426000-memory.dmp
memory/7092-4404-0x00000000062A0000-0x00000000062BA000-memory.dmp
memory/7092-4405-0x0000000006430000-0x0000000006466000-memory.dmp
memory/7092-4406-0x0000000007150000-0x00000000077CA000-memory.dmp
memory/7092-4408-0x0000000006390000-0x00000000063B2000-memory.dmp
memory/7092-4407-0x0000000006B70000-0x0000000006C06000-memory.dmp
memory/7092-4409-0x0000000007D80000-0x0000000008326000-memory.dmp
memory/7092-4411-0x0000000006C60000-0x0000000006CAA000-memory.dmp
memory/7092-4410-0x0000000006B10000-0x0000000006B2E000-memory.dmp
memory/7092-4416-0x000000000C390000-0x000000000C6E7000-memory.dmp
memory/7092-4417-0x0000000007A90000-0x0000000007AB2000-memory.dmp
memory/7092-4418-0x000000000C820000-0x000000000C86C000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-09 19:04
Reported
2024-08-09 19:05
Platform
win10v2004-20240802-en
Max time kernel
31s
Max time network
43s
Command Line
Signatures
Credentials from Password Stores: Credentials from Web Browsers
Browser Information Discovery
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://soft98.ir/software/optimization/212-ccleaner.html"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://soft98.ir/software/optimization/212-ccleaner.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2024 -parentBuildID 20240401114208 -prefsHandle 1944 -prefMapHandle 1936 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a54d662-5736-4aa7-8bb1-d661f913b857} 2020 "\\.\pipe\gecko-crash-server-pipe.2020" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2516 -parentBuildID 20240401114208 -prefsHandle 2488 -prefMapHandle 2484 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca22ee40-e997-4f05-8834-16666667cee2} 2020 "\\.\pipe\gecko-crash-server-pipe.2020" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2940 -childID 1 -isForBrowser -prefsHandle 2856 -prefMapHandle 2892 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b94b9c33-185d-4dcd-9018-2c1cb705aabb} 2020 "\\.\pipe\gecko-crash-server-pipe.2020" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3736 -childID 2 -isForBrowser -prefsHandle 3440 -prefMapHandle 2764 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f91022e4-d4e9-4ba0-b661-8192138d9146} 2020 "\\.\pipe\gecko-crash-server-pipe.2020" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4448 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4400 -prefMapHandle 4408 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c441e9aa-ba09-4221-b140-28964d782f09} 2020 "\\.\pipe\gecko-crash-server-pipe.2020" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5184 -childID 3 -isForBrowser -prefsHandle 5208 -prefMapHandle 4668 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9798d145-7e96-4260-aebc-548cab02aaf5} 2020 "\\.\pipe\gecko-crash-server-pipe.2020" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5584 -childID 4 -isForBrowser -prefsHandle 5576 -prefMapHandle 4668 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21d75a0f-fd09-4ff5-913b-ff9ecccffbc8} 2020 "\\.\pipe\gecko-crash-server-pipe.2020" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5648 -childID 5 -isForBrowser -prefsHandle 5728 -prefMapHandle 5724 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6044af12-b5ee-4a95-ad8e-e7d06524cafb} 2020 "\\.\pipe\gecko-crash-server-pipe.2020" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6236 -childID 6 -isForBrowser -prefsHandle 6240 -prefMapHandle 6164 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa823b40-1002-4417-a204-a0effa350a75} 2020 "\\.\pipe\gecko-crash-server-pipe.2020" tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:56799 | tcp | |
| US | 8.8.8.8:53 | soft98.ir | udp |
| IR | 79.127.127.35:443 | soft98.ir | tcp |
| US | 8.8.8.8:53 | soft98.ir | udp |
| IR | 79.127.127.35:443 | soft98.ir | tcp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | soft98.ir | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.127.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.110.239.44.in-addr.arpa | udp |
| IR | 79.127.127.35:443 | soft98.ir | udp |
| US | 8.8.8.8:53 | img.soft98.ir | udp |
| US | 8.8.8.8:53 | cdn.soft98.ir | udp |
| US | 8.8.8.8:53 | beta.kaprila.com | udp |
| IR | 79.127.127.102:443 | cdn.soft98.ir | tcp |
| US | 8.8.8.8:53 | cdn.soft98.ir | udp |
| IR | 185.18.212.82:443 | beta.kaprila.com | tcp |
| US | 8.8.8.8:53 | beta.kaprila.com | udp |
| US | 8.8.8.8:53 | beta.kaprila.com | udp |
| IR | 79.127.127.102:443 | cdn.soft98.ir | tcp |
| IR | 79.127.127.102:443 | cdn.soft98.ir | tcp |
| IR | 79.127.127.102:443 | cdn.soft98.ir | tcp |
| IR | 79.127.127.102:443 | cdn.soft98.ir | tcp |
| IR | 79.127.127.102:443 | cdn.soft98.ir | tcp |
| IR | 79.127.127.102:443 | cdn.soft98.ir | tcp |
| US | 8.8.8.8:53 | img.soft98.ir | udp |
| US | 8.8.8.8:53 | cdn.soft98.ir | udp |
| US | 8.8.8.8:53 | img.soft98.ir | udp |
| US | 8.8.8.8:53 | 168.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.127.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.212.18.185.in-addr.arpa | udp |
| IR | 185.18.212.82:443 | beta.kaprila.com | tcp |
| N/A | 127.0.0.1:56807 | tcp | |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| IR | 185.18.212.82:443 | beta.kaprila.com | tcp |
| IR | 185.18.212.82:443 | beta.kaprila.com | tcp |
| IR | 185.18.212.82:443 | beta.kaprila.com | tcp |
| IR | 185.18.212.82:443 | beta.kaprila.com | tcp |
| US | 8.8.8.8:53 | 46.36.251.142.in-addr.arpa | udp |
| IR | 185.18.212.82:443 | beta.kaprila.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| IR | 185.18.212.82:443 | beta.kaprila.com | tcp |
| US | 8.8.8.8:53 | panel.kaprila.com | udp |
| US | 8.8.8.8:53 | panel.kaprila.com | udp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| US | 8.8.8.8:53 | panel.kaprila.com | udp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| NL | 172.217.23.200:443 | ssl.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.177.190.20.in-addr.arpa | udp |
| NL | 172.217.23.200:443 | ssl.google-analytics.com | udp |
| IR | 185.18.212.82:443 | panel.kaprila.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 200.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| NL | 142.250.179.174:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\40ff3852-b852-4e5f-acd6-e58ebf8e97f7
| MD5 | 6e9d48fb06777f3944e6b45838c7929d |
| SHA1 | 86bf0100c28be0de312a246de43cdcd9f9bcc588 |
| SHA256 | 24e5346e7aae181b0e527f35d97ba619466f697167aaef9c2bc01b5b61f8923b |
| SHA512 | 816b520cff4e6978c58ec897f08d5dce8e3ee8cbcf37b004d27c9236b808724aa68ec1bf5b75076d4be0196d008e4216639f7ff5ceed532768697c734f881974 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\53491d14-d501-48d7-9b5b-12e4b9cb3eb4
| MD5 | 13ff7d118b5004662d79f71b9c096d0e |
| SHA1 | c2a5a7fadc8f7b2dfe198019076c65290f741d56 |
| SHA256 | 179dd9d4254e8039421e8e8d3427ffd3c9c1d0bfce892f56bfe849a472d6beb5 |
| SHA512 | 8dab73d8524aab07169c405d09469841e9f21f47dbc76b2f713262378093d5066c0527f96ab6f021868b4202a3d371e98452713a9ba140f7f1da29b280f398b7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\f0aea453-fdca-43d5-9e1e-ea5862af84d0
| MD5 | 9238c619ca4e1624477ba0e6ae79b28f |
| SHA1 | 490af1c0f8e7c7b579b1cb95837685ca21fc1493 |
| SHA256 | 16d6feda866ff03ec4ffa57ccecc349f803462ed94e0e870ac9fd4760d1ab15b |
| SHA512 | 240b3805ad7ddbad91dc3cb65e70f9d9128a67d43e7e466ce823e7e30b157091719ab1d569cd2500ed359626ce9b4b95dd58a87ef7868803e5e4108e835cb7c8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 1ad0bd7a36bba5b88379c455e695f8c0 |
| SHA1 | c5c91a58cac9204ebf1afbc857ca0a1f2fd30d3a |
| SHA256 | feece6ea7223cb66d1b08eab0d5268c8181a17ae921cb2a679e6d4ef4a5e0fbe |
| SHA512 | 6ab84fce49e63a550dfc92d84bda5a04503c94946abf62d692315ef28db4e1f6088bc5a6e91b1abd968c8a5fa5a1dea33cfe5439d1f77a62c1fade6a6eba1f6b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 2f5441873e330d002280dd927ab77127 |
| SHA1 | 5ba69f85a69106e6a926292408785290cb6dfa77 |
| SHA256 | 8249c504e2206af0e2b93d41d715e1cf0953d4d7d2fc09fb0c7519b1db146392 |
| SHA512 | 953f08307739d22de36d2d3fdcbfc15659e318fae044cf87f0b02bc38b68e88a78cada3f99f4961de355d4badcd63cd7e21f19c2a5bfb4f509713c6192ef47c7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\activity-stream.discovery_stream.json
| MD5 | 8a19de3579c44259b45617849203950c |
| SHA1 | b9e92648342f14c403fb83a24f00546f54d50379 |
| SHA256 | 70ec2e5e4d81a3ba9c4b6b694be29386b910ecb7075bb3d6352cdcfc30052988 |
| SHA512 | aa496f44412e7c5a29ac2f29de272d7de6703b7699de8202867f0a063b065b8c099779d56e3e597d2f4a4d7841ac9b514f196132eedfb8dcf6f7a3ef3517238c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs.js
| MD5 | 49ebb1e4380090f942f7b7e0c3e9b87b |
| SHA1 | d885efcc30c0368ef992285e9052cd5642c717ba |
| SHA256 | 7d7cd22840ee87c6151bfdf3435adcc864f77c9fd763eeaeaaeb5a2f84b036c8 |
| SHA512 | c2aec9a4d002ae94eaee66e5762c2fae19df83636972184ee5f9f6bbb5fae732865f6faf95030ae30ed6ba4afe5366e11c561ddc0784d91b65f81d3c764fda33 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\AlternateServices.bin
| MD5 | ff63488b1f87beba8d131eca7a65d1c2 |
| SHA1 | d9dca4d30eec3d344f9879621d32641b919abe41 |
| SHA256 | 3b467bf859eef4a8d72727832ba8da3c8d5e565f86249044304d7b9ebe700546 |
| SHA512 | c7ec1ecafbc6392f99337781a30b1ff57dee1c94434888f242878ab88964e3665ab4bc2843e57e91c4f1c4a326fe3d047e5465cdde4f62272a699b7166c12452 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\C3ED3F8B19241B4FA98510088BC4BAD52E3863DF
| MD5 | 7e7011dbcad1954c95c460bec41a0735 |
| SHA1 | 5dbb9860f8778629fc87f9455cabafa0c480658b |
| SHA256 | 911146b7d68242ce0a539158f1302d6f626499089328f15546756f0d8aef8a5c |
| SHA512 | 75e4e10ba286a6b31f3b7741d15617f9f9124c849b20aa794a5281df6d768afe0b7fde817c2c020e00a52eb13203f6e48c60a664622c3e1ce88fa08821a3478f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 2e76e4ebfeb3a625565471d4f7b12a5b |
| SHA1 | 26194da46da80c60ca2c4785ad489e2f014b4dd3 |
| SHA256 | d13a9cffcae5efecb5608b88f5407119e6f5b5b55048d4b39b04d415ba7e57e2 |
| SHA512 | 8185a37c7ff0f4abd3e464776228fc129d46a9fc4ca626688785d78d0eeb0709b2407eb5ce818bb4b4f65a79474e5255b5001b8af44cb38564d38f3932318555 |