General Info

URL

https://download.ccleaner.com/ccsetup556.exe

Full analysis
https://app.any.run/tasks/f1cdad8e-253e-436a-9006-e0643f929d43
Verdict
Malicious activity
Analysis date
4/14/2019, 22:04:25
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

loader

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Changes the autorun value in the registry
  • CCleaner.exe (PID: 2116)
  • CCleaner.exe (PID: 756)
Loads the Task Scheduler COM API
  • CCleaner.exe (PID: 756)
  • CCleaner.exe (PID: 1520)
  • CCleaner.exe (PID: 2116)
  • CCUpdate.exe (PID: 3608)
Actions looks like stealing of personal data
  • CCleaner.exe (PID: 756)
  • ccsetup556[1].exe (PID: 2100)
  • CCleaner.exe (PID: 2116)
Downloads executable files from the Internet
  • CCUpdate.exe (PID: 3608)
Application was dropped or rewritten from another process
  • CCleaner.exe (PID: 756)
  • CCUpdate.exe (PID: 1708)
  • ccsetup556[1].exe (PID: 1336)
  • CCleaner.exe (PID: 2116)
  • CCUpdate.exe (PID: 3608)
  • CCleaner.exe (PID: 1520)
  • ccsetup556[1].exe (PID: 2100)
  • nsD055.tmp (PID: 3516)
Loads dropped or rewritten executable
  • CCUpdate.exe (PID: 1708)
  • ccsetup556[1].exe (PID: 2100)
Changes settings of System certificates
  • ccsetup556[1].exe (PID: 2100)
Reads CPU info
  • CCleaner.exe (PID: 2116)
  • CCleaner.exe (PID: 756)
  • ccsetup556[1].exe (PID: 2100)
Removes files from Windows directory
  • CCleaner.exe (PID: 2116)
Creates files in the user directory
  • CCleaner.exe (PID: 756)
  • ccsetup556[1].exe (PID: 2100)
  • CCleaner.exe (PID: 2116)
Reads Environment values
  • CCleaner.exe (PID: 756)
  • CCleaner.exe (PID: 2116)
  • ccsetup556[1].exe (PID: 2100)
Reads Internet Cache Settings
  • CCleaner.exe (PID: 2116)
  • ccsetup556[1].exe (PID: 2100)
Reads internet explorer settings
  • CCleaner.exe (PID: 756)
  • CCleaner.exe (PID: 2116)
  • ccsetup556[1].exe (PID: 2100)
Low-level read access rights to disk partition
  • CCleaner.exe (PID: 756)
  • CCUpdate.exe (PID: 3608)
  • ccsetup556[1].exe (PID: 2100)
  • CCleaner.exe (PID: 2116)
  • CCUpdate.exe (PID: 1708)
Reads the cookies of Google Chrome
  • CCleaner.exe (PID: 2116)
  • ccsetup556[1].exe (PID: 2100)
Application launched itself
  • CCleaner.exe (PID: 2116)
  • CCUpdate.exe (PID: 3608)
Executable content was dropped or overwritten
  • iexplore.exe (PID: 1928)
  • iexplore.exe (PID: 2520)
  • CCUpdate.exe (PID: 3608)
  • ccsetup556[1].exe (PID: 2100)
Reads the cookies of Mozilla Firefox
  • CCleaner.exe (PID: 2116)
  • ccsetup556[1].exe (PID: 2100)
Adds / modifies Windows certificates
  • ccsetup556[1].exe (PID: 2100)
Creates files in the program directory
  • CCUpdate.exe (PID: 3608)
  • ccsetup556[1].exe (PID: 2100)
Modifies the open verb of a shell class
  • ccsetup556[1].exe (PID: 2100)
Creates a software uninstall entry
  • ccsetup556[1].exe (PID: 2100)
Starts application with an unusual extension
  • ccsetup556[1].exe (PID: 2100)
Reads settings of System Certificates
  • CCleaner.exe (PID: 756)
  • CCleaner.exe (PID: 2116)
Creates files in the user directory
  • iexplore.exe (PID: 1928)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2520)
  • iexplore.exe (PID: 1928)
Changes internet zones settings
  • iexplore.exe (PID: 2520)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
46
Monitored processes
11
Malicious processes
5
Suspicious processes
1

Behavior graph

+
drop and start drop and start start drop and start drop and start drop and start drop and start iexplore.exe iexplore.exe ccsetup556[1].exe no specs ccsetup556[1].exe nsd055.tmp no specs ping.exe no specs ccleaner.exe no specs ccupdate.exe ccleaner.exe ccupdate.exe ccleaner.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2520
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\i0488cjo\ccsetup556[1].exe
c:\windows\system32\mpr.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mlang.dll

PID
1928
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2520 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll

PID
1336
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\ccsetup556[1].exe"
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\ccsetup556[1].exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Piriform Software Ltd
Description
CCleaner Installer
Version
5.56.0.7144
Modules
Image
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\i0488cjo\ccsetup556[1].exe
c:\systemroot\system32\ntdll.dll

PID
2100
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\ccsetup556[1].exe"
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\ccsetup556[1].exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
HIGH
Exit code
3221225547
Version:
Company
Piriform Software Ltd
Description
CCleaner Installer
Version
5.56.0.7144
Modules
Image
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\i0488cjo\ccsetup556[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shell32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\users\admin\appdata\local\temp\nsta675.tmp\system.dll
c:\users\admin\appdata\local\temp\nsta675.tmp\userinfo.dll
c:\users\admin\appdata\local\temp\nsta675.tmp\p\pfbl.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\users\admin\appdata\local\temp\nsta675.tmp\g\gtapi_signed.dll
c:\users\admin\appdata\local\temp\nsta675.tmp\g\gcapi_dll.dll
c:\windows\system32\winmm.dll
c:\users\admin\appdata\local\temp\nsta675.tmp\ui\pfui.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\esent.dll
c:\users\admin\appdata\local\temp\nsta675.tmp\nsdialogs.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\sxs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\mlang.dll
c:\windows\system32\riched20.dll
c:\users\admin\appdata\local\temp\nsta675.tmp\buttonevent.dll
c:\users\admin\appdata\local\temp\nsta675.tmp\nsprocess.dll
c:\users\admin\appdata\local\temp\nsta675.tmp\nsexec.dll
c:\users\admin\appdata\local\temp\nsta675.tmp\nsd055.tmp
c:\program files\ccleaner\ccleaner.exe
c:\users\admin\appdata\local\temp\nsta675.tmp\inetc.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\ccleaner\ccupdate.exe

PID
3516
CMD
"C:\Users\admin\AppData\Local\Temp\nstA675.tmp\nsD055.tmp" C:\Windows\system32\ping.exe -n 1 -w 5000 www.ccleaner.com
Path
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\nsD055.tmp
Indicators
No indicators
Parent process
ccsetup556[1].exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\nsta675.tmp\nsd055.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
3492
CMD
C:\Windows\system32\ping.exe -n 1 -w 5000 www.ccleaner.com
Path
C:\Windows\system32\ping.exe
Indicators
No indicators
Parent process
nsD055.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
TCP/IP Ping Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\ping.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll

PID
1520
CMD
"C:\Program Files\CCleaner\CCleaner.exe" /createSkipUAC 5.35.6210
Path
C:\Program Files\CCleaner\CCleaner.exe
Indicators
No indicators
Parent process
ccsetup556[1].exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Piriform Software Ltd
Description
CCleaner
Version
5.56.0.7144
Modules
Image
c:\program files\ccleaner\ccleaner.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winspool.drv
c:\windows\system32\winmm.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\esent.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\xmllite.dll

PID
3608
CMD
"C:\Program Files\CCleaner\CCUpdate.exe" /reg
Path
C:\Program Files\CCleaner\CCUpdate.exe
Indicators
Parent process
ccsetup556[1].exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Piriform Software Ltd
Description
CCleaner emergency updater
Version
19.2.566.0
Modules
Image
c:\program files\ccleaner\ccupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\ccleaner\ccleaner.exe
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\apphelp.dll

PID
2116
CMD
"C:\Program Files\CCleaner\CCleaner.exe"
Path
C:\Program Files\CCleaner\CCleaner.exe
Indicators
Parent process
ccsetup556[1].exe
User
admin
Integrity Level
HIGH
Version:
Company
Piriform Software Ltd
Description
CCleaner
Version
5.56.0.7144
Modules
Image
c:\program files\ccleaner\ccleaner.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\winmm.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\esent.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\schannel.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\oobefldr.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\d3d10_1.dll
c:\windows\system32\d3d10_1core.dll
c:\windows\system32\d3d10warp.dll
c:\windows\system32\imageres.dll

PID
1708
CMD
CCUpdate.exe /emupdater /applydll "C:\Program Files\CCleaner\Setup\0de4e8a6-8d9a-46ad-bd91-629db2cb59fb.dll"
Path
C:\Program Files\CCleaner\CCUpdate.exe
Indicators
Parent process
CCUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Piriform Software Ltd
Description
CCleaner emergency updater
Version
19.2.566.0
Modules
Image
c:\program files\ccleaner\ccupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\ccleaner\ccleaner.exe
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\ccleaner\setup\0de4e8a6-8d9a-46ad-bd91-629db2cb59fb.dll
c:\windows\system32\shell32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll

PID
756
CMD
"C:\Program Files\CCleaner\CCleaner.exe" /monitor
Path
C:\Program Files\CCleaner\CCleaner.exe
Indicators
Parent process
CCleaner.exe
User
admin
Integrity Level
HIGH
Version:
Company
Piriform Software Ltd
Description
CCleaner
Version
5.56.0.7144
Modules
Image
c:\program files\ccleaner\ccleaner.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winspool.drv
c:\windows\system32\winmm.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\esent.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll

Registry activity

Total events
5080
Read events
4758
Write events
312
Delete events
10

Modification events

PID
Process
Operation
Key
Name
Value
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{88BB8167-5EF0-11E9-B63D-5254004A04AF}
0
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307040000000E00140004002800C202
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307040000000E00140004002800C202
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307040000000E001400040028004F03
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
25
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307040000000E001400040028007E03
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
290
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307040000000E00140004002900A000
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
52
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307040000000E001400040038000D0100000000
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307040000000E001400040038001D0100000000
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
NotifyDownloadComplete
yes
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041420190415
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019041420190415
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041420190415
CachePrefix
:2019041420190415:
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041420190415
CacheLimit
8192
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041420190415
CacheOptions
11
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041420190415
CacheRepair
0
1928
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019041420190415
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019041420190415
1928
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019041420190415
CachePrefix
:2019041420190415:
1928
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019041420190415
CacheLimit
8192
1928
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019041420190415
CacheOptions
11
1928
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019041420190415
CacheRepair
0
1928
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
2100
ccsetup556[1].exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
0F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE09000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030353000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C01400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB5748501D00000001000000100000005B3B67000EEB80022E42605B6B3B72400B000000010000000E000000740068006100770074006500000003000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B812000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
190000000100000010000000DC73F9B71E16D51D26527D32B11A6A3D03000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B810B000000010000000E00000074006800610077007400650000001D00000001000000100000005B3B67000EEB80022E42605B6B3B72401400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB57485053000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703030F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE2000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Google Toolbar
test
test
2100
ccsetup556[1].exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Google Toolbar
2100
ccsetup556[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2100
ccsetup556[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\No Toolbar Offer Until
Piriform Software Ltd
20191014
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ccsetup556[1]_RASAPI32
EnableFileTracing
0
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ccsetup556[1]_RASAPI32
EnableConsoleTracing
0
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ccsetup556[1]_RASAPI32
FileTracingMask
4294901760
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ccsetup556[1]_RASAPI32
ConsoleTracingMask
4294901760
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ccsetup556[1]_RASAPI32
MaxFileSize
1048576
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ccsetup556[1]_RASAPI32
FileDirectory
%windir%\tracing
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ccsetup556[1]_RASMANCS
EnableFileTracing
0
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ccsetup556[1]_RASMANCS
EnableConsoleTracing
0
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ccsetup556[1]_RASMANCS
FileTracingMask
4294901760
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ccsetup556[1]_RASMANCS
ConsoleTracingMask
4294901760
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ccsetup556[1]_RASMANCS
MaxFileSize
1048576
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ccsetup556[1]_RASMANCS
FileDirectory
%windir%\tracing
2100
ccsetup556[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2100
ccsetup556[1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000072000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\CCleaner
(Cfg)TTL
86400
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\CCleaner
(Cfg)TTL-Spread
43200
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\CCleaner
(Cfg)GetIpmForTrial
0
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\CCleaner
(Cfg)QuickClean
0
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\CCleaner
(Cfg)QuickCleanIpm
0
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\CCleaner
(Cfg)SoftwareUpdater
1
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\CCleaner
(Cfg)SoftwareUpdaterIpm
1
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\CCleaner
(Cfg)LastUpdate
04/14/2019 09:05:10 PM
2100
ccsetup556[1].exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Open CCleaner...\command
2100
ccsetup556[1].exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Open CCleaner...
2100
ccsetup556[1].exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Run CCleaner\command
2100
ccsetup556[1].exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Run CCleaner
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Run CCleaner\command
C:\Program Files\CCleaner\ccleaner.exe /AUTORB
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Open CCleaner...\command
C:\Program Files\CCleaner\ccleaner.exe /FRB
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\CCleaner
GD
f2b18f71-0d46-4a32-87b9-659ca2662cc0
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cclaunch
URL: CCleaner Protocol
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cclaunch
URL Protocol
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cclaunch\shell
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cclaunch\shell\open
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cclaunch\shell\open\command
"C:\Program Files\CCleaner\ccleaner.exe" /%1
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ccleaner.exe
C:\Program Files\CCleaner\CCleaner.exe
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ccleaner.exe
Path
C:\Program Files\CCleaner
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\CCleaner
C:\Program Files\CCleaner
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner
DisplayName
CCleaner
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner
UninstallString
"C:\Program Files\CCleaner\uninst.exe"
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner
Publisher
Piriform
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner
InstallLocation
C:\Program Files\CCleaner
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner
VersionMajor
5
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner
VersionMinor
56
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner
DisplayVersion
5.56
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner
DisplayIcon
C:\Program Files\CCleaner\CCleaner.exe
2100
ccsetup556[1].exe
write
HKEY_USERS\.DEFAULT\Software\Piriform\CCleaner
AutoICS
1
2100
ccsetup556[1].exe
write
HKEY_USERS\.DEFAULT\Software\Piriform\CCleaner
Brandover
0
2100
ccsetup556[1].exe
write
HKEY_USERS\S-1-5-19\Software\Piriform\CCleaner
AutoICS
1
2100
ccsetup556[1].exe
write
HKEY_USERS\S-1-5-19\Software\Piriform\CCleaner
Brandover
0
2100
ccsetup556[1].exe
write
HKEY_USERS\S-1-5-20\Software\Piriform\CCleaner
AutoICS
1
2100
ccsetup556[1].exe
write
HKEY_USERS\S-1-5-20\Software\Piriform\CCleaner
Brandover
0
2100
ccsetup556[1].exe
write
HKEY_CURRENT_USER\Software\Piriform\CCleaner
AutoICS
1
2100
ccsetup556[1].exe
write
HKEY_CURRENT_USER\Software\Piriform\CCleaner
Brandover
0
2100
ccsetup556[1].exe
write
HKEY_CLASSES_ROOT\Software\Piriform\CCleaner
AutoICS
1
2100
ccsetup556[1].exe
write
HKEY_CLASSES_ROOT\Software\Piriform\CCleaner
Brandover
0
2100
ccsetup556[1].exe
write
HKEY_USERS\TEMP.KEY\Software\Piriform\CCleaner
AutoICS
1
2100
ccsetup556[1].exe
write
HKEY_USERS\TEMP.KEY\Software\Piriform\CCleaner
Brandover
0
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
57
2100
ccsetup556[1].exe
write
HKEY_CURRENT_USER\Software\Piriform\CCleaner
Language
1033
2100
ccsetup556[1].exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
\??\C:\Users\admin\AppData\Local\Temp\nstA675.tmp\p\pfBL.dll
3608
CCUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\CCleaner
Patches
5=1555272317
3608
CCUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\CCleaner
LastAppliedPatchId
5
2116
CCleaner.exe
write
HKEY_CURRENT_USER\Software\Piriform\CCleaner
BCD
0,
2116
CCleaner.exe
write
HKEY_CURRENT_USER\Software\Piriform\CCleaner
FTU
14/04/2019|1|0
2116
CCleaner.exe
write
HKEY_CURRENT_USER\Software\Piriform\CCleaner
WipeFreeSpaceDrives
C:\
2116
CCleaner.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2116
CCleaner.exe
write
HKEY_CURRENT_USER\Software\Piriform\CCleaner
LatestICS
5.56.7144
2116
CCleaner.exe
write
HKEY_CURRENT_USER\Software\Piriform\CCleaner
CookiesToSave
*.avast.com|*.ccleaner.com|*.ccleanercloud.com|*.piriform.com
2116
CCleaner.exe
write
HKEY_CURRENT_USER\Software\Piriform\CCleaner
RunICS
0
2116
CCleaner.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2116
CCleaner.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2116
CCleaner.exe
write
HKEY_CURRENT_USER\Software\Piriform\CCleaner
NewVersion
2116
CCleaner.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2116
CCleaner.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000073000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2116
CCleaner.exe
write
HKEY_CURRENT_USER\Software\Piriform\CCleaner
UpdateKey
04/14/2019 09:05:18 PM
2116
CCleaner.exe
write
HKEY_CURRENT_USER\Software\Piriform\CCleaner
CheckTrialOffer
2
2116
CCleaner.exe
write
HKEY_CURRENT_USER\Software\Piriform\CCleaner
(App)History
False
2116
CCleaner.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
2116
CCleaner.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
2116
CCleaner.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%systemroot%\system32\oobefldr.dll,-1102
Go online to make setting up your computer easier and learn more about Windows 7.
2116
CCleaner.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%systemroot%\system32\oobefldr.dll,-1122
Change your desktop background, window color, sounds, and screen saver.
2116
CCleaner.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%systemroot%\system32\oobefldr.dll,-1142
Transfer your files and settings from another computer.
2116
CCleaner.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%systemroot%\system32\oobefldr.dll,-1162
Share files and printers with other computers in your home.
2116
CCleaner.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%systemroot%\system32\oobefldr.dll,-1182
Choose when you want User Account Control (UAC) to notify you about changes to your computer.
2116
CCleaner.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%systemroot%\system32\oobefldr.dll,-1202
Go online to get Windows Live Essentials to communicate, share, and publish online.
2116
CCleaner.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%systemroot%\system32\oobefldr.dll,-1222
Configure Windows to back up your photos, music, and other files automatically.
2116
CCleaner.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%systemroot%\system32\oobefldr.dll,-1242
Create user accounts for other people who will use this computer.
2116
CCleaner.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%systemroot%\system32\oobefldr.dll,-1262
Make text and other items on your screen larger or smaller.
2116
CCleaner.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Microsoft Management Console\Recent File List
2116
CCleaner.exe
write
HKEY_CURRENT_USER\Software\Piriform\CCleaner
STS
MP3ZI2MWQPQS4CUDPTUYC5UIPF3ZI55URE8VCDIKJTBWUTB7FW2S4CUNIPKD425WGIGSWVCDKTJV4NJXGW4VEP3UGN3DSDIKKTDFGRJWHEZDINIPBJKE6S4DHW4A4CUWJ3EWGRJTBWFA
2116
CCleaner.exe
write
HKEY_CURRENT_USER\Software\Piriform\CCleaner
cmp_t
00-tips
2116
CCleaner.exe
write
HKEY_CURRENT_USER\Software\Piriform\CCleaner
cmp_tv
001
2116
CCleaner.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CCleaner
"C:\Program Files\CCleaner\CCleaner.exe" /AUTOS
756
CCleaner.exe
write
HKEY_CURRENT_USER\Software\Piriform\CCleaner
Monitoring
1
756
CCleaner.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CCleaner Smart Cleaning
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
756
CCleaner.exe
write
HKEY_CURRENT_USER\Software\Piriform\CCleaner
SystemMonitoring
1
756
CCleaner.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
756
CCleaner.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
756
CCleaner.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000074000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
756
CCleaner.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
756
CCleaner.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
756
CCleaner.exe
write
HKEY_CURRENT_USER\Software\Piriform\CCleaner
PPC
601292E2A0B94C7A92EAED2234FB48CB3B1BD45A8D008F62B428946D215E6FD2

Files activity

Executable files
133
Suspicious files
35
Text files
78
Unknown types
17

Dropped files

PID
Process
Filename
Type
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1027.dll
executable
MD5: 123d757ae90b23df829a0cb82e35551e
SHA256: 66a5a2291bfdc9c07735e311181b02d3fa2ceeea05ad4e90df0d25f87f86f4d4
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1054.dll
executable
MD5: cd1bfa3e85fa3296a44c80cd451de4db
SHA256: d08c9c8123814e87438554b66f92c06d00908836c36f3100dc9113dce23ffa86
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1051.dll
executable
MD5: afe31e27d1de95a977dd843ccf31d0e4
SHA256: 725045428d3d35057ec8ff0bd23e3a0e7fc32f70543859f1eaa68377ff91ed33
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1053.dll
executable
MD5: 906ade8b184b6f6312d263bc03aa8eef
SHA256: b58d0a84f690e3ef1a67572d5294dbe1190531a2e90fcaaf549cf827d02c60fa
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1042.dll
executable
MD5: b316cd197021b7a6bcab5f0a9d7b0399
SHA256: bd6d2417ae5a0b58a4746838bae6b47668e1e0cc14ee20b3fdce1a315c2ee3bb
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1058.dll
executable
MD5: 48fc5df77dd678eec7cfc687782c91af
SHA256: 8e64557db4ed1cf0e0bbb727b219c668812cf566e867430c618b92d6f418d617
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1049.dll
executable
MD5: 5430d6941a91e3f1fc9ade2dbcdfe3cb
SHA256: fbfde5816e2eb313ced75fc87b1eb9ecedddd7eb8a9e7d49619c7acbfedf8463
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1060.dll
executable
MD5: 2584a4ff5117182ad9a2c2a989768d2f
SHA256: c25552e6b70ad5f289fc07dccf02b8923ff55eed997bcc11cadafe19886fc989
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1048.dll
executable
MD5: dbcebed9e2035cfdf757e8722435ddeb
SHA256: 181d59f496ef6ab0a1c4524cd9528f13360a1729b85c62071ae96dc37c26d75e
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1059.dll
executable
MD5: 8781e84ce58856fc07e2e3fc36d50507
SHA256: d8808dfc7d59cdc5e16e60940ee3250bfd5eff622a4f38161d13cf7356c5fa4f
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1051.dll
executable
MD5: afe31e27d1de95a977dd843ccf31d0e4
SHA256: 725045428d3d35057ec8ff0bd23e3a0e7fc32f70543859f1eaa68377ff91ed33
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1044.dll
executable
MD5: 1ceff041a1c0731458c45905e4b5b6ce
SHA256: 15a8ea939c94a59ed6ac2910e5b69abf5554165bdcc767700fe7d9869dad5929
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1053.dll
executable
MD5: 906ade8b184b6f6312d263bc03aa8eef
SHA256: b58d0a84f690e3ef1a67572d5294dbe1190531a2e90fcaaf549cf827d02c60fa
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1062.dll
executable
MD5: 626dd5d5552b11471fa2e600f732e066
SHA256: 612294a4879ee89b7dded1a65aac2384611c8292fe20574be22fcfd94e1ab009
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1045.dll
executable
MD5: 7a132c299c0961acb6d576e2e3104006
SHA256: b05e649f9bcd75fd771e0ee5a8357b759a0d40a0cbb060cf9fb5ab32f867ca1e
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1050.dll
executable
MD5: eb433a04d28b757594fff90864d23436
SHA256: 3b9615e107c2af0f96d01862d67b25c09fb943e7a7b116ad282c70a93c52def2
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1061.dll
executable
MD5: 47407a072ab5904d7ef9c4592ba39912
SHA256: ae180fc0201be7fdddf12e32e9d7755c51fcadbe46a2dd3f2e967ab549264bc1
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1063.dll
executable
MD5: 9d87bc0d3f71c73f6040e194565554b7
SHA256: fcc38f3c47b810804b2f3cfee72b2b107067737b8ea33c12aa1ff51a758c73bd
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1049.dll
executable
MD5: 5430d6941a91e3f1fc9ade2dbcdfe3cb
SHA256: fbfde5816e2eb313ced75fc87b1eb9ecedddd7eb8a9e7d49619c7acbfedf8463
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1054.dll
executable
MD5: cd1bfa3e85fa3296a44c80cd451de4db
SHA256: d08c9c8123814e87438554b66f92c06d00908836c36f3100dc9113dce23ffa86
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1058.dll
executable
MD5: 48fc5df77dd678eec7cfc687782c91af
SHA256: 8e64557db4ed1cf0e0bbb727b219c668812cf566e867430c618b92d6f418d617
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1057.dll
executable
MD5: dbff425eeb3f77b5f9e0bb5b50db271e
SHA256: f4797615cca063159755fc1c3f9bf489fe69fb152bbfdacfbce228f6601ac1d7
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1050.dll
executable
MD5: eb433a04d28b757594fff90864d23436
SHA256: 3b9615e107c2af0f96d01862d67b25c09fb943e7a7b116ad282c70a93c52def2
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1046.dll
executable
MD5: 5a02eaf6021819f61d4837d47804d1e6
SHA256: 3e5512ab28575d1f79e980def47d55ae0c779ce261d9fa07d41636635347bc83
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1068.dll
executable
MD5: 5382a5d2641a7d20999729f7989d21ba
SHA256: 830864532654f478b02fb1ed70c20dd7c4e136a9f44689c4742ec30f4d03f4f8
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1061.dll
executable
MD5: 47407a072ab5904d7ef9c4592ba39912
SHA256: ae180fc0201be7fdddf12e32e9d7755c51fcadbe46a2dd3f2e967ab549264bc1
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1052.dll
executable
MD5: 223f73749ebb8ba7baaecad9bca4b464
SHA256: 321a1e0b2af1cf2e48022428ede03cf6d1a0b6d2d14d293022a8f371df7d2706
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1043.dll
executable
MD5: a88320e150b53e57ebc5a2aa729ff20d
SHA256: b734ceca1a09678f9aeb51d7968cf7e0751cebb59df452fa11e00f3c1cfbc3f2
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1065.dll
executable
MD5: 26e7dff2cfa7dbb50c491aa5ae461741
SHA256: e8f8fae87653cd27a3534b9aa473f362b0ad6e94001f656cf72e3438c9567453
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1055.dll
executable
MD5: 36f2cfb851d8a7fa326a317295e8630f
SHA256: 87a6b122d0f822d3b43d3d229d2bdde40ac00d2321db2589e8c88bb1ab2b6b66
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1043.dll
executable
MD5: a88320e150b53e57ebc5a2aa729ff20d
SHA256: b734ceca1a09678f9aeb51d7968cf7e0751cebb59df452fa11e00f3c1cfbc3f2
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1045.dll
executable
MD5: 7a132c299c0961acb6d576e2e3104006
SHA256: b05e649f9bcd75fd771e0ee5a8357b759a0d40a0cbb060cf9fb5ab32f867ca1e
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1055.dll
executable
MD5: 36f2cfb851d8a7fa326a317295e8630f
SHA256: 87a6b122d0f822d3b43d3d229d2bdde40ac00d2321db2589e8c88bb1ab2b6b66
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1092.dll
executable
MD5: c79cb7d1d862192ef6568381919d463a
SHA256: 921f0e1c321d0d881ef8004acd15d3e3b5a5f13e559ea7bdafbf2a67432463c9
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1044.dll
executable
MD5: 1ceff041a1c0731458c45905e4b5b6ce
SHA256: 15a8ea939c94a59ed6ac2910e5b69abf5554165bdcc767700fe7d9869dad5929
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1040.dll
executable
MD5: bf06d68184248eba46f01be648cdd50e
SHA256: f53cd0508468c93a507ea7c9b6f4b55d2c9afcbd647cd3d331981ece1f616bca
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1066.dll
executable
MD5: d8908f9385e40c9d26e02fa3f9317780
SHA256: 313e81874d1ea64aa013c07fdd9c937e1e847b26f65af42259ce7508df007611
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1068.dll
executable
MD5: 5382a5d2641a7d20999729f7989d21ba
SHA256: 830864532654f478b02fb1ed70c20dd7c4e136a9f44689c4742ec30f4d03f4f8
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1046.dll
executable
MD5: 5a02eaf6021819f61d4837d47804d1e6
SHA256: 3e5512ab28575d1f79e980def47d55ae0c779ce261d9fa07d41636635347bc83
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1038.dll
executable
MD5: 994630bd09aa50637e448dbfc08f9a22
SHA256: 8c78eb74bc8d620a2a48bf30f1c36328ad4afe8f75819f2b79629355488a2d48
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1060.dll
executable
MD5: 2584a4ff5117182ad9a2c2a989768d2f
SHA256: c25552e6b70ad5f289fc07dccf02b8923ff55eed997bcc11cadafe19886fc989
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1066.dll
executable
MD5: d8908f9385e40c9d26e02fa3f9317780
SHA256: 313e81874d1ea64aa013c07fdd9c937e1e847b26f65af42259ce7508df007611
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1042.dll
executable
MD5: b316cd197021b7a6bcab5f0a9d7b0399
SHA256: bd6d2417ae5a0b58a4746838bae6b47668e1e0cc14ee20b3fdce1a315c2ee3bb
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1029.dll
executable
MD5: ffa529f5e8ce4aa02c83ebd12c0ae7fc
SHA256: 5f405426c143935801d57e821b86c30c2dc0e72ce9a32ca81acd4ab3fe778018
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1063.dll
executable
MD5: 9d87bc0d3f71c73f6040e194565554b7
SHA256: fcc38f3c47b810804b2f3cfee72b2b107067737b8ea33c12aa1ff51a758c73bd
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1067.dll
executable
MD5: 908614e39979faf8fe6ca5fc6274f2d4
SHA256: 68835bd61fab982aba5e4c1123f6a9b136f6fbf6987eb3b2edb68de1767301aa
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1048.dll
executable
MD5: dbcebed9e2035cfdf757e8722435ddeb
SHA256: 181d59f496ef6ab0a1c4524cd9528f13360a1729b85c62071ae96dc37c26d75e
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1041.dll
executable
MD5: 6dcafff9b9a6d53a1a2b8bf35fbcff36
SHA256: 1e0c2e4c2220f585c9654ee239284b071d80a4562523d1964873b0781d340a5a
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1062.dll
executable
MD5: 626dd5d5552b11471fa2e600f732e066
SHA256: 612294a4879ee89b7dded1a65aac2384611c8292fe20574be22fcfd94e1ab009
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1079.dll
executable
MD5: dc7b6bd8c8d1f7094718f1f229608b90
SHA256: 9f7f5f8858e7dc9ead6588324a859a4f2fc0cc6bcf41383c430edc99651f661e
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1035.dll
executable
MD5: 61b630225cb057dd605c8e4e4f8a6dd0
SHA256: b754cc339fec9999e01b89e6dfa488b2c1b9442b86d98bcca37d4c41f9318e50
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1030.dll
executable
MD5: 9c9adfd1b7b385901bdbce0b92768c05
SHA256: 2ad77e3a1b08deb488b19eb1be7b3326fe5cfdb2b9c661ba4ab368f3247fc147
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1067.dll
executable
MD5: 908614e39979faf8fe6ca5fc6274f2d4
SHA256: 68835bd61fab982aba5e4c1123f6a9b136f6fbf6987eb3b2edb68de1767301aa
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1081.dll
executable
MD5: 2ad37e17b8cbcdc8c4c9b4d4bbc86f40
SHA256: d3d1c95986f11baad7a53ad8214af167dd753ecf041409ec86a60eb1267a8bd5
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1032.dll
executable
MD5: a1a87b517624b700daad38e240233bcf
SHA256: 79c4cbe31cb7a8ddb1e306c8c5a403c5d2a2adda04be5389dcaab03bcc4e022d
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1037.dll
executable
MD5: f4308e685cacbf5ba2ae503d2b3631c3
SHA256: 9f1dc9e8edb3064009604446f4df699e945e5893cbab0923d8db7d7949d29207
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1059.dll
executable
MD5: 8781e84ce58856fc07e2e3fc36d50507
SHA256: d8808dfc7d59cdc5e16e60940ee3250bfd5eff622a4f38161d13cf7356c5fa4f
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1065.dll
executable
MD5: 26e7dff2cfa7dbb50c491aa5ae461741
SHA256: e8f8fae87653cd27a3534b9aa473f362b0ad6e94001f656cf72e3438c9567453
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1038.dll
executable
MD5: 994630bd09aa50637e448dbfc08f9a22
SHA256: 8c78eb74bc8d620a2a48bf30f1c36328ad4afe8f75819f2b79629355488a2d48
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1025.dll
executable
MD5: 37d3839d8fc735ae7a87ad440da273d8
SHA256: abf5b069a49e46a9555a2bc1f0e979a56472269d38dc86c415a8fd090ae4ea05
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1057.dll
executable
MD5: dbff425eeb3f77b5f9e0bb5b50db271e
SHA256: f4797615cca063159755fc1c3f9bf489fe69fb152bbfdacfbce228f6601ac1d7
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1102.dll
executable
MD5: e19610ced9e4aa6fa22289ba342d3532
SHA256: 1c0737e6696bac826bc61d2d7d41a59ad21666a51b148e0f3236558cafc1363c
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1041.dll
executable
MD5: 6dcafff9b9a6d53a1a2b8bf35fbcff36
SHA256: 1e0c2e4c2220f585c9654ee239284b071d80a4562523d1964873b0781d340a5a
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1027.dll
executable
MD5: 123d757ae90b23df829a0cb82e35551e
SHA256: 66a5a2291bfdc9c07735e311181b02d3fa2ceeea05ad4e90df0d25f87f86f4d4
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-2070.dll
executable
MD5: 690b4f9daad97f657753a7d03f97639c
SHA256: 4a252ab8c5f4e86a6a8555b30530aa09bbb5851d5980561a3c9144da31605a69
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1071.dll
executable
MD5: f051043770c9a924c5a8a5259a8d7c0b
SHA256: 493b50cae0579bda1e23a5206f41268bd9bcc8ffec05392099d4e48345a40a47
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1031.dll
executable
MD5: 5cd96330347c8d0f4a72ad1f266fdbe2
SHA256: 910e411cb166ffc9c4b35dbcfe8ab322761df5deba331c4f0c5f7b739b561800
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1026.dll
executable
MD5: f884422e8363e9c9f5ef3875c4beb864
SHA256: ff4527d4c65e2412d4db96aab75057ce06a5b6a62ea684fcb45fc818a0d2deee
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-2052.dll
executable
MD5: 2d27af8b932a5afb00125d52fdaf6d8c
SHA256: 771b1c5f20951ac1048bf92b2299cf7a34dfcb5be0162af5a0909b5c66f49a5e
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1090.dll
executable
MD5: 51a858f74df4535af3a7da8e625ff92c
SHA256: c63c529227fff8172e943223d1470c5ede68022ede0baecacf8651b90af9f4bc
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1037.dll
executable
MD5: f4308e685cacbf5ba2ae503d2b3631c3
SHA256: 9f1dc9e8edb3064009604446f4df699e945e5893cbab0923d8db7d7949d29207
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1036.dll
executable
MD5: e5f9087acc8cd302d946a290bc034e07
SHA256: d4f51b2b41d60b9bcb1a84af768278c24b9801b96edffa3319af2b8148d3c43d
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1090.dll
executable
MD5: 51a858f74df4535af3a7da8e625ff92c
SHA256: c63c529227fff8172e943223d1470c5ede68022ede0baecacf8651b90af9f4bc
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1086.dll
executable
MD5: eaaaf540fce616d6d8732ebff8ab5f56
SHA256: 8d6699a58e373f364479c932b576b7fae679fb4ff2b859e9512f1b2e5fad2a03
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1040.dll
executable
MD5: bf06d68184248eba46f01be648cdd50e
SHA256: f53cd0508468c93a507ea7c9b6f4b55d2c9afcbd647cd3d331981ece1f616bca
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1035.dll
executable
MD5: 61b630225cb057dd605c8e4e4f8a6dd0
SHA256: b754cc339fec9999e01b89e6dfa488b2c1b9442b86d98bcca37d4c41f9318e50
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1086.dll
executable
MD5: eaaaf540fce616d6d8732ebff8ab5f56
SHA256: 8d6699a58e373f364479c932b576b7fae679fb4ff2b859e9512f1b2e5fad2a03
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1087.dll
executable
MD5: e52e9c3300a36edc4b280b56ab5bfb69
SHA256: 17fe7a3de7e99be0e9f46970ae4c9c2ce523e4c5a8a12a09e9fce5b9f97f1d57
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1036.dll
executable
MD5: e5f9087acc8cd302d946a290bc034e07
SHA256: d4f51b2b41d60b9bcb1a84af768278c24b9801b96edffa3319af2b8148d3c43d
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1032.dll
executable
MD5: a1a87b517624b700daad38e240233bcf
SHA256: 79c4cbe31cb7a8ddb1e306c8c5a403c5d2a2adda04be5389dcaab03bcc4e022d
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1092.dll
executable
MD5: c79cb7d1d862192ef6568381919d463a
SHA256: 921f0e1c321d0d881ef8004acd15d3e3b5a5f13e559ea7bdafbf2a67432463c9
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-2070.dll
executable
MD5: 690b4f9daad97f657753a7d03f97639c
SHA256: 4a252ab8c5f4e86a6a8555b30530aa09bbb5851d5980561a3c9144da31605a69
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1034.dll
executable
MD5: 0f6218b35489068753d55792d741e318
SHA256: 1847029c58b000415005a0ae9bf3fb594f16cf22555106a184b6d12fb580e36a
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1034.dll
executable
MD5: 0f6218b35489068753d55792d741e318
SHA256: 1847029c58b000415005a0ae9bf3fb594f16cf22555106a184b6d12fb580e36a
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1081.dll
executable
MD5: 2ad37e17b8cbcdc8c4c9b4d4bbc86f40
SHA256: d3d1c95986f11baad7a53ad8214af167dd753ecf041409ec86a60eb1267a8bd5
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1104.dll
executable
MD5: 6b04f69611cfe9e6a001aac7f12e9855
SHA256: 3e4e4a63486c3ee756d231636746ffcc5bbd046696d0cd0f59f009f676d488eb
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\CCUpdate.exe
executable
MD5: 31ee7c1b32657c0807ea50c3fbd89a43
SHA256: 165cb9b3201ebd2ddcdab27cb649e5b639b60cb84547bd71fc1def6abeb20e95
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1028.dll
executable
MD5: e13024ffe7e2f963fe4c6c6b506c4846
SHA256: 71d1d79fc22625c4493e17ee4726913dcd1a46365abddb11467c9a0150d1c3ad
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1155.dll
executable
MD5: 3396f43fbf67090a98db52d3005fa1d3
SHA256: 1e4360e270d1c97c88cde9335fdfec25412880a45f37e20ec9ed051eeba77c0e
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-2052.dll
executable
MD5: 2d27af8b932a5afb00125d52fdaf6d8c
SHA256: 771b1c5f20951ac1048bf92b2299cf7a34dfcb5be0162af5a0909b5c66f49a5e
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1030.dll
executable
MD5: 9c9adfd1b7b385901bdbce0b92768c05
SHA256: 2ad77e3a1b08deb488b19eb1be7b3326fe5cfdb2b9c661ba4ab368f3247fc147
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1031.dll
executable
MD5: 5cd96330347c8d0f4a72ad1f266fdbe2
SHA256: 910e411cb166ffc9c4b35dbcfe8ab322761df5deba331c4f0c5f7b739b561800
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1102.dll
executable
MD5: e19610ced9e4aa6fa22289ba342d3532
SHA256: 1c0737e6696bac826bc61d2d7d41a59ad21666a51b148e0f3236558cafc1363c
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1110.dll
executable
MD5: 5b3e1e17b42d030e777ebcfd043635b3
SHA256: 9919d160b26de1a72775dcd7ff4eab845625c101610e1d0af2aa0b34154a2807
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1025.dll
executable
MD5: 37d3839d8fc735ae7a87ad440da273d8
SHA256: abf5b069a49e46a9555a2bc1f0e979a56472269d38dc86c415a8fd090ae4ea05
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\pfUI.dll
executable
MD5: edf7fc40ec9bae1d03d0ca424eccaa8a
SHA256: 46124e79dd990117362652afc8b6a4e91b047d315a449f46a1f6c684ded65dc9
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1071.dll
executable
MD5: f051043770c9a924c5a8a5259a8d7c0b
SHA256: 493b50cae0579bda1e23a5206f41268bd9bcc8ffec05392099d4e48345a40a47
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-3098.dll
executable
MD5: 75cac22fa38b1af92384213aa5fdc4b7
SHA256: 13f89a1fe8b6d345e3d603c4620cd331f9e6a4793cb44a32ddc080c7e2966f7b
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1026.dll
executable
MD5: f884422e8363e9c9f5ef3875c4beb864
SHA256: ff4527d4c65e2412d4db96aab75057ce06a5b6a62ea684fcb45fc818a0d2deee
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\pfWWW.dll
executable
MD5: 1bf8a77ace38e746320dc8d67b2e7236
SHA256: 43ddba137b3a980f427524577dc1af481193163c230aca548192a29c1c9dfdb4
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1109.dll
executable
MD5: 6dae9f56e9d0755f68b4028de8229a38
SHA256: 6cb1c805f4a71105ed215a86fe3e9aaa42f8518abeca4e245b24e732f18314cd
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1155.dll
executable
MD5: 3396f43fbf67090a98db52d3005fa1d3
SHA256: 1e4360e270d1c97c88cde9335fdfec25412880a45f37e20ec9ed051eeba77c0e
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1028.dll
executable
MD5: e13024ffe7e2f963fe4c6c6b506c4846
SHA256: 71d1d79fc22625c4493e17ee4726913dcd1a46365abddb11467c9a0150d1c3ad
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gcapi_dll.dll
executable
MD5: 2973af8515effd0a3bfc7a43b03b3fcc
SHA256: d0e4581210a22135ce5deb47d9df4d636a94b3813e0649aab84822c9f08af2a0
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1087.dll
executable
MD5: e52e9c3300a36edc4b280b56ab5bfb69
SHA256: 17fe7a3de7e99be0e9f46970ae4c9c2ce523e4c5a8a12a09e9fce5b9f97f1d57
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1109.dll
executable
MD5: 6dae9f56e9d0755f68b4028de8229a38
SHA256: 6cb1c805f4a71105ed215a86fe3e9aaa42f8518abeca4e245b24e732f18314cd
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-1029.dll
executable
MD5: ffa529f5e8ce4aa02c83ebd12c0ae7fc
SHA256: 5f405426c143935801d57e821b86c30c2dc0e72ce9a32ca81acd4ab3fe778018
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtapi_signed.dll
executable
MD5: 61bc40d1fad9e0faa9a07219b90ba0e4
SHA256: 89e157a4f61d7d18180cb7f901c0095da3b7a5cc5a9fd58d710099e5f0ee505a
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1110.dll
executable
MD5: 5b3e1e17b42d030e777ebcfd043635b3
SHA256: 9919d160b26de1a72775dcd7ff4eab845625c101610e1d0af2aa0b34154a2807
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-2074.dll
executable
MD5: e3d12c8cb90212052ffcbf5834c8f29b
SHA256: d3525dee641f453edd999b22ccc7c72d095107b9e3b593d8e62d87b5ba24b289
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\CCleaner.exe
executable
MD5: 2f0ca26dbff8401b6f92b941d16b7278
SHA256: 07d33f5155cdb7661bde15e87804d3b2f55cd179f73808e9ade4906e9bd99365
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\p\pfBL.dll
executable
MD5: fec47e9b4748cdc9721ae4bc40c1d1e0
SHA256: 3d7a1290cc3579679f312402eea072e0d9e37988ad927c556d1af4634a59fde6
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1079.dll
executable
MD5: dc7b6bd8c8d1f7094718f1f229608b90
SHA256: 9f7f5f8858e7dc9ead6588324a859a4f2fc0cc6bcf41383c430edc99651f661e
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-5146.dll
executable
MD5: 4243971217a771f673dd0426ee111bec
SHA256: 1e4db5a97c477630d32c4d7fe02c364dfd56d319d59d02f0e146a4bca20cffe3
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\inetc.dll
executable
MD5: 7760daf1b6a7f13f06b25b5a09137ca1
SHA256: 5233110ed8e95a4a1042f57d9b2dc72bc253e8cb5282437637a51e4e9fcb9079
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\UserInfo.dll
executable
MD5: c1f778a6d65178d34bde4206161a98e0
SHA256: 9caf7a78f750713180cf64d18967a2b803b5580e636e59279dcaaf18ba0daa87
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-2074.dll
executable
MD5: e3d12c8cb90212052ffcbf5834c8f29b
SHA256: d3525dee641f453edd999b22ccc7c72d095107b9e3b593d8e62d87b5ba24b289
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\Lang\lang-9999.dll
executable
MD5: b4100f35ef7ca6775a6570614d5fa321
SHA256: 4fd5b4fffe32e3e924b686e7eac26b0ea5aca12ccef572127832b15943d6c6af
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-3098.dll
executable
MD5: 75cac22fa38b1af92384213aa5fdc4b7
SHA256: 13f89a1fe8b6d345e3d603c4620cd331f9e6a4793cb44a32ddc080c7e2966f7b
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\System.dll
executable
MD5: 41a3c964232edd2d7d5edea53e8245cd
SHA256: 8b65fec615c7b371c23f8f7f344b12dc5085e40a556f96db318ed757494d62d5
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1104.dll
executable
MD5: 6b04f69611cfe9e6a001aac7f12e9855
SHA256: 3e4e4a63486c3ee756d231636746ffcc5bbd046696d0cd0f59f009f676d488eb
2100
ccsetup556[1].exe
C:\Program Files\CCleaner\uninst.exe
executable
MD5: b8a00e2f8866f6c7ef60c4f1a9de3b82
SHA256: 4ea2579d3c524f1142f59c4df46a8375224f7461bd1287b9cde8c7ad0f2016f3
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\nsDialogs.dll
executable
MD5: 2aba8f16eca82517460013a3de7cbf67
SHA256: 60b85fad2477b8c0138067be3697290b280b9334cf408cb57894e3baae615d0d
2520
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\ccsetup556[1].exe
executable
MD5: a0c39756deec65e6746236a5261adc81
SHA256: e31e856bfdef7ff99bd8c21495f087f8a4f4bbfcb5da874e2fa168bc6220e78a
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-5146.dll
executable
MD5: 4243971217a771f673dd0426ee111bec
SHA256: 1e4db5a97c477630d32c4d7fe02c364dfd56d319d59d02f0e146a4bca20cffe3
3608
CCUpdate.exe
C:\Program Files\CCleaner\Setup\0de4e8a6-8d9a-46ad-bd91-629db2cb59fb.dll
executable
MD5: fe6f58fb55d9a93502528c3c9bb13a3f
SHA256: c427bcf6b065edf06662e0540e3e9a21c07095184e7bb9d05926dc3b79fc3348
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\nsD055.tmp
executable
MD5: 420fcd0ae26d3f9635b98c6ee8129957
SHA256: 3fc97213d6364b4ec90ebf7c65d7c96d6e6ae4e4ed9d9b076950af49de71156c
1928
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RDSLDLKH\ccsetup556[1].exe
executable
MD5: a0c39756deec65e6746236a5261adc81
SHA256: e31e856bfdef7ff99bd8c21495f087f8a4f4bbfcb5da874e2fa168bc6220e78a
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ButtonEvent.dll
executable
MD5: c24568a3b0d7c8d7761e684eb77252b5
SHA256: e2da6d8b73b5954d58baa89a949aacece0527dfb940ca130ac6d3fd992d0909d
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-9999.dll
executable
MD5: b4100f35ef7ca6775a6570614d5fa321
SHA256: 4fd5b4fffe32e3e924b686e7eac26b0ea5aca12ccef572127832b15943d6c6af
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\nsProcess.dll
executable
MD5: f0438a894f3a7e01a4aae8d1b5dd0289
SHA256: 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\nsExec.dll
executable
MD5: 5ed60250f74fa36a5a247a715bcd026e
SHA256: ea8026766adc2d7cc26e2206cfdf5f0865b1426bfe3bc2aec8f43d3fc9a072ef
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\lang-1052.dll
executable
MD5: 223f73749ebb8ba7baaecad9bca4b464
SHA256: 321a1e0b2af1cf2e48022428ede03cf6d1a0b6d2d14d293022a8f371df7d2706
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\P47ASPE94698RR2XKSA7.temp
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\SPQC9OVI3IJ7VXMOP5CX.temp
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XJOXDZ0UAT8MWKU4JWYH.temp
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5afe4de1b92fc382.customDestinations-ms~RF11173e.TMP
binary
MD5: ba1a6d21faea6e6ee85e4ce8a58cb6e9
SHA256: 8bf94529b94945e0afda11a5ae165b0b180a749c24aa5909038ae55fe77d4236
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5afe4de1b92fc382.customDestinations-ms
binary
MD5: ba1a6d21faea6e6ee85e4ce8a58cb6e9
SHA256: 8bf94529b94945e0afda11a5ae165b0b180a749c24aa5909038ae55fe77d4236
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
binary
MD5: 2d41705f6d4aa8ac89042d963b022c87
SHA256: dfea2487535d2b680b21ce5eaf50594510c9111982c770ee68e3fbf4670949c3
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms~RF11173e.TMP
binary
MD5: 2d41705f6d4aa8ac89042d963b022c87
SHA256: dfea2487535d2b680b21ce5eaf50594510c9111982c770ee68e3fbf4670949c3
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\O6TTKKDSRJ9B8UQC6F5O.temp
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MKKI0N8TCQBAWY0B15QW.temp
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms
binary
MD5: f574e70dd272ab421355cafb4dbb33f1
SHA256: 5d2549b63411173f7768415522cca0d79e0f4c546bea33c7b2386e0adb8b6690
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms~RF11171f.TMP
binary
MD5: f574e70dd272ab421355cafb4dbb33f1
SHA256: 5d2549b63411173f7768415522cca0d79e0f4c546bea33c7b2386e0adb8b6690
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\B969V6YJMWI64S1FWIYD.temp
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1573807221713e71.customDestinations-ms~RF11170f.TMP
binary
MD5: 2e3041cbf8111edcad76f019d79baf1c
SHA256: 96b7aba600ed61b9d808aaaa87f94058560574bba5ce98e7560cfe417a6f9040
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms~RF11170f.TMP
binary
MD5: 4d52243d2d5c00150afd5ef8770ca507
SHA256: 4cd400921c4212d25b9212bcb099c764b4e7e370c962cf2e2ad1d5b32ad310d4
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms
binary
MD5: 4d52243d2d5c00150afd5ef8770ca507
SHA256: 4cd400921c4212d25b9212bcb099c764b4e7e370c962cf2e2ad1d5b32ad310d4
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1573807221713e71.customDestinations-ms
binary
MD5: 2e3041cbf8111edcad76f019d79baf1c
SHA256: 96b7aba600ed61b9d808aaaa87f94058560574bba5ce98e7560cfe417a6f9040
1928
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\UUP5HHDJ8MQTJCH8XYRO.temp
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\V428071LDYKMKSDK1GVN.temp
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm1702.tmp
binary
MD5: 3d63a89d46fb846c6da763b1c7726d03
SHA256: e91631b6b5597e36b0528b38157cc0e9f4f462d292d36c3ab3f48bd241f18f71
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm1705.tmp
binary
MD5: 4303b020bd4f0366c44e805f7b11cafe
SHA256: e40ab07c72b94ee69a97b5ff820c23816028f9f180d045be459eda2bf811989e
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm1704.tmp
binary
MD5: 2034995f0bbaa16db835b462eb78152a
SHA256: 62ce260f5e10fc17bf63faafa39912febf61d20fad51cc11606a295801743799
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\shepherd_ff_avast_com[1].txt
text
MD5: 8be2c847cfffa458ca0391fe3f9502c3
SHA256: 0e59d844deadf416bc16cc622c8c34e77a3fe52c7e463180e90f2ee2c02d0408
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\installcheck[1].aspx
text
MD5: acf06cdd9c744f969958e1f085554c8b
SHA256: ebdac3c98535aaf946e697680be79579e80a17d5e993ba9779cba0eae39a63ff
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\CheckUpdate.log
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm1703.tmp
binary
MD5: b623140136560adaf3786e262c01676f
SHA256: ee3e1212dbd47e058e30b119a92f853d3962558065fa3065ad5c1d47654c4140
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\7e4dca80246863e3.automaticDestinations-ms
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm16F1.tmp
binary
MD5: 5faf28499b3f5f944044aa68b60f4eef
SHA256: b2dd0dbeca7fb52803e83f67a9169892b37b741b9495617ed6de23a08ebc26aa
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thm16F0.tmp
binary
MD5: ae08a2f7fbf44ad3cb6cbc529df8b1dd
SHA256: 8429d5c6eb134eb64d8b0f3ecce83ab4d4d16e73c2d76993163372692b65ea8f
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\modern-header.bmp
image
MD5: 6412e0b095da5095b321d376eb912ca5
SHA256: f2d07a76ad7d89e64ee261c81039205e44cd0f496193a25de08eac488874e1e0
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\modern-wizard.bmp
image
MD5: bf670074262a7e29da8c0ff2d94c1438
SHA256: 1ea1d0a8b0302840b2ba4743fdef788c93517ac083b7a9da7dd25640251ce061
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
dat
MD5: 7c2b6748ae00656079342b70b66ec181
SHA256: 908a50c6cb64f5e41632fd21ebeaa2b02e2540236c50b694935231caaf7fea52
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
––
MD5:  ––
SHA256:  ––
756
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 59faf7d4e1d283a8d40b177a2009b258
SHA256: f8d540b39332ea1abb6174b73c3a4ad52786e900ad77e2469ffacb3f49efc822
756
CCleaner.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\status[1].txt
text
MD5: 2e8ede2a7916824f9fb88109b61fcc0e
SHA256: 33e4249f7a060f3f02a8ce72bb0cc761f6a3f3f010918e6301b07304a8014e0c
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\verify[1].txt
html
MD5: f667c7f94928f86058bf04c4bfb327d4
SHA256: 38a68e5d55a93d952f6402242ff7535dc84c3a504333b9c81c57233af27512fa
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ed7a5cc3cca8d52a.customDestinations-ms
binary
MD5: 86b25931d8c421eb876fa2ef86adb0fa
SHA256: 7c47a0c09453d56e70676f0b53848780585a4f6fab321497bf5de30d38a07a32
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ed7a5cc3cca8d52a.customDestinations-ms~RF10f649.TMP
binary
MD5: 86b25931d8c421eb876fa2ef86adb0fa
SHA256: 7c47a0c09453d56e70676f0b53848780585a4f6fab321497bf5de30d38a07a32
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\E2PCJX80LQK0T2K3ZGX8.temp
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\auto[1].txt
text
MD5: 3e6423b684c8a42e64e198a9f0f4397e
SHA256: 0b8d6b5dc74d9b0882612fae864d6a1cccfef6fe525449360407f192058ec567
3608
CCUpdate.exe
C:\Program Files\CCleaner\Setup\4d3fa822-eb76-49f7-9502-01cca658f055.xml
––
MD5:  ––
SHA256:  ––
1708
CCUpdate.exe
C:\Users\admin\AppData\Local\Temp\asw4970f0c12ed12834.tmp
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\X07AUJPET5UEYWRCF0JE.temp
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT
text
MD5: 206702161f94c5cd39fadd03f4014d98
SHA256: 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000002
binary
MD5: 23fca91f7baa36d6b935be630902e465
SHA256: 56994d26b2f5dfb71280bbdbfb6155208ec8abf0b228f33ec604bbd92c031f41
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
text
MD5: 4969ba5646d29c9de17d8df2269285cf
SHA256: 34c6268834bd81f47f20af4110c22dd83bae51fae734ac3f7227dcfb8f64e1ec
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.ldb
binary
MD5: 4d530e878efb20316e25d0c69c82be8a
SHA256: e07215d98350c23b705efab3cddd0004bc6e7755a929ee61bb2be6c9ca705ae2
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000002.dbtmp
––
MD5:  ––
SHA256:  ––
1708
CCUpdate.exe
C:\Users\admin\AppData\Local\Temp\aswa4666a8bd8a80862.tmp
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 1b8036252b09dda7ad0963a5a40e4aba
SHA256: 89e90f5dc88f667b89afa57d04c939a3c7397bb98b9d259766fa452ec297ec06
1708
CCUpdate.exe
C:\Users\admin\AppData\Local\Temp\asw2bd6cb57bdf72150.tmp
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History
sqlite
MD5: 5698f913e806fa2dba2a44e667f41e7d
SHA256: 35e6144900302510d5493596d0a52856ee811856ba1d956f0b1513b986422c8b
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nsdA664.tmp
––
MD5:  ––
SHA256:  ––
3608
CCUpdate.exe
C:\Program Files\CCleaner\Setup\ea7e9d16-f60c-4804-9d64-03e0b6c4b761.ini
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000008.log
binary
MD5: b43f8be2bc97c490769a7daa9f54df12
SHA256: 23149653d7590ac0f7b08293d14806682ad9f0a77a5dee2b914fa4788f22de52
2100
ccsetup556[1].exe
C:\Users\Administrator\NTUSER.DAT.LOG1
log
MD5: 64db6b6a91ede484d4756576e445dac0
SHA256: 505f3dc89bb0df46d653ba4101c4cc2e12b40bdda14cd3bfd671805cb6ea3b20
2100
ccsetup556[1].exe
C:\Users\Administrator\NTUSER.DAT
hiv
MD5: 75dd2b19e3607b7915ab6de5426075ed
SHA256: 4227550659c8b5c78bb4b85486cf27c755f8c4145da509d9dde56db72bb8332d
2100
ccsetup556[1].exe
C:\Windows\system32\config\systemprofile\ntuser.dat.LOG1
log
MD5: e07d30d780c499d3bfe156a8dfd1e44a
SHA256: 027c6f7168919b6ca8d37cc4ff55aaa3070c5bea57b25783e16f399233197478
2100
ccsetup556[1].exe
C:\Windows\system32\config\systemprofile\ntuser.dat
hiv
MD5: 63f7f3daa72f52e006a54c185ad61772
SHA256: d80e0416f2017a5c11011c78ece7ee85a71c7297d5acf116c72352d5a86867b7
2100
ccsetup556[1].exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk
lnk
MD5: 5e22a09282c8c4f555bae3551ebf1853
SHA256: b5bee10909f1e7b250c8d31876d3679d8e63e15120fe05bc81ff759dbe87452d
2100
ccsetup556[1].exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url
text
MD5: e874843904a42397c1a78c267f1a85e7
SHA256: d037ca0be3bb7853c2a7a540af9e60a99c349210fbdae5618825766b18c6c06d
2100
ccsetup556[1].exe
C:\Users\Public\Desktop\CCleaner.lnk
lnk
MD5: fad311acd30e16890629dfc63bbb140f
SHA256: d635c71471464c37521a9c586cfb1e695ed80593b57f437b76ac7007778caa71
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 245626bf59780c776473d4e04b59f199
SHA256: e00df4c79cd5d176acbf590d4cf88f468b076c301075e99cdb02674cbfe76973
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT
text
MD5: 18e723571b00fb1694a3bad6c78e4054
SHA256: 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
text
MD5: cfc6b5c93b83e277902aef962e1fb049
SHA256: 0bdf7e74f1d15a0660cc673fe223ad5e09e25dc0c9e5611a1e88f7149f314e7a
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000007
binary
MD5: 2052b49abb2d598428553b54982a42e0
SHA256: 643c11d2a703c1b52c9a8ee9d934da986df331b12055ac82b5f463d6968e7a19
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000007.dbtmp
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000005
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000005.dbtmp
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 4c8ecaf1090f603d4e889fd873e8440e
SHA256: 8469dca5e8d193eb9a1b601b08ab9bf868f6ba9c71267a14f454bd59f6f0ee44
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Temp\CC1BD8.tmp
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Temp\ZZZZZZ.ZZZ
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
sqlite
MD5: b928e7bf4476770c736c9a7059a0ed3b
SHA256: ff8c9c8899933a052c1b51b512ab3ece30f2cf728d300b685ab0dd0a6d50c6bc
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite-shm
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite-shm
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite-shm
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite-wal
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite
sqlite
MD5: c93294074cfc0e9eb54d30338e73e059
SHA256: 8309f4f69c511abd3b7c7e0fbd484793d4971697bc29ca355c6b725e0a4ddccb
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Temp\etilqs_ZQSaKHtLSb171vN
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite-wal
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Temp\etilqs_Kyuo5AAcEkPfEv2
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ed7a5cc3cca8d52a.customDestinations-ms
binary
MD5: 145043cf09a3b0eb4dba06254317ae24
SHA256: 110ce68a933aa7807f517d4846b47d4205eca421b284cb751e1f29da0b547435
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ed7a5cc3cca8d52a.customDestinations-ms~RF11175d.TMP
binary
MD5: 145043cf09a3b0eb4dba06254317ae24
SHA256: 110ce68a933aa7807f517d4846b47d4205eca421b284cb751e1f29da0b547435
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
binary
MD5: 713e105b36caba71bc741554d9869b14
SHA256: 3c6279f620d254c65cf504667aed990571d422843e37c1af5e03c4bb403238ab
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF11175d.TMP
binary
MD5: 713e105b36caba71bc741554d9869b14
SHA256: 3c6279f620d254c65cf504667aed990571d422843e37c1af5e03c4bb403238ab
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\TI1LRCUM63ZAR2UEV132.temp
––
MD5:  ––
SHA256:  ––
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\QF5LKPJD0SHTSDL6EJ3O.temp
––
MD5:  ––
SHA256:  ––
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\Montserrat-Regular.otf
otf
MD5: 27e50ffd6a14cbc8221c9dbd3b5208dc
SHA256: 40fc1142200a5c1c18f80b6915257083c528c7f7fd2b00a552aeebc42898d428
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\CC_logo_72x66.png
image
MD5: a736159759a56c29575e49cb2a51f2b3
SHA256: 58e75de1789c90333daaf93176194d2a3d64f2eecdf57a4b9384a229e81f874f
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\PF_computer.png
image
MD5: 7f4f45c9393a0664d9d0725a2ff42c6b
SHA256: dbd8b6fdb66604a0a5e8efe269fbfa598e4a94dc146006036409d905209da42b
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\ui\res\PF_logo.png
image
MD5: 079cca30760cca3c01863b6b96e87848
SHA256: 8dd37d3721e25c32c5bf878b6dba9e61d04b7ce8aec45bdf703a41bc41802dfa
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms~RF11174e.TMP
binary
MD5: 0718412c5ad48fd11c883a2c7545e4ac
SHA256: 04317b698501aa39534a9063d6153df5a137f350d9ec83ba04bf98574744a9f0
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\838cc06828272270.customDestinations-ms~RF11174e.TMP
binary
MD5: 2470b9c4840417e24071a880c63fe2a2
SHA256: e4658d6dae6dccedaebaeacb6cbccf646e08f688be6a4bd935cc082aaa7598b8
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar-offer.png
image
MD5: 04ed2214ef3baffa60e7a7be388ae73d
SHA256: 4f17358509cc0b5de95477dfa4f8e042e3ec8e86705cac7c818fa777606d265d
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_2052.html
html
MD5: dd6f6ef40dac6d6d33a01a88a495dfce
SHA256: 50d0e2e84fca43d90a080373fee74325d158b3d34d4845a0d1760a64f401d937
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1054.html
html
MD5: e1f72dac8f7fd0405214a83f000e2981
SHA256: 5ec99ccd996e1cdf16b171827bff6e2e891a18d09d9964ca89d501b84b2c9448
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1062.html
html
MD5: 9f863ecdc21d2e306bf0d305400c0253
SHA256: 470d685638685aa930df626105ebd36cb7c9a0578f6da310fee39aee023de626
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1060.html
html
MD5: e28315c179d2ff3d053b15e0f5c6a865
SHA256: a2e50328dc9512224d2f2c773765e8333f4299c15d729ef4fa08295bce027eaa
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1055.html
html
MD5: cdbe1a3cce844a83127f8018729a715a
SHA256: b660d05eed0f47dc6cbcb22ecc16e205d0ae24d85a1a8d3bc516e504f9cbdcf2
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_3098.html
html
MD5: 7894c9430460ca1b623bd001d2a31e14
SHA256: ff76ff11452e6909cad24af160008c9ffa56ac01c6f18ee7d284a09a23db05f9
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1057.html
html
MD5: 7e11d65d3e02aa232ec8ab6f4fca623e
SHA256: a867609ce63eec23815f4612c4b8bc762f51993e85028ce309df3250e264dc8e
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1058.html
html
MD5: a53014d23429dbd1f1bf3756e2ffb876
SHA256: 581d2c0adee1506b9ecf183fefc3a9f90edf6ea71ef47feeeede8fb52c399d03
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1053.html
html
MD5: 08ce55d00ab800dcde919ba78e56a266
SHA256: 75ecd97bf02b02a57ef812621171d1a096c7245e57671d14b25c02d939785630
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1066.html
html
MD5: 8a1750e76c6542de08ae804f81170f4c
SHA256: 7128a0feb96caddd3f3e5b8e5b00d352130987515e2f3fa5e5ee2cceb6e9a415
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_2070.html
html
MD5: 444ac6895aae41ca750a99c172ef168b
SHA256: 84db7b9cd21c0fcc8ab4139a88cf3f507a737809055100e1491b8950357207d2
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1102.html
html
MD5: e1a15626a732d3137acdb5091002bae2
SHA256: 6cb8292127d95028125e243b8dae74819979d26a4f10559009b7ab612c1ef23d
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1061.html
html
MD5: 0c1dd3d325b7ac2c9fc47b974017c8ed
SHA256: 42783640282a7939615a905aea9d7abaeb0a74264f574a9ee634fd79c17dc2c1
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1044.html
html
MD5: 5ca8663380cf07dea668ba143ef00071
SHA256: f62f8570cf2720815b1978b71df515bfbb017d0c25ba2d451c59754e95afdbcf
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1050.html
html
MD5: b184a8851ba53a82cbfde2c71a2abd24
SHA256: 91966e6311e34d089fce42ebfbcf68d12beac77c03745e2aa07f2c0412c56f09
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1040.html
html
MD5: 1eb4ac465aeb35642284da9b01bd1bb7
SHA256: e948f988302da33f3e22fc61bee6e8ce881cb68ac866527f21935c74f241d50f
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1043.html
html
MD5: 2b2279417d317c3f4941bcf8a08d84a5
SHA256: 983f84a788911bfdd37f043f731a5d9717ccee88bb3a4a0ffe6efe32b7864e6e
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1051.html
html
MD5: 423a2abdc30a99dd2d63229865943401
SHA256: f4cbf4d05f4d7d3150c7239cf2f869f50390bc4ba974949f3e21b7b5d8d5f909
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1041.html
html
MD5: 860610977dc7d458bfa0e0e97110f3bb
SHA256: fb8a2358a72e03fb0c077bec37f638ab1470ec59eb1e12f7ee2713769b34fb39
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1037.html
html
MD5: ee42106f17419521f9ace2b4b0cb85dc
SHA256: 89f6375c0bb29bbdb3d3b71a4f51a225213f6b6b986787d4c0c8dc551d912b58
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1046.html
html
MD5: 465c8d7cdbeba6da9d2ca2be7ee095b2
SHA256: 797bd5d04a54487ce68cb573032ea1957dcc3fdcd4209e83325a7a00863450a2
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1038.html
html
MD5: 9634c48cfda7288ad4b8d396d868b5ef
SHA256: 3b0debfb1b4bae3853fea4b1690542dae11dfd339597222641dc012170704749
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1049.html
html
MD5: 0c5a42db882d1f0fa46428d1d3edac84
SHA256: 06cae1987ecc12d549a18f14fdf1bd089d8d2b006ca3d64f684df48f31cf5dac
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1048.html
html
MD5: 62d8a8bda8460101b2410ec39cf9b714
SHA256: 39e1cdf2ef23b562e7c04c2bc91b4c896e96142e51bc955185e295ee5469f481
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1042.html
html
MD5: 554a69e8d24e6246bf5cf3b2f3d14549
SHA256: 897f2ff020d9afab77eec0db54126b9411f193c2f479aa51b5e65a9dc4fb192c
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1045.html
html
MD5: 7f804a03780ebdf53219db4653dcc6fe
SHA256: 76e70ec1053993ff077f825c7c5d16023e0c38ac00163dc1752c8c4c4df0d544
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1036.html
html
MD5: ce1d077b7d02e861a5402cb91173f823
SHA256: 3af4ddd4ca97d12388974ea242eaa2a96926931f9b31cb47e6242337d67f5946
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1034.html
html
MD5: 37d69003a7618805ed371e1860e2c5bf
SHA256: a628568ebe42dc85eb67c4768df3b595c5d38da9f436ce7bcc04da74c4665c8a
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1035.html
html
MD5: f41a8621eb9602a2face60f8d5c6d245
SHA256: 4434e64c7ff8d9802acc036582fa32ce3750d6f4077db270980976105a89f778
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1033.html
html
MD5: 8190ce2c1f931956140c69dba9e6f79b
SHA256: 1b01da3e13f5fb0360306ecb6fc98e9aee64c6e21b0f9457da5ef08b9a8cf752
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1032.html
html
MD5: 476e0798d7b4dba63f7c005c206054c6
SHA256: 381e1c7b12a1a57acac15ab098524b8280f4e72bff35c8da6e12543ef04e40af
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1028.html
html
MD5: 9af281eb46c48a0c2799920b0bc311a2
SHA256: eeb623e4d2b83fc754147f78e45f5cf4a602b6d3fda2dc96998407c374faa63e
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1029.html
html
MD5: 2b6833543de17ce5c19c97558fcea1af
SHA256: f3f1ea2e224575ea6bf015affb2ab97f53f83245e175ccef5d8d217c426517fe
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1031.html
html
MD5: 3b440674567168fa40d28460d5c431af
SHA256: 3056c1583790b4f482bfa3c7d07b2bc3dffbb45567c211898fc1a07c57719721
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1030.html
html
MD5: a89b0aef38fe342c61a9a279fd5cd353
SHA256: da764054c0d91a5c211caeadaf53554eca739bac4b3569401832ee69a05bb9b0
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1027.html
html
MD5: 08ca6e5a61438634e811999d45794924
SHA256: 285bf46395f7a667c768a287f2d0fca09ed01b0d87864bfc5230f9132e46617e
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1025.html
html
MD5: fb02b724d6d4a0cd5bc8c978b96fb724
SHA256: 0892a328f6719000f6f817db63ab7479f39b98bb20d23cc4919a1c0a6f33ab56
2100
ccsetup556[1].exe
C:\Users\admin\AppData\Local\Temp\nstA675.tmp\g\gtb\toolbar_1026.html
html
MD5: cb0100874f54422fb725217b1d236286
SHA256: 01348b374c395f1bc39a22bee0420c55c6e04a132e1585a4d1611d79fa72c539
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\be71009ff8bb02a2.customDestinations-ms
binary
MD5: 30506f4e97f405d0b4a52377213b62b6
SHA256: 8f7bc8d09268c30218af462d7925f3601213e9236baa6b9b42ff8ab3ffa32961
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\be71009ff8bb02a2.customDestinations-ms~RF11174e.TMP
binary
MD5: 30506f4e97f405d0b4a52377213b62b6
SHA256: 8f7bc8d09268c30218af462d7925f3601213e9236baa6b9b42ff8ab3ffa32961
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74ea779831912e30.customDestinations-ms
binary
MD5: b7ffda67478fc4b6a9e491f297d2b1fd
SHA256: 241d12654f0a03a7b4ada0dc0ecf3570ac712697ef7724db74270809e6365a32
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\838cc06828272270.customDestinations-ms
binary
MD5: 2470b9c4840417e24071a880c63fe2a2
SHA256: e4658d6dae6dccedaebaeacb6cbccf646e08f688be6a4bd935cc082aaa7598b8
2520
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{88BB8167-5EF0-11E9-B63D-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
2520
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF80EF71B9892CB151.TMP
––
MD5:  ––
SHA256:  ––
1928
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: d7a950fefd60dbaa01df2d85fefb3862
SHA256: 75d0b1743f61b76a35b1fedd32378837805de58d79fa950cb6e8164bfa72073a
1928
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.log
text
MD5: 5ec73d7e8e1e573052899fc0cb8f2165
SHA256: 3a0eb1864bb6e7a96e2f8d2ffb406d86027f932904c865cf3e83ca3983db7a2e
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74ea779831912e30.customDestinations-ms~RF11174e.TMP
binary
MD5: b7ffda67478fc4b6a9e491f297d2b1fd
SHA256: 241d12654f0a03a7b4ada0dc0ecf3570ac712697ef7724db74270809e6365a32
2520
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019041420190415\index.dat
dat
MD5: 046d9a6b239064c8617cd6d0243547af
SHA256: 94fc9edc1d3184a8618f4b6deef6876f93e622923eff0e7391b3049e794893e2
1928
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019041420190415\index.dat
dat
MD5: cbb56d4e990b7dacfe1faae7457635fc
SHA256: 076036e78ecdbeb156de9df313fadb4e402cef6fc4333556651bc1c13b1a7cfe
1928
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: a08b4bb0c47838583cede69d14026c36
SHA256: c8a8540b86d2362435a13d8970ad6ddaa6edf8130c20cfad546831a5fcd572d5
2520
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RDSLDLKH\ccsetup556[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2520
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\ccsetup556[1].exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms
binary
MD5: 0718412c5ad48fd11c883a2c7545e4ac
SHA256: 04317b698501aa39534a9063d6153df5a137f350d9ec83ba04bf98574744a9f0
2116
CCleaner.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XBW5PHUCOJN7F980XU8W.temp
––
MD5:  ––
SHA256:  ––
2520
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{88BB8168-5EF0-11E9-B63D-5254004A04AF}.dat
binary
MD5: d190b38a5a4439ea621c494c4d589426
SHA256: da7f69bb7da8a3b30d4eff6cef0d858dc7f43b8aa18398a36564df166132e987
2520
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF4F282D375D21997B.TMP
––
MD5:  ––
SHA256:  ––
2520
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2520
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2520
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
––
MD5:  ––
SHA256:  ––
1928
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 805bd3bf206c37c96d5c2d3a037eade8
SHA256: 00f8dd7a8ffe73ba3dd04a75f3fde267afaad7370e0e692cc3c99e53ad6f51a0
1928
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFQQ5IHB\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
1928
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RDSLDLKH\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
1928
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3N3GEL8Q\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
1928
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\92K5P65J\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2520
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
1928
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2116
CCleaner.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History-journal
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
13
TCP/UDP connections
18
DNS requests
21
Threats
3

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2520 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
2100 ccsetup556[1].exe GET 200 151.101.0.64:80 http://service.piriform.com/installcheck.aspx?p=1&v=5.56.7144&vx=5.35.6210&l=1033&b=1&o=6.1W3&g=2&i=1&a=0&e=0&n=ccsetup556[1].exe&id=003&mk=IJR6-W5SV-5KYR-QBZD-6BY4-RN5Z-WAV9-RVK2-VJCA&mx=97B7721C4994E2556FF6A439510F665DB45337A341A47E15F4997584423BF714&gd=f2b18f71-0d46-4a32-87b9-659ca2662cc0 US
text
whitelisted
3608 CCUpdate.exe GET 200 5.62.38.20:80 http://ip-info.ff.avast.com/v2/info NL
text
whitelisted
3608 CCUpdate.exe HEAD 200 2.16.106.147:80 http://emupdate.avcdn.net/files/emupdate/pong.txt unknown
––
––
whitelisted
3608 CCUpdate.exe GET 200 2.16.106.185:80 http://ccleaner.tools.avcdn.net/tools/ccleaner/update/patches.ini unknown
ini
whitelisted
3608 CCUpdate.exe GET 200 2.16.106.185:80 http://ccleaner.tools.avcdn.net/tools/ccleaner/update/20180205.dll unknown
executable
whitelisted
1708 CCUpdate.exe GET 200 5.62.38.20:80 http://ip-info.ff.avast.com/v2/info NL
text
whitelisted
1708 CCUpdate.exe GET 200 216.58.207.78:80 http://www.google-analytics.com/collect?v=1&tid=UA-58120669-26&t=event&cid=97b7721c4994e2556ff6a439510f665db45337a341a47e15f4997584423bf714&ec=20180910&ea=executed&el=1&ev=0 US
image
whitelisted
1708 CCUpdate.exe GET 200 216.58.207.78:80 http://www.google-analytics.com/collect?v=1&tid=UA-58120669-26&t=event&cid=97b7721c4994e2556ff6a439510f665db45337a341a47e15f4997584423bf714&ec=20180910&ea=version&el=5.56.0.7144&ev=0 US
image
whitelisted
1708 CCUpdate.exe GET 200 216.58.207.78:80 http://www.google-analytics.com/collect?v=1&tid=UA-58120669-26&t=event&cid=97b7721c4994e2556ff6a439510f665db45337a341a47e15f4997584423bf714&ec=20180910&ea=version_check&el=0&ev=0 US
image
whitelisted
3608 CCUpdate.exe GET 200 2.16.106.185:80 http://ccleaner.tools.avcdn.net/tools/ccleaner/update/updates.xml unknown
xml
whitelisted
2116 CCleaner.exe GET 200 151.101.2.202:80 http://www.ccleaner.com/auto?a=0&p=cc&v=5.56.7144&l=1033&lk=&mk=IJR6-W5SV-5KYR-QBZD-6BY4-RN5Z-WAV9-RVK2-VJCA&o=6.1W3&au=1&mx=97B7721C4994E2556FF6A439510F665DB45337A341A47E15F4997584423BF714&gd=f2b18f71-0d46-4a32-87b9-659ca2662cc0 US
text
whitelisted
2116 CCleaner.exe GET 200 151.101.2.109:80 http://license.piriform.com/verify/?p=ccpro&c=cc&cv=5.56.7144&l=1033&lk=CJ9T-J7CU-SPNV-GWMB-WBEC&mk=IJR6-W5SV-5KYR-QBZD-6BY4-RN5Z-WAV9-RVK2-VJCA&mx=97B7721C4994E2556FF6A439510F665DB45337A341A47E15F4997584423BF714&gd=f2b18f71-0d46-4a32-87b9-659ca2662cc0 US
html
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2520 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
1928 iexplore.exe 13.32.219.75:443 Amazon.com, Inc. US unknown
2100 ccsetup556[1].exe 5.62.40.204:443 AVAST Software s.r.o. DE unknown
2100 ccsetup556[1].exe 151.101.0.64:80 Fastly US whitelisted
2100 ccsetup556[1].exe 5.62.40.202:443 AVAST Software s.r.o. DE unknown
3608 CCUpdate.exe 5.62.38.20:80 AVAST Software s.r.o. NL unknown
3608 CCUpdate.exe 2.16.106.147:80 Akamai International B.V. –– unknown
3608 CCUpdate.exe 2.16.106.185:80 Akamai International B.V. –– suspicious
1708 CCUpdate.exe 5.62.38.20:80 AVAST Software s.r.o. NL unknown
1708 CCUpdate.exe 216.58.207.78:80 Google Inc. US whitelisted
2116 CCleaner.exe 5.62.40.204:443 AVAST Software s.r.o. DE unknown
2116 CCleaner.exe 151.101.2.202:80 Fastly US unknown
2116 CCleaner.exe 151.101.2.202:443 Fastly US unknown
2116 CCleaner.exe 151.101.2.109:443 Fastly US unknown
756 CCleaner.exe 5.62.40.204:443 AVAST Software s.r.o. DE unknown
2116 CCleaner.exe 151.101.2.109:80 Fastly US unknown
756 CCleaner.exe 151.101.2.109:443 Fastly US unknown
–– –– 5.62.38.152:443 AVAST Software s.r.o. NL unknown

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
download.ccleaner.com 13.32.219.75
13.32.219.76
13.32.219.219
13.32.219.236
whitelisted
analytics.ff.avast.com 5.62.40.204
77.234.45.54
whitelisted
www.ccleaner.com 151.101.2.202
151.101.66.202
151.101.130.202
151.101.194.202
whitelisted
service.piriform.com 151.101.0.64
151.101.64.64
151.101.128.64
151.101.192.64
whitelisted
shepherd.ff.avast.com 5.62.40.202
5.62.40.201
whitelisted
ip-info.ff.avast.com 5.62.38.21
5.62.38.20
whitelisted
emupdate.avcdn.net 2.16.106.147
2.16.106.187
whitelisted
ccleaner.tools.avcdn.net 2.16.106.178
2.16.106.185
whitelisted
www.google-analytics.com 216.58.207.78
whitelisted
license.piriform.com 151.101.2.109
151.101.66.109
151.101.130.109
151.101.194.109
whitelisted
ipm-provider.ff.avast.com 5.62.38.152
5.62.38.153
5.62.38.204
5.62.38.155
5.62.38.45
5.62.38.143
5.62.38.203
5.62.38.44
5.62.38.205
5.62.40.18
5.62.40.16
5.62.38.206
whitelisted

Threats

PID Process Class Message
1928 iexplore.exe Generic Protocol Command Decode SURICATA STREAM excessive retransmissions
3608 CCUpdate.exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP
2116 CCleaner.exe Misc activity SUSPICIOUS [PTsecurity] Bundled.Toolbar.Google potentially unsafe

Debug output strings

Process Message
CCleaner.exe OnData Not UsingRemoteContent OnData ShowUpsell=0 ShowCross=0 ShowTip=true
CCleaner.exe OnData Not UsingRemoteContent OnData ShowUpsell=0 ShowCross=0 ShowTip=true