Edit tour

Windows Analysis Report
Clear-TemplateSearch.b5003.SK048.ed.exe

Overview

General Information

Sample name:	Clear-TemplateSearch.b5003.SK048.ed.exe
Analysis ID:	1445864
MD5:	2dff543405ed6f5fa29ba7cd047c22f7
SHA1:	379778c2b2b20ebfb691a43a4f77271c43607715
SHA256:	9809e3b5118a0c46c6001c6b0fe7bba654315759b67cc1295930b21d3748f8cf
Infos:

Detection

Score:	30
Range:	0 - 100
Whitelisted:	false
Confidence:	20%

Signatures

Multi AV Scanner detection for submitted file

Installs Task Scheduler Managed Wrapper

Tries to delay execution (extensive OutputDebugStringW loop)

Tries to harvest and steal browser information (history, passwords, etc)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains long sleeps (>= 3 min)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Enables debug privileges

Enables security privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

IP address seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries keyboard layouts

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Searches the installation path of Mozilla Firefox

Sigma detected: Use Short Name Path in Command Line

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

System is w10x64

Clear-TemplateSearch.b5003.SK048.ed.exe (PID: 2000 cmdline: "C:\Users\user\Desktop\Clear-TemplateSearch.b5003.SK048.ed.exe" MD5: 2DFF543405ED6F5FA29BA7CD047C22F7)

Clear-TemplateSearch.b5003.SK048.ed.tmp (PID: 6304 cmdline: "C:\Users\user~1\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp" /SL5="$203E0,4024297,806400,C:\Users\user\Desktop\Clear-TemplateSearch.b5003.SK048.ed.exe" MD5: C76E26901E5B975415817DC6691B10FC)

7zr.exe (PID: 8160 cmdline: "C:\Users\user~1\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe" x "C:\Users\user~1\AppData\Local\Temp\is-ND9CL.tmp\clear.7z" -o"C:\Users\user~1\AppData\Local\Temp\is-ND9CL.tmp\Net\app\" -y MD5: 8693D7EA0B258EDF72C6EF7CFF1E46FB)

conhost.exe (PID: 8168 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

7zr.exe (PID: 1548 cmdline: "C:\Users\user~1\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe" x "C:\Users\user~1\AppData\Local\Temp\is-ND9CL.tmp\chromium.7z" -o"C:\Users\user~1\AppData\Local\Temp\is-ND9CL.tmp\Net\Chromium" -y MD5: 8693D7EA0B258EDF72C6EF7CFF1E46FB)

conhost.exe (PID: 712 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Clear.exe (PID: 3380 cmdline: "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe" postinstall "C:\Users\user\Desktop\Clear-TemplateSearch.b5003.SK048.ed.exe" "1.1.3.0" "C:\Users\user~1\AppData\Local\Temp\is-ND9CL.tmp\Profiles" "AutoStart_=true" "BuildVariant[]=" MD5: 26AE5F1918D76D1221ED90C7183BDC84)

clearbrowser.exe (PID: 7524 cmdline: "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" MD5: 973083D0D50F0C6369162207CA811C69)

clearbrowser.exe (PID: 4816 cmdline: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\ClearBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\ClearBrowser\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=ClearBrowser --annotation=ver=120.0.6099.199 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb0321e440,0x7ffb0321e44c,0x7ffb0321e458 MD5: 973083D0D50F0C6369162207CA811C69)

clearbrowser.exe (PID: 7652 cmdline: "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=gpu-process --no-pre-read-main-dll --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2012 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:2 MD5: 973083D0D50F0C6369162207CA811C69)

clearbrowser.exe (PID: 7696 cmdline: "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-pre-read-main-dll --start-stack-profiler --mojo-platform-channel-handle=2164 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:8 MD5: 973083D0D50F0C6369162207CA811C69)

clearbrowser.exe (PID: 4220 cmdline: "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-pre-read-main-dll --mojo-platform-channel-handle=3324 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:8 MD5: 973083D0D50F0C6369162207CA811C69)

clearbrowser.exe (PID: 6000 cmdline: "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=renderer --no-pre-read-main-dll --first-renderer-process --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --time-ticks-at-unix-epoch=-1716392232912672 --launch-time-ticks=7063572613 --mojo-platform-channel-handle=3668 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:1 MD5: 973083D0D50F0C6369162207CA811C69)

clearbrowser.exe (PID: 7868 cmdline: "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=renderer --extension-process --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1716392232912672 --launch-time-ticks=7064007852 --mojo-platform-channel-handle=3752 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:1 MD5: 973083D0D50F0C6369162207CA811C69)

clearbrowser.exe (PID: 6760 cmdline: "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=renderer --extension-process --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1716392232912672 --launch-time-ticks=7064386856 --mojo-platform-channel-handle=3892 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:1 MD5: 973083D0D50F0C6369162207CA811C69)

clearbrowser.exe (PID: 5920 cmdline: "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=renderer --extension-process --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1716392232912672 --launch-time-ticks=7064810809 --mojo-platform-channel-handle=4108 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:1 MD5: 973083D0D50F0C6369162207CA811C69)

clearbrowser.exe (PID: 5532 cmdline: "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=renderer --extension-process --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --time-ticks-at-unix-epoch=-1716392232912672 --launch-time-ticks=7065811433 --mojo-platform-channel-handle=4260 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:1 MD5: 973083D0D50F0C6369162207CA811C69)

clearbrowser.exe (PID: 7128 cmdline: "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=renderer --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --time-ticks-at-unix-epoch=-1716392232912672 --launch-time-ticks=7066277542 --mojo-platform-channel-handle=4464 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:1 MD5: 973083D0D50F0C6369162207CA811C69)

clearbrowser.exe (PID: 4708 cmdline: "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-GB --service-sandbox-type=none --no-pre-read-main-dll --mojo-platform-channel-handle=4572 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:8 MD5: 973083D0D50F0C6369162207CA811C69)

explorer.exe (PID: 4056 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)

clearbrowser.exe (PID: 8068 cmdline: "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --no-pre-read-main-dll --mojo-platform-channel-handle=4052 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:8 MD5: 973083D0D50F0C6369162207CA811C69)

clearbrowser.exe (PID: 8076 cmdline: "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --no-pre-read-main-dll --mojo-platform-channel-handle=3220 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:8 MD5: 973083D0D50F0C6369162207CA811C69)

clearbrowser.exe (PID: 8048 cmdline: "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=renderer --extension-process --no-pre-read-main-dll --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --time-ticks-at-unix-epoch=-1716392232912672 --launch-time-ticks=7075773636 --mojo-platform-channel-handle=4568 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:1 MD5: 973083D0D50F0C6369162207CA811C69)

clearbrowser.exe (PID: 8132 cmdline: "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --no-pre-read-main-dll --mojo-platform-channel-handle=3280 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:8 MD5: 973083D0D50F0C6369162207CA811C69)

clearbrowser.exe (PID: 6508 cmdline: "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --no-pre-read-main-dll --mojo-platform-channel-handle=3928 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:8 MD5: 973083D0D50F0C6369162207CA811C69)

clearbrowser.exe (PID: 5472 cmdline: "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=gpu-process --no-pre-read-main-dll --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3224 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:2 MD5: 973083D0D50F0C6369162207CA811C69)

clearbrowser.exe (PID: 7060 cmdline: "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=gpu-process --no-pre-read-main-dll --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=disabled --mojo-platform-channel-handle=5184 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:2 MD5: 973083D0D50F0C6369162207CA811C69)

clearbrowser.exe (PID: 3332 cmdline: "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-GB --service-sandbox-type=none --no-pre-read-main-dll --mojo-platform-channel-handle=4208 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:8 MD5: 973083D0D50F0C6369162207CA811C69)

Clear.exe (PID: 4452 cmdline: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe MD5: 26AE5F1918D76D1221ED90C7183BDC84)

Clear.exe (PID: 5444 cmdline: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe update MD5: 26AE5F1918D76D1221ED90C7183BDC84)

Clear.exe (PID: 5828 cmdline: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe weather MD5: 26AE5F1918D76D1221ED90C7183BDC84)

cleanup

Sigma Signatures

Sigma detected: Use Short Name Path in Command Line

Source: Process started

Author: frack113, Nasreddine Bencherchali: Data: Command: "C:\Users\user~1\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp" /SL5="$203E0,4024297,806400,C:\Users\user\Desktop\Clear-TemplateSearch.b5003.SK048.ed.exe" , CommandLine: "C:\Users\user~1\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp" /SL5="$203E0,4024297,806400,C:\Users\user\Desktop\Clear-TemplateSearch.b5003.SK048.ed.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp, NewProcessName: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp, OriginalFileName: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp, ParentCommandLine: "C:\Users\user\Desktop\Clear-TemplateSearch.b5003.SK048.ed.exe", ParentImage: C:\Users\user\Desktop\Clear-TemplateSearch.b5003.SK048.ed.exe, ParentProcessId: 2000, ParentProcessName: Clear-TemplateSearch.b5003.SK048.ed.exe, ProcessCommandLine: "C:\Users\user~1\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp" /SL5="$203E0,4024297,806400,C:\Users\user\Desktop\Clear-TemplateSearch.b5003.SK048.ed.exe" , ProcessId: 6304, ProcessName: Clear-TemplateSearch.b5003.SK048.ed.tmp

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: Clear-TemplateSearch.b5003.SK048.ed.exe

ReversingLabs: Detection: 33%

Source: Clear-TemplateSearch.b5003.SK048.ed.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D5806CCB-8635-4E7A-94FC-BF2723167477}_is1

Jump to behavior

Source: Clear-TemplateSearch.b5003.SK048.ed.exe

Static PE information: certificate valid

Source: Clear-TemplateSearch.b5003.SK048.ed.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\gitlab-runner\builds\tb72VnLq\0\extension-prototypes\launchwebbar\WpfAppBar\obj\Release\WpfAppBar.pdb4UNU @U_CorDllMainmscoree.dll source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin\obj\Windows_NT.AnyCPU.Release\System.Runtime.InteropServices.RuntimeInformation\net462\System.Runtime.InteropServices.RuntimeInformation.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\gitlab-runner\builds\tb72VnLq\0\extension-prototypes\launchwebbar\obj\Release\Clear.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2100852873.00000000013E7000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.00000274571D9000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.ObjectModel\4.0.11.0\System.ObjectModel.pdbX+r+ d+_CorDllMainmscoree.dll source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Reader\4.0.2.0\System.Resources.Reader.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection.Primitives\4.0.1.0\System.Reflection.Primitives.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.NameResolution\4.0.2.0\System.Net.NameResolution.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\gitlab-runner\builds\tb72VnLq\0\extension-prototypes\launchwebbar\WpfAppBar\obj\Release\WpfAppBar.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection\4.1.2.0\System.Reflection.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.InteropServices\4.1.2.0\System.Runtime.InteropServices.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem\4.0.3.0\System.IO.FileSystem.pdb8)R) D)_CorDllMainmscoree.dll source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.Encoding\4.0.2.0\System.Security.Cryptography.Encoding.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin\obj\Windows_NT.AnyCPU.Release\System.Net.Http\netfx\System.Net.Http.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.ResourceManager\4.0.1.0\System.Resources.ResourceManager.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO\4.1.2.0\System.IO.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.Csp\4.0.2.0\System.Security.Cryptography.Csp.pdb4)N) @)_CorDllMainmscoree.dll source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Linq\4.1.2.0\System.Linq.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\s\GitHub\WpfScreenHelper\src\WpfScreenHelper\obj\Release\net40\WpfScreenHelper.pdbSHA256S source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: kernel32.pdb source: clearbrowser.exe, 00000017.00000002.2527020624.000052F400018000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: chrome.dll.pdb source: clearbrowser.exe, 00000017.00000002.2527020624.000052F400018000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Drawing.Primitives\4.0.2.0\System.Drawing.Primitives.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem.DriveInfo\4.0.2.0\System.IO.FileSystem.DriveInfo.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.Pipes\4.0.2.0\System.IO.Pipes.pdbh) source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Writer\4.0.2.0\System.Resources.Writer.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Security\4.0.2.0\System.Net.Security.pdbTn `*_CorDllMainmscoree.dll source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.ThreadPool\4.0.12.0\System.Threading.ThreadPool.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: OTE:\A\_work\582\s\bin\obj\ref\System.Globalization.Calendars\4.0.3.0\System.Globalization.Calendars.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection.Primitives\4.0.1.0\System.Reflection.Primitives.pdb$> 0*_CorDllMainmscoree.dll source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.UnmanagedMemoryStream\4.0.3.0\System.IO.UnmanagedMemoryStream.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Threading.Overlapped/netfx\System.Threading.Overlapped.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Runtime.Serialization.Xml/netfx\System.Runtime.Serialization.Xml.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.Timer\4.0.1.0\System.Threading.Timer.pdbt( source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Globalization\4.0.11.0\System.Globalization.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XmlSerializer\4.0.11.0\System.Xml.XmlSerializer.pdbt+ source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.NameResolution\4.0.2.0\System.Net.NameResolution.pdb\|( source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.Timer\4.0.1.0\System.Threading.Timer.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Linq.Parallel\4.0.1.0\System.Linq.Parallel.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdbBSJB source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Security.Cryptography.Algorithms/netfx\System.Security.Cryptography.Algorithms.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Security\4.0.2.0\System.Net.Security.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XPath\4.0.3.0\System.Xml.XPath.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.CompilerServices.VisualC\4.0.2.0\System.Runtime.CompilerServices.VisualC.pdb@Z L*_CorDllMainmscoree.dll source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Runtime.Serialization.Primitives/netfx\System.Runtime.Serialization.Primitives.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Numerics\4.0.1.0\System.Runtime.Numerics.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.IO.Compression/netfx\System.IO.Compression.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Principal\4.0.1.0\System.Security.Principal.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime\4.1.2.0\System.Runtime.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\dev\sqlite\dotnet-private\bin\2015\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin\obj\Windows_NT.AnyCPU.Release\System.Runtime.InteropServices.RuntimeInformation\net462\System.Runtime.InteropServices.RuntimeInformation.pdbxE source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Writer\4.0.2.0\System.Resources.Writer.pdbl( source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XmlSerializer\4.0.11.0\System.Xml.XmlSerializer.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection\4.1.2.0\System.Reflection.pdbH,b, T,_CorDllMainmscoree.dll source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Numerics\4.0.1.0\System.Runtime.Numerics.pdb\|( source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Handles\4.0.1.0\System.Runtime.Handles.pdb,)F) 8)_CorDllMainmscoree.dll source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Text.RegularExpressions\4.1.1.0\System.Text.RegularExpressions.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Ping\4.0.2.0\System.Net.Ping.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection.Extensions\4.0.1.0\System.Reflection.Extensions.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\dev\sqlite\dotnet-private\bin\2015\Win32\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: kernelbase.pdb source: clearbrowser.exe, 00000017.00000002.2527020624.000052F400018000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\s\GitHub\WpfScreenHelper\src\WpfScreenHelper\obj\Release\net40\WpfScreenHelper.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.NetworkInformation\4.1.2.0\System.Net.NetworkInformation.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.Primitives\4.0.2.0\System.Security.Cryptography.Primitives.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.ObjectModel\4.0.11.0\System.ObjectModel.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Globalization.Extensions/netfx\System.Globalization.Extensions.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.CompilerServices.VisualC\4.0.2.0\System.Runtime.CompilerServices.VisualC.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Security.SecureString/netfx\System.Security.SecureString.pdbf) source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.InteropServices\4.1.2.0\System.Runtime.InteropServices.pdbH5b5 T5_CorDllMainmscoree.dll source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.Tasks\4.0.11.0\System.Threading.Tasks.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Serialization.Formatters\4.0.2.0\System.Runtime.Serialization.Formatters.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Reader\4.0.2.0\System.Resources.Reader.pdbl( source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.ReaderWriter\4.1.1.0\System.Xml.ReaderWriter.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.Tasks.Parallel\4.0.1.0\System.Threading.Tasks.Parallel.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.WebSockets.Client\4.0.2.0\System.Net.WebSockets.Client.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.IsolatedStorage\4.0.2.0\System.IO.IsolatedStorage.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Xml.XPath.XDocument/netfx\System.Xml.XPath.XDocument.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem\4.0.3.0\System.IO.FileSystem.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.X509Certificates\4.1.2.0\System.Security.Cryptography.X509Certificates.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Linq.Expressions\4.1.2.0\System.Linq.Expressions.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.Csp\4.0.2.0\System.Security.Cryptography.Csp.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Requests\4.0.11.0\System.Net.Requests.pdbX)r) d)_CorDllMainmscoree.dll source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Handles\4.0.1.0\System.Runtime.Handles.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.Encoding\4.0.2.0\System.Security.Cryptography.Encoding.pdbT)n) `)_CorDllMainmscoree.dll source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netfx\System.Threading.Tasks.Extensions.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.Pipes\4.0.2.0\System.IO.Pipes.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Primitives\4.0.11.0\System.Net.Primitives.pdbH,b, T,_CorDllMainmscoree.dll source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Linq.Queryable\4.0.1.0\System.Linq.Queryable.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Security.SecureString/netfx\System.Security.SecureString.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Dynamic.Runtime\4.0.11.0\System.Dynamic.Runtime.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XDocument\4.0.11.0\System.Xml.XDocument.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading\4.0.11.0\System.Threading.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: hromium\src\out\Default\initialexe\chrome.exe.pdbR source: clearbrowser.exe, 00000017.00000003.2491877314.000052F400040000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.Compression.ZipFile\4.0.3.0\System.IO.Compression.ZipFile.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XmlDocument\4.0.3.0\System.Xml.XmlDocument.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.Thread\4.0.2.0\System.Threading.Thread.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: me.exe.pdbut\Default\initialexe\chrome.exe.pdbbR source: clearbrowser.exe, 00000017.00000003.2491877314.000052F400040000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.WebHeaderCollection\4.0.1.0\System.Net.WebHeaderCollection.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Text.Encoding\4.0.11.0\System.Text.Encoding.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Claims\4.0.3.0\System.Security.Claims.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Text.Encoding.Extensions\4.0.11.0\System.Text.Encoding.Extensions.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: X5WE:\A\_work\582\s\bin\obj\ref\System.IO.Compression.ZipFile\4.0.3.0\System.IO.Compression.ZipFile.pdb( source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: chrome.exe.pdb source: clearbrowser.exe, 00000017.00000002.2527020624.000052F400018000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netfx\System.ValueTuple.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem.Primitives\4.0.3.0\System.IO.FileSystem.Primitives.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.IO.Compression/netfx\System.IO.Compression.pdb]W source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Requests\4.0.11.0\System.Net.Requests.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Extensions\4.1.2.0\System.Runtime.Extensions.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\chromium\src\out\Default\initialexe\chrome.exe.pdb source: clearbrowser.exe, 00000012.00000000.2470045911.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000013.00000000.2473734042.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000017.00000002.2533596210.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000017.00000000.2484249021.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000018.00000000.2488829459.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000019.00000000.2493953464.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 0000001A.00000000.2497102026.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 0000001C.00000000.2501592584.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: ntdll.pdb source: clearbrowser.exe, 00000017.00000002.2527474192.000052F400034000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Net.Sockets/netfx\System.Net.Sockets.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.WebSockets\4.0.2.0\System.Net.WebSockets.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Serialization.Json\4.0.1.0\System.Runtime.Serialization.Json.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.MemoryMappedFiles\4.0.2.0\System.IO.MemoryMappedFiles.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Primitives\4.0.11.0\System.Net.Primitives.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Globalization.Calendars\4.0.3.0\System.Globalization.Calendars.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem.Watcher\4.0.2.0\System.IO.FileSystem.Watcher.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp

Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs

Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_00815C8D __EH_prolog,FindFirstFileW,FindFirstFileW,FindFirstFileW,		9_2_00815C8D
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_008179F9 FindFirstFileW,		9_2_008179F9

Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe

Code function: 9_2_008166A3 __EH_prolog,GetLogicalDriveStringsW,GetLogicalDriveStringsW,GetLogicalDriveStringsW,

9_2_008166A3

Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File opened: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\html	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File opened: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File opened: C:\Users\user\AppData	Jump to behavior

Source: Joe Sandbox View	IP Address: 1.1.1.1 1.1.1.1
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 172.64.41.3 172.64.41.3

Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: "weather": "https://www.yahoo.com/news/weather?fr=trp&type=Y223_F1_203061_{user.InstallTime\|format_mmddyy}", equals www.yahoo.com (Yahoo)
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: url: "http://www.facebook.com" equals www.facebook.com (Facebook)
Source: clearbrowser.exe, 00000017.00000002.2498110098.0000027B3FC30000.00000002.10000000.00040000.00000000.sdmp, clearbrowser.exe, 0000001C.00000002.2543488016.0000015EC2DB0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: allowed_websitesAhttps://www.youtube.com\|/embed,https://www.google.com\|/maps/embed equals www.youtube.com (Youtube)
Source: clearbrowser.exe, 00000017.00000002.2498110098.0000027B3FC30000.00000002.10000000.00040000.00000000.sdmp, clearbrowser.exe, 0000001C.00000002.2543488016.0000015EC2DB0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.youtube.com\|/embed,https://www.google.com\|/maps/embed equals www.youtube.com (Youtube)

Source: Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1290014289.000000007FE25000.00000004.00001000.00020000.00000000.sdmp, Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1289586745.0000000002619000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2100852873.00000000013E7000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2100852873.00000000013E7000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1290014289.000000007FE25000.00000004.00001000.00020000.00000000.sdmp, Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1289586745.0000000002619000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2100852873.00000000013E7000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1290014289.000000007FE25000.00000004.00001000.00020000.00000000.sdmp, Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1289586745.0000000002619000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2100852873.00000000013E7000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: clearbrowser.exe, 00000012.00000003.2484099352.00003C2C0020C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://clients2.google.com/time/1/current
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003716000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456D98000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://creativecommons.org/ns#
Source: clearbrowser.exe, 00000012.00000003.2524815657.00003C2C0088C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2524953996.00003C2C00D4C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2526920362.0000711000714000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2523768493.0000711000148000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2524087774.0000711000730000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.r2m02.amazontrust.com/r2m02.crl0u
Source: clearbrowser.exe, 00000012.00000003.2524815657.00003C2C0088C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2524953996.00003C2C00D4C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2526920362.0000711000714000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2523768493.0000711000148000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2524087774.0000711000730000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: clearbrowser.exe, 00000012.00000003.2524815657.00003C2C0088C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2524953996.00003C2C00D4C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2526920362.0000711000714000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2523768493.0000711000148000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2524087774.0000711000730000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootg2.amazontrust.com/rootg2.crl0
Source: Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1290014289.000000007FE25000.00000004.00001000.00020000.00000000.sdmp, Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1289586745.0000000002619000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2100852873.00000000013E7000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1290014289.000000007FE25000.00000004.00001000.00020000.00000000.sdmp, Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1289586745.0000000002619000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2100852873.00000000013E7000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1290014289.000000007FE25000.00000004.00001000.00020000.00000000.sdmp, Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1289586745.0000000002619000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2100852873.00000000013E7000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: 7zr.exe, 00000009.00000003.2100852873.00000000013E7000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1290014289.000000007FE25000.00000004.00001000.00020000.00000000.sdmp, Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1289586745.0000000002619000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2100852873.00000000013E7000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: clearbrowser.exe, 0000001A.00000003.2503527895.0000180C0010C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2504222722.0000180C002F0000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2503912412.0000180C002E4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2503884876.0000180C002D8000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000003.2508850147.00002900002D8000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000003.2509598278.00002900002E4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000003.2508190162.000029000010C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000003.2510021199.00002900002F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crrev.com/c/2555698.
Source: clearbrowser.exe, 00000018.00000003.2558813825.0000711000188000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crt.r2m
Source: clearbrowser.exe, 00000012.00000003.2524815657.00003C2C0088C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2524953996.00003C2C00D4C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2526920362.0000711000714000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2523768493.0000711000148000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2558813825.0000711000188000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2524087774.0000711000730000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crt.r2m02.amazontrust.com/r2m02.cer0
Source: clearbrowser.exe, 00000012.00000003.2524815657.00003C2C0088C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2524953996.00003C2C00D4C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2526920362.0000711000714000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2523768493.0000711000148000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2524087774.0000711000730000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: clearbrowser.exe, 00000012.00000003.2524815657.00003C2C0088C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2524953996.00003C2C00D4C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2526920362.0000711000714000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2523768493.0000711000148000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2524087774.0000711000730000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootg2.amazontrust.com/rootg2.cer0=
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-object.prototype.tostring)
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-patterns).
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-properties-of-the-map-prototype-object)
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero)
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://eev.ee/blog/2015/09/12/dark-corners-of-unicode/).
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://o.aolcdn.com/images/dims?image_uri=https%3A%2F%2Fs.yimg.com%2Fos%2Fcreatr-uploaded-images%2F2
Source: clearbrowser.exe, 00000012.00000003.2524815657.00003C2C0088C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2524953996.00003C2C00D4C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2526920362.0000711000714000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2523768493.0000711000148000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2524087774.0000711000730000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://o.ss2.us/0
Source: Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1290014289.000000007FE25000.00000004.00001000.00020000.00000000.sdmp, Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1289586745.0000000002619000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2100852873.00000000013E7000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1290014289.000000007FE25000.00000004.00001000.00020000.00000000.sdmp, Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1289586745.0000000002619000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2100852873.00000000013E7000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1290014289.000000007FE25000.00000004.00001000.00020000.00000000.sdmp, Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1289586745.0000000002619000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2100852873.00000000013E7000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1290014289.000000007FE25000.00000004.00001000.00020000.00000000.sdmp, Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1289586745.0000000002619000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2100852873.00000000013E7000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: clearbrowser.exe, 00000012.00000003.2524815657.00003C2C0088C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2524953996.00003C2C00D4C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2526920362.0000711000714000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2523768493.0000711000148000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2558813825.0000711000188000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2524087774.0000711000730000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.r2m02.amazontrust.com06
Source: clearbrowser.exe, 00000012.00000003.2524815657.00003C2C0088C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2524953996.00003C2C00D4C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2526920362.0000711000714000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2523768493.0000711000148000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2524087774.0000711000730000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: clearbrowser.exe, 00000012.00000003.2524815657.00003C2C0088C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2524953996.00003C2C00D4C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2526920362.0000711000714000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2523768493.0000711000148000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2524087774.0000711000730000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootg2.amazontrust.com08
Source: clearbrowser.exe, 00000012.00000003.2524815657.00003C2C0088C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2524953996.00003C2C00D4C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2526920362.0000711000714000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2523768493.0000711000148000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2524087774.0000711000730000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://s.ss2.us/r.crl0
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003716000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456D98000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/a/1824228/751089
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/a/28210364/1070244
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://underscorejs.org/LICENSE
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://w3.org/TR/2012/WD-url-20120524/#collect-url-parameters
Source: Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1290014289.000000007FE25000.00000004.00001000.00020000.00000000.sdmp, Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1289586745.0000000002619000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2100852873.00000000013E7000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ecma-international.org/ecma-262/7.0/#sec-ecmascript-language-types)
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.google.com/s2/favicons#domain=
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/s2/favicons?domain=
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.hardcodet.net/taskbar
Source: clearbrowser.exe, 0000001A.00000003.2586334170.0000180C012FC000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2506410407.0000180C00348000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2519441434.0000180C005B0000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2513071281.0000180C00C8C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2505893270.0000180C005B0000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2513408195.0000180C00CB4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2511093714.0000180C010D4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2521348250.0000180C009A4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2590957361.0000180C0064C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2518984899.0000180C00388000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2510572267.0000180C0064C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2585883712.0000180C014AC000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2515405893.0000180C0064C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2590553519.0000180C0154C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2505086561.0000180C0064C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2505307176.0000180C0088C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2510039344.0000180C00AEC000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2505086561.0000180C0060C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2517847312.0000180C0080C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2584636838.0000180C0125C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2523515649.0000180C00C8C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.html5rocks.com/en/tutorials/canvas/hidpi/
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003716000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456D98000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.inkscape.org/namespaces/inkscape
Source: Clear-TemplateSearch.b5003.SK048.ed.tmp, 00000002.00000003.1346101756.000000000CCE4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.json.org/json2.js
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.matts411.com/post/internet-explorer-9-oninput/
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: http://www.recipehub.com
Source: clearbrowser.exe, 0000001C.00000002.2564163878.0000015EC39B7000.00000002.00000001.00040000.0000001B.sdmp	String found in binary or memory: http://www.unicode.org/copyright.html
Source: clearbrowser.exe, 00000012.00000003.2524815657.00003C2C0088C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2524953996.00003C2C00D4C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2526920362.0000711000714000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2523768493.0000711000148000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2524087774.0000711000730000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://x.ss2.us/x.cer0&
Source: Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1288548533.0000000002530000.00000004.00001000.00020000.00000000.sdmp, Clear-TemplateSearch.b5003.SK048.ed.tmp, 00000002.00000003.1292998904.0000000003480000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://0srzroz2i7.execute-api.us-east-1.amazonaws.com/api/v1/events
Source: clearbrowser.exe, 00000012.00000003.2523721594.00003C2C00714000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/
Source: clearbrowser.exe, 00000012.00000003.2523721594.00003C2C00714000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/760
Source: clearbrowser.exe, 00000012.00000003.2524815657.00003C2C0088C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
Source: clearbrowser.exe, 00000012.00000003.2524815657.00003C2C0088C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://amazon.com
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://api.openweathermap.org/data/2.5/forecast/daily?
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://api.openweathermap.org/data/2.5/weather?
Source: clearbrowser.exe, 00000012.00000003.2524815657.00003C2C0088C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=1049982
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=830565
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=3443
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=182678
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=200829
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=773687
Source: clearbrowser.exe, 0000001A.00000003.2504512695.0000180C00150000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000002.2597861425.0000020400258000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: clearbrowser.exe, 0000001C.00000002.2577310758.0000015EC3FE0000.00000002.00000001.00040000.00000020.sdmp	String found in binary or memory: https://chrome.google.com/webstore/category/extensions
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: clearbrowser.exe, 00000012.00000003.2493906597.00003C2C00977000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en-GB
Source: clearbrowser.exe, 0000001C.00000002.2577310758.0000015EC3FE0000.00000002.00000001.00040000.00000020.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en-GB&category=theme81https://myactivity.google.com/myactivity
Source: clearbrowser.exe, 0000001C.00000002.2577310758.0000015EC3FE0000.00000002.00000001.00040000.00000020.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en-GBCtrl$1
Source: clearbrowser.exe, 00000012.00000003.2493906597.00003C2C00977000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en-GBd
Source: clearbrowser.exe, 00000012.00000003.2513894396.00003C2C005D4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2540335336.00003C2C00D68000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2508117403.00003C2C00D60000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2508271151.00003C2C00CE4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2523033683.00003C2C00D90000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2540932684.00003C2C00D88000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2503959214.00003C2C00D60000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2542590763.00003C2C00D8C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2508375356.00003C2C00D88000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2525108481.00003C2C007E4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2514160326.00003C2C007E4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2504032832.00003C2C00D68000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2516215728.00003C2C00D68000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2528435246.00003C2C00D60000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2529299572.00003C2C00D68000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2508196408.00003C2C00D68000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2542869038.00003C2C00CE8000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2542697033.00003C2C00B98000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2507250120.00003C2C005D4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2522931019.00003C2C00D8C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2503840334.00003C2C005D4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstoreKCDiscover
Source: clearbrowser.exe, 0000001C.00000002.2597861425.0000020400258000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstorehttps://chromewebstore.google.com/6EAED1924DB611B6EEF2A664BD077BE7
Source: clearbrowser.exe, 0000001C.00000002.2577310758.0000015EC3FE0000.00000002.00000001.00040000.00000020.sdmp	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled
Source: clearbrowser.exe, 0000001C.00000002.2577310758.0000015EC3FE0000.00000002.00000001.00040000.00000020.sdmp	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
Source: clearbrowser.exe, 0000001C.00000002.2577310758.0000015EC3FE0000.00000002.00000001.00040000.00000020.sdmp	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
Source: clearbrowser.exe, 0000001C.00000002.2577310758.0000015EC3FE0000.00000002.00000001.00040000.00000020.sdmp	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist
Source: clearbrowser.exe, 0000001C.00000002.2577310758.0000015EC3FE0000.00000002.00000001.00040000.00000020.sdmp	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
Source: clearbrowser.exe, 0000001C.00000002.2577310758.0000015EC3FE0000.00000002.00000001.00040000.00000020.sdmp	String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist
Source: clearbrowser.exe, 00000012.00000003.2484099352.00003C2C0020C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: clearbrowser.exe, 00000012.00000003.2484099352.00003C2C0020C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: clearbrowser.exe, 0000001C.00000002.2577310758.0000015EC3FE0000.00000002.00000001.00040000.00000020.sdmp	String found in binary or memory: https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22
Source: clearbrowser.exe, 0000001C.00000002.2597861425.0000020400258000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromewebstore.google.com/
Source: Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1288548533.0000000002530000.00000004.00001000.00020000.00000000.sdmp, Clear-TemplateSearch.b5003.SK048.ed.tmp, 00000002.00000003.1292998904.0000000003480000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://clearbar.app(https://clearbar.app(https://clearbar.app
Source: 7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2100852873.00000000013E7000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://clearbar.app/
Source: 7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2100852873.00000000013E7000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://clearbar.app/?
Source: 7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2100852873.00000000013E7000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://clearbar.app/privacy-policy/
Source: 7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2100852873.00000000013E7000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://clearbar.app/privacy-policy/?
Source: 7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://clearbar.app/rd2/?id=102941Ly9hcmNhZGV0YWIuY29t&guid=
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://clearbar.app/rd2/?id=175902Ly9hcmNhZGV0YWIuY29t&guid=
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://clearbar.app/rd2/?id=195104Ly9hcmNhZGV0YWIuY29t&guid=
Source: 7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://clearbar.app/rd2/?id=239196Ly9hcmNhZGV0YWIuY29t&guid=
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://clearbar.app/rd2/?id=273811Ly9hcmNhZGV0YWIuY29t&guid=
Source: 7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://clearbar.app/rd2/?id=286375Ly9hcmNhZGV0YWIuY29t&guid=
Source: 7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://clearbar.app/rd2/?id=374553Ly9hcmNhZGV0YWIuY29t&guid=
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://clearbar.app/rd2/?id=382844Ly9hcmNhZGV0YWIuY29t&guid=
Source: 7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://clearbar.app/rd2/?id=401560Ly9hcmNhZGV0YWIuY29t&guid=
Source: 7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://clearbar.app/rd2/?id=701Ly9hcmNhZGV0YWIuY29t&guid=
Source: 7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://clearbar.app/rd2/?id=7527Ly9hcmNhZGV0YWIuY29t&guid=
Source: 7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2100852873.00000000013E7000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://clearbar.app/terms-of-service/
Source: 7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2100852873.00000000013E7000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://clearbar.app/terms-of-service/?
Source: Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://clearbar.app/updates/clearbar_updates.json?guid=
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://clearbar.app1
Source: clearbrowser.exe, 0000001C.00000002.2597590807.0000020400244000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1288548533.0000000002530000.00000004.00001000.00020000.00000000.sdmp, Clear-TemplateSearch.b5003.SK048.ed.tmp, 00000002.00000003.1292998904.0000000003480000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cloudfront.clearbar.app/binaries/1.1.3.0/clear.7z
Source: Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1288548533.0000000002530000.00000004.00001000.00020000.00000000.sdmp, Clear-TemplateSearch.b5003.SK048.ed.tmp, 00000002.00000003.1292998904.0000000003480000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cloudfront.clearbar.app/binaries/1.1.3.0/clearbrowser.7z
Source: Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1288548533.0000000002530000.00000004.00001000.00020000.00000000.sdmp, Clear-TemplateSearch.b5003.SK048.ed.tmp, 00000002.00000003.1292998904.0000000003480000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cloudfront.clearbar.app/binaries/tutorials/%s.7z
Source: 7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://cloudfront.clearbar.app/extensions/adshield-v1090.xml
Source: 7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://cloudfront.clearbar.app/extensions/newtab-mv3-20220908.xml
Source: 7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://cloudfront.clearbar.app/extensions/newtab-ntlayout-20211214.xml
Source: 7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://cloudfront.clearbar.app/extensions/newtab-yahoo-20210224.xml
Source: 7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://cloudfront.clearbar.app/extensions/newtab-yahoo-20220131.xml
Source: clearbrowser.exe, 0000001C.00000003.2510513771.0000290000150000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000002.2610203411.000029000004C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cloudfront.clearbar.app/extensions/staging/clearcore-v1070.xml
Source: clearbrowser.exe, 0000001A.00000003.2504512695.0000180C00150000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000002.2610203411.000029000004C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cloudfront.clearbar.app/extensions/staging/easyprint-v1056.xml
Source: clearbrowser.exe, 0000001A.00000003.2504512695.0000180C00150000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000002.2609810289.0000290000028000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000002.2610203411.000029000004C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cloudfront.clearbar.app/extensions/staging/newtab-mv3-v1056.xml
Source: clearbrowser.exe, 0000001A.00000003.2504512695.0000180C00150000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000002.2610203411.000029000004C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cloudfront.clearbar.app/extensions/staging/zoomtool-v1056.xml
Source: clearbrowser.exe, 0000001C.00000002.2610203411.000029000004C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://cloudfront.clearbar.app/extensions/staging/zoomtool-v1056.xmlscript-src
Source: 7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://cloudfront.clearbar.app/extensions/ycontent-mv3.xml
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://cloudfront.clearbar.app/profiles/common.json=https://clearbar.app/profiles/ehttps://clearbar
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=286360
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://code.google.com/p/v8/issues/detail?id=687
Source: clearbrowser.exe, 00000012.00000000.2470045911.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000013.00000000.2473734042.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000017.00000002.2533596210.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000017.00000000.2484249021.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000018.00000000.2488829459.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000019.00000000.2493953464.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 0000001A.00000000.2497102026.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 0000001C.00000000.2501592584.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: https://crashpad.chromium.org/
Source: clearbrowser.exe, 00000012.00000000.2470045911.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000013.00000000.2473734042.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000017.00000002.2533596210.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000017.00000000.2484249021.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000018.00000000.2488829459.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000019.00000000.2493953464.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 0000001A.00000000.2497102026.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 0000001C.00000000.2501592584.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: https://crashpad.chromium.org/bug/new
Source: clearbrowser.exe, 00000012.00000000.2470045911.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000013.00000000.2473734042.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000017.00000002.2533596210.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000017.00000000.2484249021.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000018.00000000.2488829459.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000019.00000000.2493953464.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 0000001A.00000000.2497102026.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 0000001C.00000000.2501592584.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: clearbrowser.exe, 0000001A.00000003.2586334170.0000180C012FC000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2506410407.0000180C00348000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2519441434.0000180C005B0000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2513071281.0000180C00C8C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2505893270.0000180C005B0000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2513408195.0000180C00CB4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2511093714.0000180C010D4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2521348250.0000180C009A4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2590957361.0000180C0064C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2518984899.0000180C00388000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2510572267.0000180C0064C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2515405893.0000180C0064C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2590553519.0000180C0154C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2505086561.0000180C0064C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2505307176.0000180C0088C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2505086561.0000180C0060C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2517847312.0000180C0080C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2523515649.0000180C00C8C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2511882329.0000180C0080C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2584636838.0000180C012FC000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2510388206.0000180C007A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/740629)
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://css-tricks.com/debouncing-throttling-explained-examples/)
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/URL/createObjectURL
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/URL/revokeObjectURL
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://earth.google.com/web
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://flow.org/blog/2017/05/07/Strict-Function-Call-Arity/).
Source: clearbrowser.exe, 0000001A.00000003.2504222722.0000180C002F0000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2503912412.0000180C002E4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2503736154.0000180C00144000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2503665134.0000180C00170000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000003.2509598278.00002900002E4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000003.2508452878.0000290000170000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000003.2510021199.00002900002F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://fullscreen.spec.whatwg.org/#user-agent-level-style-sheet-defaults:
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/bestiejs/punycode.js/blob/master/punycode.js
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f8
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/es-shims/es5-shim/issues/150
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/flow/issues/285
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/facebook/regenerator/issues/274
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/kitcambridge/es5-shim/commit/4f738ac066346
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mathiasbynens/String.prototype.at
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla/rhino/issues/346
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/paldepind/snabbdom/blob/master/LICENSE
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sdecima/javascript-detect-element-resize
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tc39/proposal-Symbol-description
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tc39/proposal-array-filtering
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/vuejs/vue-class-component/blob/master/src/reflect.ts
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/vuejs/vue-router/issues/2341
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/vuejs/vue-router/issues/2639
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/vuejs/vue-router/issues/3201
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/vuejs/vue-router/issues/3225
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/vuejs/vue-router/issues/3294
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/vuejs/vue-router/issues/3331
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/vuejs/vue-router/pull/3047
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/vuejs/vuex/issues/1505
Source: clearbrowser.exe, 0000001A.00000003.2504222722.0000180C002F0000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2503912412.0000180C002E4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2503736154.0000180C00144000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2503665134.0000180C00170000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000003.2509598278.00002900002E4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000003.2508452878.0000290000170000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000003.2510021199.00002900002F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/csswg-drafts/issues/6939#issuecomment-1016679588
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zloirock/core-js/issues/173
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zloirock/core-js/issues/306
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zloirock/core-js/issues/339
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zloirock/core-js/issues/475
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zloirock/core-js/issues/624
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zloirock/core-js/issues/640
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zloirock/core-js/issues/674
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zloirock/core-js/issues/677
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zloirock/core-js/issues/679
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zloirock/core-js/issues/86#issuecomment-115759028
Source: clearbrowser.exe, 0000001C.00000002.2543488016.0000015EC2DB0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
Source: clearbrowser.exe, 00000017.00000002.2498110098.0000027B3FC30000.00000002.10000000.00040000.00000000.sdmp, clearbrowser.exe, 0000001C.00000002.2543488016.0000015EC2DB0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/P
Source: clearbrowser.exe, 00000017.00000002.2498110098.0000027B3FC30000.00000002.10000000.00040000.00000000.sdmp, clearbrowser.exe, 0000001C.00000002.2543488016.0000015EC2DB0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/Pi
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://google.com
Source: clearbrowser.exe, 0000001A.00000003.2504222722.0000180C002F0000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2503912412.0000180C002E4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2503736154.0000180C00144000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2503665134.0000180C00170000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000003.2509598278.00002900002E4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000003.2508452878.0000290000170000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000003.2510021199.00002900002F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/C/#the-details-and-summary-elements
Source: clearbrowser.exe, 0000001A.00000003.2504222722.0000180C002F0000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2503912412.0000180C002E4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2503736154.0000180C00144000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2503665134.0000180C00170000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000003.2509598278.00002900002E4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000003.2508452878.0000290000170000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000003.2510021199.00002900002F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/rendering.html#flow-content-3
Source: clearbrowser.exe, 0000001A.00000003.2504222722.0000180C002F0000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2503912412.0000180C002E4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2503736154.0000180C00144000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2503665134.0000180C00170000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000003.2509598278.00002900002E4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000003.2508452878.0000290000170000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000003.2510021199.00002900002F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/rendering.html#hidden-elements
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://instagram.com
Source: Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://ip2.clearbar.app/?token=8765FRCfs
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jquery.org/
Source: Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000000.1288116601.0000000000401000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: clearbrowser.exe, 00000017.00000002.2498110098.0000027B3FC30000.00000002.10000000.00040000.00000000.sdmp, clearbrowser.exe, 0000001C.00000002.2543488016.0000015EC2DB0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://lodash.com/
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://lodash.com/license
Source: clearbrowser.exe, 00000012.00000003.2484099352.00003C2C0020C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://maps.google.com
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mathiasbynens.be/notes/javascript-unicode).
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2480593919.00007DE800308000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2481573097.00003C2C001B0000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2481174384.00003C2C0016C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2481203481.00003C2C00178000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2481264792.00003C2C001A4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://meta.clearbar.app/sug/?s=
Source: clearbrowser.exe, 0000001C.00000002.2577310758.0000015EC3FE0000.00000002.00000001.00040000.00000020.sdmp	String found in binary or memory: https://myactivity.google.com/
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://news.yahoo.com/finding-safe-haven-in-the-climate-change-future-the-southwest-100032145.html?
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://openweathermap.org/img/wn/
Source: clearbrowser.exe, 0000001C.00000002.2577310758.0000015EC3FE0000.00000002.00000001.00040000.00000020.sdmp	String found in binary or memory: https://passwords.google.comSaved
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/N21QzeQA)
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pdf-services.clearbar.app/api/v1/auth/handoff
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pdf.live/
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://people.mozilla.org/~jorendorff/es6-draft.html#sec-generatorresume
Source: clearbrowser.exe, 0000001C.00000002.2577310758.0000015EC3FE0000.00000002.00000001.00040000.00000020.sdmp	String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: clearbrowser.exe, 0000001C.00000002.2577310758.0000015EC3FE0000.00000002.00000001.00040000.00000020.sdmp	String found in binary or memory: https://policies.google.com/
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://poshmark.com/bundles/shop
Source: clearbrowser.exe, 00000017.00000002.2498110098.0000027B3FC30000.00000002.10000000.00040000.00000000.sdmp, clearbrowser.exe, 0000001C.00000002.2543488016.0000015EC2DB0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
Source: clearbrowser.exe, 00000017.00000002.2498110098.0000027B3FC30000.00000002.10000000.00040000.00000000.sdmp, clearbrowser.exe, 0000001C.00000002.2543488016.0000015EC2DB0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
Source: clearbrowser.exe, 0000001C.00000002.2543488016.0000015EC2DB0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://s.easyrecipessearch-serp.com/public/home.html
Source: clearbrowser.exe, 00000012.00000003.2506430531.00003C2C002CC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://samples.openweathermap.org/data/2.5/forecast/daily?id=524901&appid=b1b15e88fa797225412429c1c
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://search.clearbar.app/crx/search.php?guid=
Source: clearbrowser.exe, 00000012.00000003.2480593919.00007DE800308000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2481573097.00003C2C001B0000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2481203481.00003C2C00178000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2481264792.00003C2C001A4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://search.clearbar.app/crx/search.php?guid=173f77d4-1d21-45bb-8074-7fb83cfed713&q=
Source: Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://search.freshy.com/y-feeds/news/v1/topNews?length=-1
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com?fr=tightropetb&type=11745
Source: 7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://something.com
Source: clearbrowser.exe, 00000012.00000003.2524815657.00003C2C0088C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/questions/6024666/getting-ie-to-replace-a-regex-with-the-literal-string-0
Source: 7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://staging.newtab.ext.services/223/default/index.html?guid=
Source: 7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://staging.newtab.ext.services/223/staging-new/index.html?guid=
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/cart/
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://store.usps.com/store/cart/cart.jsp
Source: clearbrowser.exe, 0000001C.00000002.2577310758.0000015EC3FE0000.00000002.00000001.00040000.00000020.sdmp	String found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: clearbrowser.exe, 0000001C.00000002.2577310758.0000015EC3FE0000.00000002.00000001.00040000.00000020.sdmp	String found in binary or memory: https://support.google.com/chromebook?p=app_intent
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://system.data.sqlite.org/
Source: 7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://tab.clearbar.app/223/clear/index.html?guid=
Source: clearbrowser.exe, 00000012.00000003.2480593919.00007DE800308000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2506430531.00003C2C002CC000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2481573097.00003C2C001B0000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2481174384.00003C2C0016C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2481203481.00003C2C00178000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2481264792.00003C2C001A4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tab.clearbar.app/223/clear/index.html?guid=173f77d4-1d21-45bb-8074-7fb83cfed713
Source: 7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://tab.clearbar.app/223/edge/index.html?guid=
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tab.clearbar.app/223/main/index.html?guid=
Source: 7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://tab.clearbar.app/223/templates/index.html?guid=
Source: Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://tab.weathertab-site.info/85/clear/index.html?guid=
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-%arrayiteratorprototype%.next
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-%stringiteratorprototype%.next
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-advancestringindex
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-array.from
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-array.prototype-
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-array.prototype.concat
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-array.prototype.entries
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-array.prototype.every
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-array.prototype.filter
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-array.prototype.find
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-array.prototype.findIndex
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-array.prototype.findindex
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-array.prototype.foreach
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-array.prototype.includes
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-array.prototype.indexof
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-array.prototype.join
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-array.prototype.keys
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-array.prototype.map
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-array.prototype.reduce
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-array.prototype.reduceright
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-array.prototype.slice
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-array.prototype.some
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-array.prototype.splice
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-array.prototype.values
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-arrayspeciescreate
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-createarrayiterator
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-createmappedargumentsobject
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-createunmappedargumentsobject
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-function-instances-name
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-get-regexp.prototype.flags
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-getsubstitution
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-isarray
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-isregexp
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-json.stringify
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-number-constructor
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-number.isnan
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.assign
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.create
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.defineproperties
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.defineproperty
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.entries
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.getownpropertydescriptor
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.getownpropertydescriptors
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.getownpropertynames
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.getownpropertysymbols
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.getprototypeof
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.keys
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.propertyisenumerable
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.setprototypeof
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.values
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-promise.all
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-promise.prototype.catch
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-promise.prototype.finally
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-promise.prototype.then
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-promise.race
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-promise.reject
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-promise.resolve
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-regexp.prototype-
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-regexp.prototype.tostring
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-regexpexec
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-requireobjectcoercible
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-speciesconstructor
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-string.prototype-
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-string.prototype.codepointat
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-string.prototype.includes
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-string.prototype.replace
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-string.prototype.split
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-string.prototype.trim
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-string.prototype.trimend
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-string.prototype.trimstart
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-symbol-constructor
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-symbol.for
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-symbol.iterator
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-symbol.keyfor
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-symbol.prototype-
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-symbol.prototype.description
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-tointeger
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-tolength
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-tonumber
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-toobject
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-toprimitive
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://twitter.com
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#URL-stringification-behavior
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#dom-url-hash
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#dom-url-host
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#dom-url-hostname
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#dom-url-href
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#dom-url-origin
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#dom-url-password
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#dom-url-pathname
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#dom-url-port
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#dom-url-protocol
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#dom-url-search
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#dom-url-searchparams
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#dom-url-tojson
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#dom-url-username
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#dom-urlsearchparams-append
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#dom-urlsearchparams-delete
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#dom-urlsearchparams-get
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#dom-urlsearchparams-getall
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#dom-urlsearchparams-has
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#dom-urlsearchparams-set
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#dom-urlsearchparams-sort
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#interface-urlsearchparams
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#url-class
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://us.search.yahoo.com/sugg/gossip/gossip-us-partner?output=jsonp&appid=tig&command=
Source: clearbrowser.exe, 0000001A.00000003.2586334170.0000180C012FC000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2506410407.0000180C00348000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2519441434.0000180C005B0000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2513071281.0000180C00C8C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2505893270.0000180C005B0000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2513408195.0000180C00CB4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2511093714.0000180C010D4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2521348250.0000180C009A4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2590957361.0000180C0064C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2518984899.0000180C00388000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2510572267.0000180C0064C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2585883712.0000180C014AC000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2515405893.0000180C0064C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2590553519.0000180C0154C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2505086561.0000180C0064C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2505307176.0000180C0088C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2510039344.0000180C00AEC000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2505086561.0000180C0060C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2517847312.0000180C0080C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2584636838.0000180C0125C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2523515649.0000180C00C8C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/gamepad/#remapping
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://weather-services.clearbar-api.app/api/get.php?action=onecall&type=cord
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://wikipedia.com
Source: clearbrowser.exe, 00000012.00000003.2524815657.00003C2C0088C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com
Source: Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1288548533.0000000002530000.00000004.00001000.00020000.00000000.sdmp, Clear-TemplateSearch.b5003.SK048.ed.tmp, 00000002.00000003.1292998904.0000000003480000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google-analytics.com/collect
Source: clearbrowser.exe, 00000012.00000003.2524815657.00003C2C0088C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: clearbrowser.exe, 0000001C.00000002.2543488016.0000015EC2DB0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: clearbrowser.exe, 0000001C.00000002.2577310758.0000015EC3FE0000.00000002.00000001.00040000.00000020.sdmp	String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlManaged
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/images/branding/googleg/1x/googleg_standard_color_128dp.png
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://www.google.com/maps/dir/?api=1
Source: clearbrowser.exe, 00000012.00000003.2524815657.00003C2C0088C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
Source: clearbrowser.exe, 00000012.00000003.2524815657.00003C2C0088C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: clearbrowser.exe, 00000012.00000003.2524815657.00003C2C0088C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.guitarcenter.com/cart
Source: Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1289586745.0000000002530000.00000004.00001000.00020000.00000000.sdmp, Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1290014289.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, Clear-TemplateSearch.b5003.SK048.ed.tmp, 00000002.00000000.1291631926.0000000000401000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: https://www.innosetup.com/
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.petsmart.com/cart/
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.pier1.com/cart
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.pokemoncenter.com/cart
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.potterybarn.com/shoppingcart/
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.qvc.com/checkout/cart.html
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.redbubble.com/cart
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.rei.com/ShoppingCart
Source: Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1289586745.0000000002530000.00000004.00001000.00020000.00000000.sdmp, Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1290014289.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, Clear-TemplateSearch.b5003.SK048.ed.tmp, 00000002.00000000.1291631926.0000000000401000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: https://www.remobjects.com/ps
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.revolve.com/r/ShoppingBag.jsp
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.rockauto.com/en/cart/
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.saksfifthavenue.com/cart
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.samsclub.com/cart
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.sephora.com/basket
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.shutterfly.com/cart/
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.sqlite.org/copyright.html2
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.staples.com/cc/mmx/cart
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.sweetwater.com/store/cart.php
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.talbots.com/cart
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.target.com/cart
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.teacherspayteachers.com/Cart
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.therealreal.com/cart
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.tractorsupply.com/TSCShoppingCartView
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ulta.com/bag
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.underarmour.com/en-us/cart
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.urbanoutfitters.com/cart
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.vitalsource.com/cart
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.walgreens.com/cart/view-ui
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.walmart.com/cart
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.wayfair.com/v/checkout/basket/show
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.weightwatchers.com/us/shop/checkout/cart
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.westelm.com/shoppingcart/
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.wiley.com/en-us/cart
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.williams-sonoma.com/shoppingcart/
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.wish.com/cart
Source: 7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.yahoo.com/news/weather?fr=trp&type=Y223_F1_203061_
Source: clearbrowser.exe, 0000001C.00000002.2543488016.0000015EC2DB0000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.zappos.com/cart
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.zazzle.com/co/cart
Source: clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.zennioptical.com/shoppingCart
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: https://youtube.com

Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe

Code function: 9_2_00818191: DeviceIoControl,GetModuleHandleW,GetProcAddress,GetDiskFreeSpaceW,

9_2_00818191

Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_0084987F	9_2_0084987F
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_00852063	9_2_00852063
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_0082E1C2	9_2_0082E1C2
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_008742E0	9_2_008742E0
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_00860610	9_2_00860610
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_00818667	9_2_00818667
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_0086A8C0	9_2_0086A8C0
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_00866936	9_2_00866936
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_0086ABE0	9_2_0086ABE0
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_0086EC30	9_2_0086EC30
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_00814C7B	9_2_00814C7B
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_00872D40	9_2_00872D40
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_00868E80	9_2_00868E80
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_00868F00	9_2_00868F00
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_00860F40	9_2_00860F40
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_0086D0F0	9_2_0086D0F0
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_0086B000	9_2_0086B000
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_00855027	9_2_00855027
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_00861050	9_2_00861050
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_00867070	9_2_00867070
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_0085F150	9_2_0085F150
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_0085B4C0	9_2_0085B4C0
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_00811553	9_2_00811553
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_00875623	9_2_00875623
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_008757B1	9_2_008757B1
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_0087588B	9_2_0087588B
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_00811945	9_2_00811945
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_00875971	9_2_00875971
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_0083BA1C	9_2_0083BA1C
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_0086DCB0	9_2_0086DCB0
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_00869C17	9_2_00869C17
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_00869C19	9_2_00869C19
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_0086FC30	9_2_0086FC30
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_00873C30	9_2_00873C30
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_0082BD97	9_2_0082BD97
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_00873DF0	9_2_00873DF0
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_00869F58	9_2_00869F58
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Code function: 23_2_00007FF7FD58B180	23_2_00007FF7FD58B180
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Code function: 23_2_00007FF7FD583F90	23_2_00007FF7FD583F90
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Code function: 23_2_00007FF7FD58275E	23_2_00007FF7FD58275E
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Code function: 23_2_00007FF7FD585C60	23_2_00007FF7FD585C60
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Code function: 23_2_00007FF7FD581760	23_2_00007FF7FD581760
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Code function: 23_2_00007FF7FD583260	23_2_00007FF7FD583260
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Code function: 23_2_00007FF7FD583B60	23_2_00007FF7FD583B60
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Code function: 23_2_00007FF7FD58A820	23_2_00007FF7FD58A820
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Code function: 23_2_00007FF7FD58BE32	23_2_00007FF7FD58BE32
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Code function: 23_2_00007FF7FD58BF00	23_2_00007FF7FD58BF00
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Code function: 23_2_00007FF7FD583A00	23_2_00007FF7FD583A00
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Code function: 23_2_00007FF7FD58AAE0	23_2_00007FF7FD58AAE0
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Code function: 23_2_00007FF7FD583DF0	23_2_00007FF7FD583DF0
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Code function: 23_2_00007FF7FD58BBC0	23_2_00007FF7FD58BBC0
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Code function: 33_2_00007FF7FD58B180	33_2_00007FF7FD58B180
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Code function: 33_2_00007FF7FD583F90	33_2_00007FF7FD583F90
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Code function: 33_2_00007FF7FD58275E	33_2_00007FF7FD58275E
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Code function: 33_2_00007FF7FD585C60	33_2_00007FF7FD585C60
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Code function: 33_2_00007FF7FD581760	33_2_00007FF7FD581760
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Code function: 33_2_00007FF7FD583260	33_2_00007FF7FD583260
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Code function: 33_2_00007FF7FD583B60	33_2_00007FF7FD583B60
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Code function: 33_2_00007FF7FD58A820	33_2_00007FF7FD58A820
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Code function: 33_2_00007FF7FD58BE32	33_2_00007FF7FD58BE32
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Code function: 33_2_00007FF7FD58BF00	33_2_00007FF7FD58BF00
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Code function: 33_2_00007FF7FD583A00	33_2_00007FF7FD583A00
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Code function: 33_2_00007FF7FD58AAE0	33_2_00007FF7FD58AAE0
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Code function: 33_2_00007FF7FD583DF0	33_2_00007FF7FD583DF0
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Code function: 33_2_00007FF7FD58BBC0	33_2_00007FF7FD58BBC0

Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe

Process token adjusted: Security

Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: String function: 00874F50 appears 519 times
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: String function: 00811C86 appears 160 times

Source: Clear-TemplateSearch.b5003.SK048.ed.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-KSDTH.tmp.2.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows

Source: is-4C1O9.tmp.2.dr	Static PE information: Number of sections : 15 > 10
Source: is-OVDJG.tmp.2.dr	Static PE information: Number of sections : 11 > 10
Source: is-7DLNC.tmp.2.dr	Static PE information: Number of sections : 11 > 10
Source: is-9V0UG.tmp.2.dr	Static PE information: Number of sections : 11 > 10
Source: is-RVMTK.tmp.2.dr	Static PE information: Number of sections : 13 > 10
Source: is-63952.tmp.2.dr	Static PE information: Number of sections : 12 > 10
Source: is-9R8D9.tmp.2.dr	Static PE information: Number of sections : 12 > 10
Source: is-LI5F9.tmp.2.dr	Static PE information: Number of sections : 11 > 10
Source: is-U1PHM.tmp.2.dr	Static PE information: Number of sections : 12 > 10

Source: Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1290014289.000000007FE25000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs Clear-TemplateSearch.b5003.SK048.ed.exe
Source: Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1289586745.0000000002619000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs Clear-TemplateSearch.b5003.SK048.ed.exe
Source: Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000000.1288238004.00000000004C6000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFileName vs Clear-TemplateSearch.b5003.SK048.ed.exe

Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe

Registry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\118.0.1 (x64 en-US)\Main Install Directory

Source: Clear-TemplateSearch.b5003.SK048.ed.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: classification engine

Classification label: sus30.spyw.evad.winEXE@69/1595@0/15

Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_00818252 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,FindCloseChangeNotification,		9_2_00818252
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_00825A91 __EH_prolog,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		9_2_00825A91

Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe

Code function: 9_2_00818191 DeviceIoControl,GetModuleHandleW,GetProcAddress,GetDiskFreeSpaceW,

9_2_00818191

Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:712:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Mutant created: \Sessions\1\BaseNamedObjects\Global\ClearbarInstallationMutex
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Mutant created: \Sessions\1\BaseNamedObjects\com.clear.application
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\ChromeProcessSingletonStartup!
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8168:120:WilError_03

Source: C:\Users\user\Desktop\Clear-TemplateSearch.b5003.SK048.ed.exe

File created: C:\Users\user~1\AppData\Local\Temp\is-P0J9K.tmp

Jump to behavior

Source: C:\Users\user\Desktop\Clear-TemplateSearch.b5003.SK048.ed.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\Clear-TemplateSearch.b5003.SK048.ed.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor

Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Clear-TemplateSearch.b5003.SK048.ed.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	Binary or memory string: insert into top_sites (url, title, url_rank) values ('{0}','{1}',{2});
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);

Source: Clear-TemplateSearch.b5003.SK048.ed.exe

ReversingLabs: Detection: 33%

Source: C:\Users\user\Desktop\Clear-TemplateSearch.b5003.SK048.ed.exe

File read: C:\Users\user\Desktop\Clear-TemplateSearch.b5003.SK048.ed.exe

Jump to behavior

Source: C:\Users\user\Desktop\Clear-TemplateSearch.b5003.SK048.ed.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Clear-TemplateSearch.b5003.SK048.ed.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Clear-TemplateSearch.b5003.SK048.ed.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Clear-TemplateSearch.b5003.SK048.ed.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Clear-TemplateSearch.b5003.SK048.ed.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: msiso.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: mshtml.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: jscript9.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: msimtf.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: windowscodecsext.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: msxml6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: msvcp140_clr0400.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: d3d9.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: rasman.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: scrrun.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: taskschd.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ieframe.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: dsreg.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: twinapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: windows.ui.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: inputhost.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: mmdevapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: devobj.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: mdmregistration.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: mdmregistration.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: omadmapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: dmcmnutils.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: iri.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: mscms.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: coloradapterclient.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: wpnapps.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: rmclient.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: usermgrcli.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: windows.media.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: firewallapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: fwbase.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: wlanapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: atlthunk.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: directmanipulation.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: wlanapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: pcpksp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: tbs.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: ncryptprov.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: msvcp140_clr0400.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: d3d9.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: windows.applicationmodel.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: thumbcache.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: policymanager.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: wpnapps.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: rmclient.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: usermgrcli.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: rasman.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ieframe.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: msvcp140_clr0400.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: d3d9.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: rasman.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ieframe.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: msvcp140_clr0400.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: d3d9.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ieframe.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: rasman.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: d3dcompiler_47.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: d3dcompiler_47.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Section loaded: dhcpcsvc.dll

Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp

Window found: window name: TMainForm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\explorer.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Access\Capabilities\UrlAssociations

Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D5806CCB-8635-4E7A-94FC-BF2723167477}_is1

Jump to behavior

Source: Clear-TemplateSearch.b5003.SK048.ed.exe

Static PE information: certificate valid

Source: Clear-TemplateSearch.b5003.SK048.ed.exe

Static file information: File size 4915184 > 1048576

Source: Clear-TemplateSearch.b5003.SK048.ed.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\gitlab-runner\builds\tb72VnLq\0\extension-prototypes\launchwebbar\WpfAppBar\obj\Release\WpfAppBar.pdb4UNU @U_CorDllMainmscoree.dll source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin\obj\Windows_NT.AnyCPU.Release\System.Runtime.InteropServices.RuntimeInformation\net462\System.Runtime.InteropServices.RuntimeInformation.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\gitlab-runner\builds\tb72VnLq\0\extension-prototypes\launchwebbar\obj\Release\Clear.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2100852873.00000000013E7000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.00000274571D9000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.ObjectModel\4.0.11.0\System.ObjectModel.pdbX+r+ d+_CorDllMainmscoree.dll source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Reader\4.0.2.0\System.Resources.Reader.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection.Primitives\4.0.1.0\System.Reflection.Primitives.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.NameResolution\4.0.2.0\System.Net.NameResolution.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\gitlab-runner\builds\tb72VnLq\0\extension-prototypes\launchwebbar\WpfAppBar\obj\Release\WpfAppBar.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection\4.1.2.0\System.Reflection.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.InteropServices\4.1.2.0\System.Runtime.InteropServices.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem\4.0.3.0\System.IO.FileSystem.pdb8)R) D)_CorDllMainmscoree.dll source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.Encoding\4.0.2.0\System.Security.Cryptography.Encoding.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin\obj\Windows_NT.AnyCPU.Release\System.Net.Http\netfx\System.Net.Http.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.ResourceManager\4.0.1.0\System.Resources.ResourceManager.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO\4.1.2.0\System.IO.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.Csp\4.0.2.0\System.Security.Cryptography.Csp.pdb4)N) @)_CorDllMainmscoree.dll source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Linq\4.1.2.0\System.Linq.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\s\GitHub\WpfScreenHelper\src\WpfScreenHelper\obj\Release\net40\WpfScreenHelper.pdbSHA256S source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: kernel32.pdb source: clearbrowser.exe, 00000017.00000002.2527020624.000052F400018000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: chrome.dll.pdb source: clearbrowser.exe, 00000017.00000002.2527020624.000052F400018000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Drawing.Primitives\4.0.2.0\System.Drawing.Primitives.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem.DriveInfo\4.0.2.0\System.IO.FileSystem.DriveInfo.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.Pipes\4.0.2.0\System.IO.Pipes.pdbh) source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Writer\4.0.2.0\System.Resources.Writer.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Security\4.0.2.0\System.Net.Security.pdbTn `*_CorDllMainmscoree.dll source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.ThreadPool\4.0.12.0\System.Threading.ThreadPool.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: OTE:\A\_work\582\s\bin\obj\ref\System.Globalization.Calendars\4.0.3.0\System.Globalization.Calendars.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection.Primitives\4.0.1.0\System.Reflection.Primitives.pdb$> 0*_CorDllMainmscoree.dll source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.UnmanagedMemoryStream\4.0.3.0\System.IO.UnmanagedMemoryStream.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Threading.Overlapped/netfx\System.Threading.Overlapped.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Runtime.Serialization.Xml/netfx\System.Runtime.Serialization.Xml.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.Timer\4.0.1.0\System.Threading.Timer.pdbt( source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Globalization\4.0.11.0\System.Globalization.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XmlSerializer\4.0.11.0\System.Xml.XmlSerializer.pdbt+ source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.NameResolution\4.0.2.0\System.Net.NameResolution.pdb\|( source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.Timer\4.0.1.0\System.Threading.Timer.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Linq.Parallel\4.0.1.0\System.Linq.Parallel.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdbBSJB source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Security.Cryptography.Algorithms/netfx\System.Security.Cryptography.Algorithms.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Security\4.0.2.0\System.Net.Security.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XPath\4.0.3.0\System.Xml.XPath.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.CompilerServices.VisualC\4.0.2.0\System.Runtime.CompilerServices.VisualC.pdb@Z L*_CorDllMainmscoree.dll source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Runtime.Serialization.Primitives/netfx\System.Runtime.Serialization.Primitives.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Numerics\4.0.1.0\System.Runtime.Numerics.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.IO.Compression/netfx\System.IO.Compression.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Principal\4.0.1.0\System.Security.Principal.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime\4.1.2.0\System.Runtime.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\dev\sqlite\dotnet-private\bin\2015\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin\obj\Windows_NT.AnyCPU.Release\System.Runtime.InteropServices.RuntimeInformation\net462\System.Runtime.InteropServices.RuntimeInformation.pdbxE source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Writer\4.0.2.0\System.Resources.Writer.pdbl( source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XmlSerializer\4.0.11.0\System.Xml.XmlSerializer.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection\4.1.2.0\System.Reflection.pdbH,b, T,_CorDllMainmscoree.dll source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Numerics\4.0.1.0\System.Runtime.Numerics.pdb\|( source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Handles\4.0.1.0\System.Runtime.Handles.pdb,)F) 8)_CorDllMainmscoree.dll source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Text.RegularExpressions\4.1.1.0\System.Text.RegularExpressions.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Ping\4.0.2.0\System.Net.Ping.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Reflection.Extensions\4.0.1.0\System.Reflection.Extensions.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\dev\sqlite\dotnet-private\bin\2015\Win32\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: kernelbase.pdb source: clearbrowser.exe, 00000017.00000002.2527020624.000052F400018000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\s\GitHub\WpfScreenHelper\src\WpfScreenHelper\obj\Release\net40\WpfScreenHelper.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.NetworkInformation\4.1.2.0\System.Net.NetworkInformation.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.Primitives\4.0.2.0\System.Security.Cryptography.Primitives.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.ObjectModel\4.0.11.0\System.ObjectModel.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Globalization.Extensions/netfx\System.Globalization.Extensions.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.CompilerServices.VisualC\4.0.2.0\System.Runtime.CompilerServices.VisualC.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Security.SecureString/netfx\System.Security.SecureString.pdbf) source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.InteropServices\4.1.2.0\System.Runtime.InteropServices.pdbH5b5 T5_CorDllMainmscoree.dll source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.Tasks\4.0.11.0\System.Threading.Tasks.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Serialization.Formatters\4.0.2.0\System.Runtime.Serialization.Formatters.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Reader\4.0.2.0\System.Resources.Reader.pdbl( source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.ReaderWriter\4.1.1.0\System.Xml.ReaderWriter.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.Tasks.Parallel\4.0.1.0\System.Threading.Tasks.Parallel.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.WebSockets.Client\4.0.2.0\System.Net.WebSockets.Client.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.IsolatedStorage\4.0.2.0\System.IO.IsolatedStorage.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Xml.XPath.XDocument/netfx\System.Xml.XPath.XDocument.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem\4.0.3.0\System.IO.FileSystem.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.X509Certificates\4.1.2.0\System.Security.Cryptography.X509Certificates.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Linq.Expressions\4.1.2.0\System.Linq.Expressions.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.Csp\4.0.2.0\System.Security.Cryptography.Csp.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Requests\4.0.11.0\System.Net.Requests.pdbX)r) d)_CorDllMainmscoree.dll source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Handles\4.0.1.0\System.Runtime.Handles.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Cryptography.Encoding\4.0.2.0\System.Security.Cryptography.Encoding.pdbT)n) `)_CorDllMainmscoree.dll source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netfx\System.Threading.Tasks.Extensions.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.Pipes\4.0.2.0\System.IO.Pipes.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Primitives\4.0.11.0\System.Net.Primitives.pdbH,b, T,_CorDllMainmscoree.dll source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Linq.Queryable\4.0.1.0\System.Linq.Queryable.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Security.SecureString/netfx\System.Security.SecureString.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Dynamic.Runtime\4.0.11.0\System.Dynamic.Runtime.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XDocument\4.0.11.0\System.Xml.XDocument.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading\4.0.11.0\System.Threading.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: hromium\src\out\Default\initialexe\chrome.exe.pdbR source: clearbrowser.exe, 00000017.00000003.2491877314.000052F400040000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.Compression.ZipFile\4.0.3.0\System.IO.Compression.ZipFile.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Xml.XmlDocument\4.0.3.0\System.Xml.XmlDocument.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Threading.Thread\4.0.2.0\System.Threading.Thread.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: me.exe.pdbut\Default\initialexe\chrome.exe.pdbbR source: clearbrowser.exe, 00000017.00000003.2491877314.000052F400040000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.WebHeaderCollection\4.0.1.0\System.Net.WebHeaderCollection.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Text.Encoding\4.0.11.0\System.Text.Encoding.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Security.Claims\4.0.3.0\System.Security.Claims.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Text.Encoding.Extensions\4.0.11.0\System.Text.Encoding.Extensions.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: X5WE:\A\_work\582\s\bin\obj\ref\System.IO.Compression.ZipFile\4.0.3.0\System.IO.Compression.ZipFile.pdb( source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: chrome.exe.pdb source: clearbrowser.exe, 00000017.00000002.2527020624.000052F400018000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netfx\System.ValueTuple.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem.Primitives\4.0.3.0\System.IO.FileSystem.Primitives.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.IO.Compression/netfx\System.IO.Compression.pdb]W source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Requests\4.0.11.0\System.Net.Requests.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Extensions\4.1.2.0\System.Runtime.Extensions.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\chromium\src\out\Default\initialexe\chrome.exe.pdb source: clearbrowser.exe, 00000012.00000000.2470045911.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000013.00000000.2473734042.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000017.00000002.2533596210.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000017.00000000.2484249021.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000018.00000000.2488829459.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000019.00000000.2493953464.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 0000001A.00000000.2497102026.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 0000001C.00000000.2501592584.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: ntdll.pdb source: clearbrowser.exe, 00000017.00000002.2527474192.000052F400034000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Net.Sockets/netfx\System.Net.Sockets.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.WebSockets\4.0.2.0\System.Net.WebSockets.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Serialization.Json\4.0.1.0\System.Runtime.Serialization.Json.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.MemoryMappedFiles\4.0.2.0\System.IO.MemoryMappedFiles.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Primitives\4.0.11.0\System.Net.Primitives.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.Globalization.Calendars\4.0.3.0\System.Globalization.Calendars.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem.Watcher\4.0.2.0\System.IO.FileSystem.Watcher.pdb source: 7zr.exe, 00000009.00000003.2104091144.0000000003B57000.00000004.00001000.00020000.00000000.sdmp

Source: is-KSNII.tmp.2.dr

Static PE information: 0xE6A8063F [Sun Aug 17 00:28:47 2092 UTC]

Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe

Code function: 9_2_00847352 GetCurrentProcess,GetProcessTimes,fputs,memset,GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetCurrentProcess,GetProcAddress,GetCurrentProcess,fputs,__aulldiv,fputs,

9_2_00847352

Source: Clear-TemplateSearch.b5003.SK048.ed.exe	Static PE information: section name: .didata
Source: Clear-TemplateSearch.b5003.SK048.ed.tmp.0.dr	Static PE information: section name: .didata
Source: 7zr.exe.2.dr	Static PE information: section name: .sxdata
Source: is-4C1O9.tmp.2.dr	Static PE information: section name: .00cfg
Source: is-4C1O9.tmp.2.dr	Static PE information: section name: .gxfg
Source: is-4C1O9.tmp.2.dr	Static PE information: section name: .retplne
Source: is-4C1O9.tmp.2.dr	Static PE information: section name: .rodata
Source: is-4C1O9.tmp.2.dr	Static PE information: section name: CPADinfo
Source: is-4C1O9.tmp.2.dr	Static PE information: section name: LZMADEC
Source: is-4C1O9.tmp.2.dr	Static PE information: section name: _RDATA
Source: is-4C1O9.tmp.2.dr	Static PE information: section name: malloc_h
Source: is-RVMTK.tmp.2.dr	Static PE information: section name: .00cfg
Source: is-RVMTK.tmp.2.dr	Static PE information: section name: .crthunk
Source: is-RVMTK.tmp.2.dr	Static PE information: section name: .gxfg
Source: is-RVMTK.tmp.2.dr	Static PE information: section name: .retplne
Source: is-RVMTK.tmp.2.dr	Static PE information: section name: CPADinfo
Source: is-RVMTK.tmp.2.dr	Static PE information: section name: _RDATA
Source: is-7DLNC.tmp.2.dr	Static PE information: section name: .00cfg
Source: is-7DLNC.tmp.2.dr	Static PE information: section name: .gxfg
Source: is-7DLNC.tmp.2.dr	Static PE information: section name: .retplne
Source: is-7DLNC.tmp.2.dr	Static PE information: section name: _RDATA
Source: is-9R8D9.tmp.2.dr	Static PE information: section name: .00cfg
Source: is-9R8D9.tmp.2.dr	Static PE information: section name: .gxfg
Source: is-9R8D9.tmp.2.dr	Static PE information: section name: .retplne
Source: is-9R8D9.tmp.2.dr	Static PE information: section name: LZMADEC
Source: is-9R8D9.tmp.2.dr	Static PE information: section name: _RDATA
Source: is-63952.tmp.2.dr	Static PE information: section name: .00cfg
Source: is-63952.tmp.2.dr	Static PE information: section name: .gxfg
Source: is-63952.tmp.2.dr	Static PE information: section name: .retplne
Source: is-63952.tmp.2.dr	Static PE information: section name: CPADinfo
Source: is-63952.tmp.2.dr	Static PE information: section name: _RDATA
Source: is-LI5F9.tmp.2.dr	Static PE information: section name: .00cfg
Source: is-LI5F9.tmp.2.dr	Static PE information: section name: .gxfg
Source: is-LI5F9.tmp.2.dr	Static PE information: section name: .retplne
Source: is-LI5F9.tmp.2.dr	Static PE information: section name: _RDATA
Source: is-OVDJG.tmp.2.dr	Static PE information: section name: .00cfg
Source: is-OVDJG.tmp.2.dr	Static PE information: section name: .gxfg
Source: is-OVDJG.tmp.2.dr	Static PE information: section name: .retplne
Source: is-OVDJG.tmp.2.dr	Static PE information: section name: _RDATA
Source: is-9V0UG.tmp.2.dr	Static PE information: section name: .00cfg
Source: is-9V0UG.tmp.2.dr	Static PE information: section name: .gxfg
Source: is-9V0UG.tmp.2.dr	Static PE information: section name: .retplne
Source: is-9V0UG.tmp.2.dr	Static PE information: section name: _RDATA
Source: is-U1PHM.tmp.2.dr	Static PE information: section name: .00cfg
Source: is-U1PHM.tmp.2.dr	Static PE information: section name: .gxfg
Source: is-U1PHM.tmp.2.dr	Static PE information: section name: .retplne
Source: is-U1PHM.tmp.2.dr	Static PE information: section name: CPADinfo
Source: is-U1PHM.tmp.2.dr	Static PE information: section name: _RDATA
Source: is-KSDTH.tmp.2.dr	Static PE information: section name: .didata

Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_3_0129B790 push edx; ret	9_3_0129B7FD
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_00860890 push ecx; mov dword ptr [esp], ecx	9_2_00860891
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_00874F50 push eax; ret	9_2_00874F6E
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_008752F0 push eax; ret	9_2_0087531E
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_00813C0B push 0087C33Ch; ret	9_2_00813C25

Source: HtmlInstaller.dll.2.dr

Static PE information: section name: .text entropy: 6.858624423223641

Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpVectors.Css.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Collections.Specialized.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Xml.XDocument.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.ComponentModel.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Collections.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-TA0F6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Xml.XPath.XDocument.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-52JU8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.ValueTuple.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-ECL5N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Text.Encoding.Extensions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\chrome_proxy.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.IO.FileSystem.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\Chromium\notification_helper.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Diagnostics.Tools.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\it\is-07PID.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.IO.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Runtime.Serialization.Formatters.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Security.Claims.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Reflection.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\ru\is-OPN3R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.ComponentModel.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-R83ND.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-AMMB0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\Microsoft.Bcl.AsyncInterfaces.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\SharpVectors.Core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Xml.ReaderWriter.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\Hardcodet.NotifyIcon.Wpf.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\SharpVectors.Model.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-UL8PG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpVectors.Rendering.Gdi.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Threading.Overlapped.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Newtonsoft.Json.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Runtime.Serialization.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Diagnostics.StackTrace.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.IO.Pipes.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Hardcodet.NotifyIcon.Wpf.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.IO.FileSystem.Watcher.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\Chromium\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-PT87J.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-23NVI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\is-KSDTH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Net.WebSockets.Client.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Bcl.AsyncInterfaces.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-7I3RJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\de\is-S9RD1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Net.WebSockets.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Resources.Reader.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Xml.XPath.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Security.Cryptography.Algorithms.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Threading.ThreadPool.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Win32.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-2KU8B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Runtime.Serialization.Xml.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpVectors.Runtime.Wpf.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Reflection.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\x86\is-0JKHJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Runtime.Handles.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Security.Cryptography.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Collections.NonGeneric.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-HM8L4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Net.NetworkInformation.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-RE807.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Humanizer.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Security.SecureString.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Clear-TemplateSearch.b5003.SK048.ed.exe	File created: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-C6SSC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Uninst\Networking.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Resources.Reader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Text.Encoding.Extensions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Security.Cryptography.Encoding.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\Microsoft.Win32.TaskScheduler.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.ComponentModel.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-HK51L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-G0CR4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Data.SQLite.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Diagnostics.Tracing.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-LPSKV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-T78L9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-RNFKH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Linq.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Runtime.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-DKN5Q.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-G7ELA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Globalization.Calendars.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-J8HOA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-PJDAA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\chrome_pwa_launcher.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\SharpVectors.Converters.Wpf.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Diagnostics.TextWriterTraceListener.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Linq.Parallel.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Reflection.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Security.Cryptography.X509Certificates.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\notification_helper.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-I8LB6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Diagnostics.Debug.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-0HAIA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-75V95.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Threading.Tasks.Extensions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\SharpVectors.Rendering.Gdi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Uninst\is-K585J.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\is-9R8D9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.IO.FileSystem.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Console.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Runtime.CompilerServices.VisualC.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-MJB0T.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-HHT9H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-8OJM2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\Microsoft.Toolkit.Uwp.Notifications.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\SharpVectors.Css.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-O56GI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\Microsoft.Win32.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Collections.NonGeneric.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\es\Microsoft.Win32.TaskScheduler.resources.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\Chromium\chrome_pwa_launcher.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-LJTH0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Threading.Tasks.Parallel.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.ComponentModel.EventBasedAsync.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Linq.Parallel.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-MRCU1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-R6FTJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.IO.UnmanagedMemoryStream.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-DD01F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Text.RegularExpressions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Text.Encoding.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Security.Cryptography.Algorithms.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\WpfAppBar.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Dynamic.Runtime.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\zh-CN\is-CJS2F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\Chromium\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Reflection.Extensions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-5S69T.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.InteropServices.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Diagnostics.Tools.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Net.Ping.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.IO.IsolatedStorage.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Net.NameResolution.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-UGLPU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Net.WebHeaderCollection.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\SharpVectors.Runtime.Wpf.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\es\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.IO.Compression.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-MKAC5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Resources.ResourceManager.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-GDD25.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Linq.Expressions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\is-4C1O9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Extensions.DependencyInjection.Abstractions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Net.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Text.RegularExpressions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\Clear.Remoting.Native.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.IO.Compression.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-6VU9P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-TQS09.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Data.Common.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\zh-Hant\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Globalization.Extensions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Dynamic.Runtime.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Collections.Concurrent.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-PQ410.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Reflection.Extensions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\HtmlInstaller.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-AT07R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-G4L6C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-6SI67.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\Clear.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-DOH0U.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\fr\is-0FSFV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Threading.Timer.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.Remoting.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Diagnostics.Process.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Xml.ReaderWriter.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\x64\SQLite.Interop.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Threading.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-6CHFM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Diagnostics.Tracing.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Greensoft.TlvLib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Threading.Thread.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-HBD8O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Net.WebSockets.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-9GTP5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\chrome.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-N3995.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-VJNDQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-1MO1B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Globalization.Extensions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Xml.XPath.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\pl\Microsoft.Win32.TaskScheduler.resources.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.IO.MemoryMappedFiles.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Linq.Expressions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\chrome_elf.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.Serialization.Formatters.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-2A3U4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\is-7DLNC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Data.SQLite.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.CompilerServices.Unsafe.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-7QFPE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Threading.ThreadPool.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.IO.FileSystem.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Net.Ping.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.ComponentModel.EventBasedAsync.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.ObjectModel.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.ObjectModel.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-TQ5MQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\x86\SQLite.Interop.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Security.Cryptography.X509Certificates.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-HHV6Q.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-SR0IF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-6TPNG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\is-RVMTK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-UM03N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-8HG11.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\Chromium\chrome_proxy.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Diagnostics.Debug.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.Serialization.Json.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-KSNII.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\LiteDB.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-10GPT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-F4SJF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-PCCLC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\es\is-QDMU5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\SharpClipboard.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\x64\is-NUUK3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\SharpVectors.Rendering.Wpf.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-A2NCU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Security.Principal.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Net.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-2QTC0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Text.Encoding.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-0286F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-8UBLU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Resources.Writer.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Drawing.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-S7D15.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Security.Cryptography.Encoding.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\netstandard.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Diagnostics.FileVersionInfo.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-DMRO6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Net.Security.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Xml.XDocument.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-EEO25.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Threading.Timer.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\libGLESv2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\is-OVDJG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-MOF23.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-38F0A.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.AppContext.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Diagnostics.TraceSource.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Xml.XmlSerializer.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\de\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Threading.Thread.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.ValueTuple.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Xml.XmlDocument.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Diagnostics.Contracts.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Net.WebSockets.Client.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Collections.Concurrent.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Collections.Specialized.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-GBL9Q.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Net.Http.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\elevation_service.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.IO.FileSystem.DriveInfo.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\ru\Microsoft.Win32.TaskScheduler.resources.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Security.SecureString.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.CompilerServices.VisualC.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\pl\is-JKUT7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-EV863.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-6LN71.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Diagnostics.Process.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\Chromium\elevation_service.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.IO.Pipes.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-I2HMI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Threading.Tasks.Extensions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Win32.TaskScheduler.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Security.Cryptography.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.Serialization.Xml.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpVectors.Rendering.Wpf.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Runtime.InteropServices.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\Chromium\clearbrowser.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-SNP6L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-B8O8E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.IO.MemoryMappedFiles.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-1T6AN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Diagnostics.Contracts.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Data.Common.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-IPQI0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-L44T9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Net.Security.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-D8F8K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\zh-Hant\is-NMB8V.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Threading.Tasks.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpVectors.Dom.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Diagnostics.FileVersionInfo.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-P1KJV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Net.WebHeaderCollection.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.ComponentModel.TypeConverter.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.IO.FileSystem.Watcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-B3VJL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\WpfScreenHelper.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\Chromium\chrome_elf.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-40NNL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-9E9TN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-R70VF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\LiteDB.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-K7VFE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-7SD3T.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-UK4HH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Threading.Overlapped.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-NFO05.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\netstandard.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\it\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-GU2I5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.ComponentModel.TypeConverter.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Runtime.Extensions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Security.Claims.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\fr\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-9S7BD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\is-63952.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.Numerics.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\SharpVectors.Dom.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Linq.Queryable.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.InteropServices.RuntimeInformation.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-3FN0L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Net.Sockets.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Globalization.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Net.Http.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-5HUBI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Threading.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Networking.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-RCDHE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-LTI51.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Threading.Tasks.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Runtime.Numerics.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Linq.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-4BM0B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\Clear.Remoting.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-IHDF0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.IO.FileSystem.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-96JN4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Extensions.DependencyInjection.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\de\Microsoft.Win32.TaskScheduler.resources.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Net.Sockets.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\is-LI5F9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.Handles.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Resources.Writer.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Resources.ResourceManager.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpVectors.Model.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-TQJI7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\x86\SQLite.Interop.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.AppContext.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Net.Requests.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\Chromium\chrome.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Net.NetworkInformation.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-HESRK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.IO.Compression.ZipFile.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\Microsoft.Extensions.DependencyInjection.Abstractions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.Extensions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-2MB65.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Diagnostics.TraceSource.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\zh-Hant\Microsoft.Win32.TaskScheduler.resources.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-I7MF9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Console.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.IO.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\it\Microsoft.Win32.TaskScheduler.resources.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-ETVL9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\pl\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Threading.Tasks.Parallel.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\is-U1PHM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Security.Principal.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.ComponentModel.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Reflection.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\is-9V0UG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Xml.XmlDocument.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-ARVMU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpVectors.Core.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.Remoting.Native.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-OFPQN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Diagnostics.TextWriterTraceListener.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\ru\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-FA10R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-CJA9H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Net.NameResolution.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Net.Requests.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.IO.Compression.ZipFile.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Security.Cryptography.Csp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\WpfAppBar.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Drawing.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\Microsoft.Extensions.DependencyInjection.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Globalization.Calendars.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.Serialization.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-5A214.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\libEGL.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-AS9AU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\WpfScreenHelper.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-2L6P2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-PO9RP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Runtime.Serialization.Json.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Linq.Queryable.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-6TBP4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-T0A69.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-S6HAT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-GNMM8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-UJRG2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpClipboard.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Globalization.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\x64\SQLite.Interop.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\fr\Microsoft.Win32.TaskScheduler.resources.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-20DGM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\Greensoft.TlvLib.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Diagnostics.StackTrace.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-2AFRA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.IO.FileSystem.DriveInfo.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.IO.IsolatedStorage.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	File created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\Humanizer.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Toolkit.Uwp.Notifications.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-R43LO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-5FC31.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Collections.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.IO.UnmanagedMemoryStream.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Xml.XmlSerializer.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-VR258.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-2O16F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Xml.XPath.XDocument.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpVectors.Converters.Wpf.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Security.Cryptography.Csp.dll (copy)	Jump to dropped file

Boot Survival

Installs Task Scheduler Managed Wrapper

Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe

File created: C:\Users\user~1\AppData\Local\Temp\is-ND9CL.tmp\Net\app\Microsoft.Win32.TaskScheduler.dll

Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Clear.lnk

Jump to behavior

Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Users\user\Desktop\Clear-TemplateSearch.b5003.SK048.ed.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Clear-TemplateSearch.b5003.SK048.ed.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Tries to delay execution (extensive OutputDebugStringW loop)

Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Section loaded: OutputDebugStringW count: 112
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Section loaded: OutputDebugStringW count: 202

Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: 3580000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: 4160000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: 6160000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: 9D50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: A020000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: A1A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: A1C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: CC60000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: CD00000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: CD80000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: CDC0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: CDE0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: CE40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: CE60000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: D390000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: D3D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: D3F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: DC30000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: DC50000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: F7B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: F7D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: EE50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: EF50000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: F750000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: F770000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: BB0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: BD0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: E280000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: 101D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: 10210000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: 10230000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: 10250000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: 10CD0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: 10D70000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: 10D90000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: 10DD0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Memory allocated: 10DF0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Memory allocated: 27457510000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Memory allocated: 27470EE0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Memory allocated: 264AFF80000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Memory allocated: 264C8080000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Memory allocated: 25FA9CE0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Memory allocated: 25FC1E50000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Memory allocated: 1C9ECFC0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Memory allocated: 1C9EEA80000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Thread delayed: delay time: 499984	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Window / User API: threadDelayed 2843	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Window / User API: threadDelayed 2851	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Window / User API: threadDelayed 1917
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Window / User API: threadDelayed 1136
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Window / User API: threadDelayed 2145
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Window / User API: threadDelayed 1444
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Window / User API: threadDelayed 3615
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Window / User API: threadDelayed 1880
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Window / User API: threadDelayed 1782
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Window / User API: threadDelayed 1367
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 401
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 405

Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Runtime.InteropServices.RuntimeInformation.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpVectors.Css.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Collections.Specialized.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Xml.XDocument.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.ComponentModel.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Collections.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Xml.XPath.XDocument.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-TA0F6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-52JU8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.ValueTuple.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-ECL5N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Text.Encoding.Extensions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\chrome_proxy.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.IO.FileSystem.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\Chromium\notification_helper.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Diagnostics.Tools.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\it\is-07PID.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.IO.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Runtime.Serialization.Formatters.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Security.Claims.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Reflection.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\ru\is-OPN3R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.ComponentModel.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-R83ND.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-AMMB0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\SharpVectors.Core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\Microsoft.Bcl.AsyncInterfaces.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Xml.ReaderWriter.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\Hardcodet.NotifyIcon.Wpf.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\SharpVectors.Model.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-UL8PG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpVectors.Rendering.Gdi.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Threading.Overlapped.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Newtonsoft.Json.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Runtime.Serialization.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Diagnostics.StackTrace.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.IO.Pipes.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.IO.FileSystem.Watcher.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Hardcodet.NotifyIcon.Wpf.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\Chromium\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-PT87J.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-23NVI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Net.WebSockets.Client.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\de\is-S9RD1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Bcl.AsyncInterfaces.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-7I3RJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Net.WebSockets.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Xml.XPath.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Resources.Reader.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Threading.ThreadPool.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Security.Cryptography.Algorithms.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Win32.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-2KU8B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Runtime.Serialization.Xml.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpVectors.Runtime.Wpf.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Reflection.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Runtime.Handles.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Security.Cryptography.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\x86\is-0JKHJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Collections.NonGeneric.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-HM8L4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Net.NetworkInformation.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-RE807.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Runtime.CompilerServices.Unsafe.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Security.SecureString.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Humanizer.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Uninst\Networking.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-C6SSC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Resources.Reader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Text.Encoding.Extensions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Security.Cryptography.Encoding.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\Microsoft.Win32.TaskScheduler.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.ComponentModel.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-G0CR4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-HK51L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Data.SQLite.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Diagnostics.Tracing.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-LPSKV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-T78L9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-RNFKH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Linq.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Runtime.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-DKN5Q.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-G7ELA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Globalization.Calendars.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-J8HOA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\SharpVectors.Converters.Wpf.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-PJDAA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\chrome_pwa_launcher.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Diagnostics.TextWriterTraceListener.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Linq.Parallel.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Reflection.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Security.Cryptography.X509Certificates.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\notification_helper.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-I8LB6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Diagnostics.Debug.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-75V95.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Threading.Tasks.Extensions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-0HAIA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\SharpVectors.Rendering.Gdi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Uninst\is-K585J.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.IO.FileSystem.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\is-9R8D9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Runtime.CompilerServices.VisualC.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Console.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-MJB0T.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-HHT9H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\Microsoft.Toolkit.Uwp.Notifications.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-8OJM2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\SharpVectors.Css.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-O56GI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\Microsoft.Win32.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Collections.NonGeneric.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\Chromium\chrome_pwa_launcher.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\es\Microsoft.Win32.TaskScheduler.resources.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-LJTH0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Threading.Tasks.Parallel.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.ComponentModel.EventBasedAsync.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Linq.Parallel.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-R6FTJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.IO.UnmanagedMemoryStream.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-DD01F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Text.RegularExpressions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Text.Encoding.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Security.Cryptography.Algorithms.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\WpfAppBar.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Dynamic.Runtime.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\Chromium\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\zh-CN\is-CJS2F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Reflection.Extensions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Diagnostics.Tools.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.InteropServices.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-5S69T.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Net.Ping.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.IO.IsolatedStorage.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Net.NameResolution.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-UGLPU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Net.WebHeaderCollection.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\SharpVectors.Runtime.Wpf.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\es\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.IO.Compression.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-MKAC5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Resources.ResourceManager.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-GDD25.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Linq.Expressions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Extensions.DependencyInjection.Abstractions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\is-4C1O9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Text.RegularExpressions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Net.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\Clear.Remoting.Native.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.IO.Compression.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-6VU9P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-TQS09.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\zh-Hant\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Data.Common.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Globalization.Extensions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Dynamic.Runtime.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Collections.Concurrent.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-PQ410.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Reflection.Extensions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\HtmlInstaller.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-AT07R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-G4L6C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-6SI67.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-DOH0U.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\fr\is-0FSFV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Threading.Timer.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.Remoting.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Diagnostics.Process.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Xml.ReaderWriter.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\x64\SQLite.Interop.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Threading.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Diagnostics.Tracing.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-6CHFM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Greensoft.TlvLib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Threading.Thread.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-HBD8O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Net.WebSockets.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-9GTP5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\chrome.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-N3995.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-VJNDQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-1MO1B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Xml.XPath.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\pl\Microsoft.Win32.TaskScheduler.resources.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Globalization.Extensions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.IO.MemoryMappedFiles.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Linq.Expressions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\chrome_elf.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.Serialization.Formatters.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-2A3U4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\is-7DLNC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Data.SQLite.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.CompilerServices.Unsafe.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-7QFPE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Threading.ThreadPool.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.IO.FileSystem.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Net.Ping.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.ComponentModel.EventBasedAsync.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.ObjectModel.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.ObjectModel.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-TQ5MQ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\x86\SQLite.Interop.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Security.Cryptography.X509Certificates.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-HHV6Q.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-SR0IF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-6TPNG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\is-RVMTK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-UM03N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\Chromium\chrome_proxy.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-8HG11.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Diagnostics.Debug.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.Serialization.Json.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-KSNII.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\LiteDB.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-10GPT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-F4SJF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-PCCLC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\es\is-QDMU5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\SharpClipboard.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\x64\is-NUUK3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\SharpVectors.Rendering.Wpf.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-A2NCU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Security.Principal.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Net.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-2QTC0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Text.Encoding.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-0286F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-8UBLU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Resources.Writer.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Drawing.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-S7D15.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Security.Cryptography.Encoding.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\netstandard.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Diagnostics.FileVersionInfo.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-DMRO6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Net.Security.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Xml.XDocument.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-EEO25.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Threading.Timer.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\libGLESv2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\is-OVDJG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-38F0A.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-MOF23.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.AppContext.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Diagnostics.TraceSource.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Xml.XmlSerializer.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Threading.Thread.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\de\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.ValueTuple.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Xml.XmlDocument.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Diagnostics.Contracts.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Net.WebSockets.Client.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Collections.Specialized.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Collections.Concurrent.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-GBL9Q.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\elevation_service.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Net.Http.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.IO.FileSystem.DriveInfo.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\ru\Microsoft.Win32.TaskScheduler.resources.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Security.SecureString.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.CompilerServices.VisualC.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\pl\is-JKUT7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-EV863.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-6LN71.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Diagnostics.Process.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\Chromium\elevation_service.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.IO.Pipes.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-I2HMI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Threading.Tasks.Extensions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Win32.TaskScheduler.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Security.Cryptography.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpVectors.Rendering.Wpf.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.Serialization.Xml.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Runtime.InteropServices.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.IO.MemoryMappedFiles.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-SNP6L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-B8O8E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Diagnostics.Contracts.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-1T6AN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Data.Common.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-IPQI0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-L44T9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Net.Security.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-D8F8K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\zh-Hant\is-NMB8V.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Threading.Tasks.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpVectors.Dom.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Diagnostics.FileVersionInfo.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-P1KJV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Net.WebHeaderCollection.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.ComponentModel.TypeConverter.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-B3VJL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.IO.FileSystem.Watcher.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\Chromium\chrome_elf.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\WpfScreenHelper.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-40NNL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-9E9TN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-R70VF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\LiteDB.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-7SD3T.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-K7VFE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Threading.Overlapped.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-UK4HH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-NFO05.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\netstandard.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\it\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-GU2I5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.ComponentModel.TypeConverter.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Runtime.Extensions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Security.Claims.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\fr\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-9S7BD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.Numerics.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\SharpVectors.Dom.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Linq.Queryable.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.InteropServices.RuntimeInformation.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-3FN0L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Net.Sockets.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Globalization.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Net.Http.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Threading.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-5HUBI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Networking.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-LTI51.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-RCDHE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Threading.Tasks.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Runtime.Numerics.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Linq.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-4BM0B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\Clear.Remoting.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-IHDF0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.IO.FileSystem.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-96JN4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Extensions.DependencyInjection.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\de\Microsoft.Win32.TaskScheduler.resources.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Net.Sockets.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.Handles.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\is-LI5F9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Resources.Writer.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Resources.ResourceManager.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpVectors.Model.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-TQJI7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\x86\SQLite.Interop.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Net.Requests.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.AppContext.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\Chromium\chrome.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Net.NetworkInformation.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-HESRK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.IO.Compression.ZipFile.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\Microsoft.Extensions.DependencyInjection.Abstractions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.Extensions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-2MB65.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Diagnostics.TraceSource.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\zh-Hant\Microsoft.Win32.TaskScheduler.resources.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-I7MF9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Console.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.IO.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\it\Microsoft.Win32.TaskScheduler.resources.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-ETVL9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\pl\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Threading.Tasks.Parallel.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Security.Principal.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\is-U1PHM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.ComponentModel.Primitives.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Reflection.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\is-9V0UG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Xml.XmlDocument.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-ARVMU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpVectors.Core.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.Remoting.Native.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-OFPQN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Diagnostics.TextWriterTraceListener.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\ru\Microsoft.Win32.TaskScheduler.resources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-FA10R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-CJA9H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Net.NameResolution.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Net.Requests.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.IO.Compression.ZipFile.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Security.Cryptography.Csp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\WpfAppBar.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Drawing.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\Microsoft.Extensions.DependencyInjection.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Globalization.Calendars.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.Serialization.Primitives.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-5A214.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\libEGL.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-AS9AU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\WpfScreenHelper.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-2L6P2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-PO9RP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Runtime.Serialization.Json.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Linq.Queryable.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-6TBP4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-T0A69.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-S6HAT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-GNMM8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-UJRG2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpClipboard.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Globalization.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\x64\SQLite.Interop.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\fr\Microsoft.Win32.TaskScheduler.resources.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\Greensoft.TlvLib.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-20DGM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\System.Diagnostics.StackTrace.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-2AFRA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.IO.FileSystem.DriveInfo.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.IO.IsolatedStorage.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Net\app\Humanizer.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Toolkit.Uwp.Notifications.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-R43LO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-5FC31.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Collections.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.IO.UnmanagedMemoryStream.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Xml.XmlSerializer.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-VR258.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\is-2O16F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Xml.XPath.XDocument.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpVectors.Converters.Wpf.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Security.Cryptography.Csp.dll (copy)	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp TID: 6732	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp TID: 6732	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp TID: 6732	Thread sleep time: -499984s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe TID: 7328	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe TID: 2756	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe TID: 7300	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe TID: 1664	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe TID: 2756	Thread sleep time: -100000s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe TID: 5500	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe TID: 7520	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe TID: 5248	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe TID: 5876	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe TID: 7520	Thread sleep time: -100000s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe TID: 2708	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe TID: 1008	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe TID: 7688	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe TID: 7148	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe TID: 1008	Thread sleep time: -100000s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe TID: 6824	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe TID: 2868	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe TID: 7180	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe TID: 7596	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe TID: 2868	Thread sleep time: -100000s >= -30000s

Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe

Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809

Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT HypervisorPresent FROM Win32_ComputerSystem

Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	File Volume queried: C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\Code Cache\webui_js FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	File Volume queried: C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\Code Cache\js FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	File Volume queried: C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\Code Cache\wasm FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	File Volume queried: C:\Users\user\AppData\Local\ClearBrowser\User Data FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	File Volume queried: C:\Users\user\AppData\Local\ClearBrowser\User Data FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	File Volume queried: C:\Users\user\AppData\Local\ClearBrowser\User Data FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	File Volume queried: C:\Users\user\AppData\Local\ClearBrowser\User Data FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	File Volume queried: C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\blob_storage\509a7680-8606-463e-9369-3b3cf5bd28f1 FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	File Volume queried: C:\Users\user\AppData\Local\ClearBrowser\User Data\Default FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	File Volume queried: C:\Users\user\AppData\Local\ClearBrowser\User Data\Default FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	File Volume queried: C:\Users\user\AppData\Local\ClearBrowser\User Data\Default FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	File Volume queried: C:\Users\user\AppData\Local\ClearBrowser\User Data\Default FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	File Volume queried: C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\Cache\Cache_Data FullSizeInformation

Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_00815C8D __EH_prolog,FindFirstFileW,FindFirstFileW,FindFirstFileW,		9_2_00815C8D
Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe	Code function: 9_2_008179F9 FindFirstFileW,		9_2_008179F9

Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe

Code function: 9_2_008166A3 __EH_prolog,GetLogicalDriveStringsW,GetLogicalDriveStringsW,GetLogicalDriveStringsW,

9_2_008166A3

Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe

Code function: 9_2_0081890F GetSystemInfo,

9_2_0081890F

Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Thread delayed: delay time: 499984	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Thread delayed: delay time: 100000
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Thread delayed: delay time: 100000
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Thread delayed: delay time: 100000
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Thread delayed: delay time: 100000

Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File opened: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\html	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File opened: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	File opened: C:\Users\user\AppData	Jump to behavior

Source: Clear-TemplateSearch.b5003.SK048.ed.tmp, 00000002.00000003.2263566518.000000000A71A000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp

Process information queried: ProcessInformation

Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe

9_2_00847352

Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe "C:\Users\user~1\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe" x "C:\Users\user~1\AppData\Local\Temp\is-ND9CL.tmp\clear.7z" -o"C:\Users\user~1\AppData\Local\Temp\is-ND9CL.tmp\Net\app\" -y	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe "C:\Users\user~1\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe" x "C:\Users\user~1\AppData\Local\Temp\is-ND9CL.tmp\chromium.7z" -o"C:\Users\user~1\AppData\Local\Temp\is-ND9CL.tmp\Net\Chromium" -y	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Process created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe"
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\ClearBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\ClearBrowser\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=ClearBrowser --annotation=ver=120.0.6099.199 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb0321e440,0x7ffb0321e44c,0x7ffb0321e458
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=gpu-process --no-pre-read-main-dll --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2012 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-pre-read-main-dll --start-stack-profiler --mojo-platform-channel-handle=2164 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-pre-read-main-dll --mojo-platform-channel-handle=3324 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=renderer --no-pre-read-main-dll --first-renderer-process --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --time-ticks-at-unix-epoch=-1716392232912672 --launch-time-ticks=7063572613 --mojo-platform-channel-handle=3668 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:1
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=renderer --extension-process --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1716392232912672 --launch-time-ticks=7064007852 --mojo-platform-channel-handle=3752 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:1
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=renderer --extension-process --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1716392232912672 --launch-time-ticks=7064386856 --mojo-platform-channel-handle=3892 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:1
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=renderer --extension-process --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1716392232912672 --launch-time-ticks=7064810809 --mojo-platform-channel-handle=4108 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:1
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=renderer --extension-process --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --time-ticks-at-unix-epoch=-1716392232912672 --launch-time-ticks=7065811433 --mojo-platform-channel-handle=4260 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:1
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=renderer --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --time-ticks-at-unix-epoch=-1716392232912672 --launch-time-ticks=7066277542 --mojo-platform-channel-handle=4464 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:1
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-GB --service-sandbox-type=none --no-pre-read-main-dll --mojo-platform-channel-handle=4572 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --no-pre-read-main-dll --mojo-platform-channel-handle=4052 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --no-pre-read-main-dll --mojo-platform-channel-handle=3220 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=renderer --extension-process --no-pre-read-main-dll --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --time-ticks-at-unix-epoch=-1716392232912672 --launch-time-ticks=7075773636 --mojo-platform-channel-handle=4568 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:1
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --no-pre-read-main-dll --mojo-platform-channel-handle=3280 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --no-pre-read-main-dll --mojo-platform-channel-handle=3928 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=gpu-process --no-pre-read-main-dll --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3224 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=gpu-process --no-pre-read-main-dll --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=disabled --mojo-platform-channel-handle=5184 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe "C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-GB --service-sandbox-type=none --no-pre-read-main-dll --mojo-platform-channel-handle=4208 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Process created: unknown unknown

Source: 7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp

Binary or memory string: Shell_TrayWnd

Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\Networking.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Queries volume information: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\HtmlInstaller.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Queries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Hardcodet.NotifyIcon.Wpf.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemCore\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemCore.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.Remoting.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Extensions.DependencyInjection.Abstractions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Net.Http.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.ValueTuple.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\WpfAppBar.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Extensions.DependencyInjection.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Bcl.AsyncInterfaces.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Threading.Tasks.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Newtonsoft.Json.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Greensoft.TlvLib.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\LiteDB.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Win32.TaskScheduler.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Data.SQLite.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpClipboard.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\WpfScreenHelper.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.InteropServices.RuntimeInformation.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\master_preferences VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\Preferences VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\MEIPreload\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\MEIPreload\preloaded_data.pb VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir7524_1610322727\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir7524_1610322727\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\Extensions\ongdnllcjkgccaaeenpnccdmgnoakclk\1.22.1206_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\Extensions\ongdnllcjkgccaaeenpnccdmgnoakclk\1.22.1206_0\icons\16.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir7524_1490370054\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir7524_1490370054\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\Extensions\lhgbhkaddoclgompehjgnoabldpmpkno\1.22.916_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\Extensions\lhgbhkaddoclgompehjgnoabldpmpkno\1.22.916_0\icons\16.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir7524_1381850975\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\Service Worker\ScriptCache\67a473248953641b_0 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\Service Worker\ScriptCache\fa813c9ad67834ac_0 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\scoped_dir7524_1381850975\CRX_INSTALL\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\Extensions\hnaldbmaaihebfkndlpogamgccddckad\1.22.718_0\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\Extensions\hnaldbmaaihebfkndlpogamgccddckad\1.22.718_0\icons\16.png VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\Service Worker\ScriptCache\013888a1cda32b90_0 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\Service Worker\ScriptCache\297ecea5cebb5dfe_0 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Hardcodet.NotifyIcon.Wpf.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemCore\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemCore.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.Remoting.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Extensions.DependencyInjection.Abstractions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Net.Http.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.ValueTuple.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\WpfAppBar.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Extensions.DependencyInjection.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Bcl.AsyncInterfaces.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Threading.Tasks.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Newtonsoft.Json.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Toolkit.Uwp.Notifications.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\System32\WinMetadata\Windows.ApplicationModel.winmd VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\System32\WinMetadata\Windows.Foundation.winmd VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.WindowsRuntime\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.WindowsRuntime.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\System32\WinMetadata\Windows.Storage.winmd VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\System32\WinMetadata\Windows.UI.winmd VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.InteropServices.WindowsRuntime\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.InteropServices.WindowsRuntime.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Data.SQLite.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\LiteDB.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpClipboard.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.InteropServices.RuntimeInformation.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Hardcodet.NotifyIcon.Wpf.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemCore\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemCore.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.Remoting.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Extensions.DependencyInjection.Abstractions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Net.Http.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.ValueTuple.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\WpfAppBar.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Extensions.DependencyInjection.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Bcl.AsyncInterfaces.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Threading.Tasks.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Newtonsoft.Json.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.InteropServices.RuntimeInformation.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\LiteDB.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Data.SQLite.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpClipboard.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Hardcodet.NotifyIcon.Wpf.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemCore\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemCore.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.Remoting.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Extensions.DependencyInjection.Abstractions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Net.Http.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.ValueTuple.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\WpfAppBar.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Extensions.DependencyInjection.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Bcl.AsyncInterfaces.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Threading.Tasks.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Newtonsoft.Json.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\LiteDB.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Data.SQLite.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpClipboard.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe	Queries volume information: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Runtime.InteropServices.RuntimeInformation.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	Queries volume information: C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\Network\SCT Auditing Pending Reports VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe

Code function: 9_2_00818A69 GetSystemTimeAsFileTime,

9_2_00818A69

Source: C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe

Code function: 9_2_00860AB0 GetVersionExW,

9_2_00860AB0

Source: C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
Source: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe	File opened: C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\History

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	21 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	1 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 Windows Service	1 Access Token Manipulation	1 Deobfuscate/Decode Files or Information	LSASS Memory	4 File and Directory Discovery	Remote Desktop Protocol	1 Browser Session Hijacking	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Command and Scripting Interpreter	11 Scheduled Task/Job	1 Windows Service	3 Obfuscated Files or Information	Security Account Manager	39 System Information Discovery	SMB/Windows Admin Shares	1 Data from Local System	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	11 Scheduled Task/Job	1 Registry Run Keys / Startup Folder	12 Process Injection	1 Software Packing	NTDS	1 Query Registry	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	11 Scheduled Task/Job	1 Timestomp	LSA Secrets	21 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	Cached Domain Credentials	2 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Masquerading	DCSync	151 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	151 Virtualization/Sandbox Evasion	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Access Token Manipulation	/etc/passwd and /etc/shadow	2 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	12 Process Injection	Network Sniffing	1 Remote System Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Clear-TemplateSearch.b5003.SK048.ed.exe	33%	ReversingLabs	Win32.PUA.Generic

Dropped Files

Source	Detection	Scanner
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\chrome_elf.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\chrome_proxy.exe (copy)	4%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\chrome_pwa_launcher.exe (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\elevation_service.exe (copy)	4%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\is-63952.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\is-7DLNC.tmp	4%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\is-9R8D9.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\is-9V0UG.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\is-LI5F9.tmp	4%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\is-OVDJG.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\is-RVMTK.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\is-U1PHM.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\libEGL.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\libGLESv2.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\notification_helper.exe (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.Remoting.Native.exe (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.Remoting.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Greensoft.TlvLib.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Hardcodet.NotifyIcon.Wpf.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Humanizer.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\LiteDB.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Bcl.AsyncInterfaces.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Extensions.DependencyInjection.Abstractions.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Extensions.DependencyInjection.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Toolkit.Uwp.Notifications.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Win32.Primitives.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Microsoft.Win32.TaskScheduler.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Newtonsoft.Json.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpClipboard.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpVectors.Converters.Wpf.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpVectors.Core.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpVectors.Css.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpVectors.Dom.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpVectors.Model.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpVectors.Rendering.Gdi.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpVectors.Rendering.Wpf.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\SharpVectors.Runtime.Wpf.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.AppContext.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Collections.Concurrent.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Collections.NonGeneric.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Collections.Specialized.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Collections.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.ComponentModel.EventBasedAsync.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.ComponentModel.Primitives.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.ComponentModel.TypeConverter.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.ComponentModel.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Console.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Data.Common.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Data.SQLite.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Diagnostics.Contracts.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Diagnostics.Debug.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Diagnostics.FileVersionInfo.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\System.Diagnostics.Process.dll (copy)	0%	ReversingLabs

Source	Detection	Scanner	Label
https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing	0%	URL Reputation	safe
https://support.google.com/chrome/answer/6098869	0%	URL Reputation	safe
https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new	0%	URL Reputation	safe
https://www.youtube.com	0%	URL Reputation	safe
https://photos.google.com/settings?referrer=CHROME_NTP	0%	URL Reputation	safe
https://www.remobjects.com/ps	0%	URL Reputation	safe
https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl	0%	URL Reputation	safe
https://www.innosetup.com/	0%	URL Reputation	safe
https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object	0%	URL Reputation	safe
http://eev.ee/blog/2015/09/12/dark-corners-of-unicode/).	0%	URL Reputation	safe
https://crashpad.chromium.org/	0%	URL Reputation	safe
https://github.com/mozilla/rhino/issues/346	0%	Avira URL Cloud	safe
https://tc39.github.io/ecma262/#sec-promise.prototype.finally	0%	Avira URL Cloud	safe
https://api.openweathermap.org/data/2.5/forecast/daily?	0%	Avira URL Cloud	safe
https://clearbar.app/rd2/?id=374553Ly9hcmNhZGV0YWIuY29t&guid=	0%	Avira URL Cloud	safe
https://tc39.github.io/ecma262/#sec-promise.prototype.then	0%	Avira URL Cloud	safe
https://tc39.github.io/ecma262/#sec-tonumber	0%	Avira URL Cloud	safe
https://search.yahoo.com?fr=tightropetb&type=11745	0%	Avira URL Cloud	safe
https://url.spec.whatwg.org/#dom-urlsearchparams-append	0%	Avira URL Cloud	safe
https://publickeyservice.gcp.privacysandboxservices.com	0%	Avira URL Cloud	safe
http://ecma-international.org/ecma-262/7.0/#sec-properties-of-the-map-prototype-object)	0%	URL Reputation	safe
https://www.therealreal.com/cart	0%	Avira URL Cloud	safe
http://underscorejs.org/LICENSE	0%	URL Reputation	safe
https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl	0%	URL Reputation	safe
http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd	0%	URL Reputation	safe
https://amazon.com	0%	URL Reputation	safe
https://m.google.com/devicemanagement/data/api	0%	URL Reputation	safe
https://chromewebstore.google.com/	0%	URL Reputation	safe
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-generatorresume	0%	URL Reputation	safe
https://mathiasbynens.be/notes/javascript-unicode).	0%	URL Reputation	safe
https://github.com/zloirock/core-js/issues/640	0%	Avira URL Cloud	safe
https://github.com/tc39/proposal-array-filtering	0%	Avira URL Cloud	safe
https://www.urbanoutfitters.com/cart	0%	Avira URL Cloud	safe
https://www.shutterfly.com/cart/	0%	Avira URL Cloud	safe
https://url.spec.whatwg.org/#dom-url-search	0%	Avira URL Cloud	safe
https://www.zappos.com/cart	0%	Avira URL Cloud	safe
http://www.hardcodet.net/taskbar	0%	Avira URL Cloud	safe
https://tc39.github.io/ecma262/#sec-toprimitive	0%	Avira URL Cloud	safe
https://www.saksfifthavenue.com/cart	0%	Avira URL Cloud	safe
https://www.guitarcenter.com/cart	0%	Avira URL Cloud	safe
https://tc39.github.io/ecma262/#sec-array.prototype.foreach	0%	Avira URL Cloud	safe
https://tab.clearbar.app/223/edge/index.html?guid=	0%	Avira URL Cloud	safe
https://tc39.github.io/ecma262/#sec-string.prototype.codepointat	0%	Avira URL Cloud	safe
http://www.html5rocks.com/en/tutorials/canvas/hidpi/	0%	Avira URL Cloud	safe
https://tc39.github.io/ecma262/#sec-array.prototype.some	0%	Avira URL Cloud	safe
https://url.spec.whatwg.org/#dom-url-tojson	0%	Avira URL Cloud	safe
https://github.com/es-shims/es5-shim/issues/150	0%	Avira URL Cloud	safe
https://chrome.google.com/webstorehttps://chromewebstore.google.com/6EAED1924DB611B6EEF2A664BD077BE7	0%	Avira URL Cloud	safe
http://crt.r2m02.amazontrust.com/r2m02.cer0	0%	Avira URL Cloud	safe
https://tc39.github.io/ecma262/#sec-promise.all	0%	Avira URL Cloud	safe
https://staging.newtab.ext.services/223/default/index.html?guid=	0%	Avira URL Cloud	safe
https://www.williams-sonoma.com/shoppingcart/	0%	Avira URL Cloud	safe
https://search.clearbar.app/crx/search.php?guid=	0%	Avira URL Cloud	safe
https://developer.mozilla.org/en-US/docs/Web/API/URL/revokeObjectURL	0%	Avira URL Cloud	safe
https://tc39.github.io/ecma262/#sec-createarrayiterator	0%	Avira URL Cloud	safe
https://github.com/zloirock/core-js/issues/306	0%	Avira URL Cloud	safe
https://tc39.github.io/ecma262/#sec-symbol.prototype.description	0%	Avira URL Cloud	safe
http://ocsp.r2m02.amazontrust.com06	0%	Avira URL Cloud	safe
https://tc39.github.io/ecma262/#sec-array.from	0%	Avira URL Cloud	safe
https://tc39.github.io/ecma262/#sec-number.isnan	0%	Avira URL Cloud	safe
https://instagram.com	0%	Avira URL Cloud	safe
https://chrome.google.com/webstore	0%	Avira URL Cloud	safe
https://cloudfront.clearbar.app/profiles/common.json=https://clearbar.app/profiles/ehttps://clearbar	0%	Avira URL Cloud	safe
https://tc39.github.io/ecma262/#sec-object.defineproperty	0%	Avira URL Cloud	safe
http://ocsp.rootca1.amazontrust.com0:	0%	Avira URL Cloud	safe
https://clearbar.app/rd2/?id=273811Ly9hcmNhZGV0YWIuY29t&guid=	0%	Avira URL Cloud	safe
https://www.teacherspayteachers.com/Cart	0%	Avira URL Cloud	safe
https://url.spec.whatwg.org/#dom-url-hostname	0%	Avira URL Cloud	safe
https://chrome.google.com/webstore?hl=en-GB&category=theme81https://myactivity.google.com/myactivity	0%	Avira URL Cloud	safe
https://fullscreen.spec.whatwg.org/#user-agent-level-style-sheet-defaults:	0%	Avira URL Cloud	safe
http://crl.rootg2.amazontrust.com/rootg2.crl0	0%	Avira URL Cloud	safe
https://tc39.github.io/ecma262/#sec-getsubstitution	0%	Avira URL Cloud	safe
https://developer.mozilla.org/en-US/docs/Web/API/URL/createObjectURL	0%	Avira URL Cloud	safe
https://tc39.github.io/ecma262/#sec-symbol.keyfor	0%	Avira URL Cloud	safe
https://pdf-services.clearbar.app/api/v1/auth/handoff	0%	Avira URL Cloud	safe
https://www.qvc.com/checkout/cart.html	0%	Avira URL Cloud	safe
https://tc39.github.io/ecma262/#sec-function-instances-name	0%	Avira URL Cloud	safe
http://o.aolcdn.com/images/dims?image_uri=https%3A%2F%2Fs.yimg.com%2Fos%2Fcreatr-uploaded-images%2F2	0%	Avira URL Cloud	safe
https://clearbar.app/rd2/?id=175902Ly9hcmNhZGV0YWIuY29t&guid=	0%	Avira URL Cloud	safe
https://tc39.github.io/ecma262/#sec-array.prototype.values	0%	Avira URL Cloud	safe
https://www.samsclub.com/cart	0%	Avira URL Cloud	safe
https://tc39.github.io/ecma262/#sec-object.values	0%	Avira URL Cloud	safe
https://earth.google.com/web	0%	Avira URL Cloud	safe
https://cloudfront.clearbar.app/extensions/newtab-yahoo-20220131.xml	0%	Avira URL Cloud	safe
https://tc39.github.io/ecma262/#sec-array.prototype.map	0%	Avira URL Cloud	safe
https://cloudfront.clearbar.app/extensions/ycontent-mv3.xml	0%	Avira URL Cloud	safe
https://url.spec.whatwg.org/#dom-url-password	0%	Avira URL Cloud	safe
https://github.com/mathiasbynens/String.prototype.at	0%	Avira URL Cloud	safe
https://tc39.github.io/ecma262/#sec-array.prototype.slice	0%	Avira URL Cloud	safe
https://tc39.github.io/ecma262/#sec-array.prototype.splice	0%	Avira URL Cloud	safe
https://tc39.github.io/ecma262/#sec-arrayspeciescreate	0%	Avira URL Cloud	safe
https://tc39.github.io/ecma262/#sec-symbol.prototype-	0%	Avira URL Cloud	safe
https://github.com/zloirock/core-js/issues/679	0%	Avira URL Cloud	safe
https://search.freshy.com/y-feeds/news/v1/topNews?length=-1	0%	Avira URL Cloud	safe
http://w3.org/TR/2012/WD-url-20120524/#collect-url-parameters	0%	Avira URL Cloud	safe
https://github.com/zloirock/core-js/issues/677	0%	Avira URL Cloud	safe
https://clearbar.app/rd2/?id=195104Ly9hcmNhZGV0YWIuY29t&guid=	0%	Avira URL Cloud	safe
https://publickeyservice.pa.gcp.privacysandboxservices.com	0%	Avira URL Cloud	safe
https://cloudfront.clearbar.app/extensions/staging/zoomtool-v1056.xml	0%	Avira URL Cloud	safe
https://github.com/zloirock/core-js/issues/674	0%	Avira URL Cloud	safe

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/mozilla/rhino/issues/346	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://tc39.github.io/ecma262/#sec-promise.prototype.finally	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing	clearbrowser.exe, 00000012.00000003.2506430531.00003C2C002CC000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.openweathermap.org/data/2.5/forecast/daily?	7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	false	Avira URL Cloud: safe	unknown
https://support.google.com/chrome/answer/6098869	clearbrowser.exe, 0000001C.00000002.2577310758.0000015EC3FE0000.00000002.00000001.00040000.00000020.sdmp	false	URL Reputation: safe	unknown
https://tc39.github.io/ecma262/#sec-tonumber	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://url.spec.whatwg.org/#dom-urlsearchparams-append	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://search.yahoo.com?fr=tightropetb&type=11745	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new	clearbrowser.exe, 00000012.00000000.2470045911.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000013.00000000.2473734042.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000017.00000002.2533596210.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000017.00000000.2484249021.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000018.00000000.2488829459.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000019.00000000.2493953464.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 0000001A.00000000.2497102026.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 0000001C.00000000.2501592584.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp	false	URL Reputation: safe	unknown
https://clearbar.app/rd2/?id=374553Ly9hcmNhZGV0YWIuY29t&guid=	7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	false	Avira URL Cloud: safe	unknown
https://publickeyservice.gcp.privacysandboxservices.com	clearbrowser.exe, 00000017.00000002.2498110098.0000027B3FC30000.00000002.10000000.00040000.00000000.sdmp, clearbrowser.exe, 0000001C.00000002.2543488016.0000015EC2DB0000.00000002.10000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://tc39.github.io/ecma262/#sec-promise.prototype.then	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.therealreal.com/cart	clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/zloirock/core-js/issues/640	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.youtube.com	clearbrowser.exe, 0000001C.00000002.2543488016.0000015EC2DB0000.00000002.10000000.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.shutterfly.com/cart/	clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.urbanoutfitters.com/cart	clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/tc39/proposal-array-filtering	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://photos.google.com/settings?referrer=CHROME_NTP	clearbrowser.exe, 0000001C.00000002.2577310758.0000015EC3FE0000.00000002.00000001.00040000.00000020.sdmp	false	URL Reputation: safe	unknown
https://url.spec.whatwg.org/#dom-url-search	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.saksfifthavenue.com/cart	clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.zappos.com/cart	clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.hardcodet.net/taskbar	7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	false	Avira URL Cloud: safe	unknown
https://tc39.github.io/ecma262/#sec-toprimitive	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.guitarcenter.com/cart	clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.remobjects.com/ps	Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1289586745.0000000002530000.00000004.00001000.00020000.00000000.sdmp, Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1290014289.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, Clear-TemplateSearch.b5003.SK048.ed.tmp, 00000002.00000000.1291631926.0000000000401000.00000020.00000001.01000000.00000004.sdmp	false	URL Reputation: safe	unknown
https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl	clearbrowser.exe, 0000001C.00000002.2577310758.0000015EC3FE0000.00000002.00000001.00040000.00000020.sdmp	false	URL Reputation: safe	unknown
https://tab.clearbar.app/223/edge/index.html?guid=	7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	false	Avira URL Cloud: safe	unknown
https://tc39.github.io/ecma262/#sec-array.prototype.foreach	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://tc39.github.io/ecma262/#sec-array.prototype.some	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.innosetup.com/	Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1289586745.0000000002530000.00000004.00001000.00020000.00000000.sdmp, Clear-TemplateSearch.b5003.SK048.ed.exe, 00000000.00000003.1290014289.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, Clear-TemplateSearch.b5003.SK048.ed.tmp, 00000002.00000000.1291631926.0000000000401000.00000020.00000001.01000000.00000004.sdmp	false	URL Reputation: safe	unknown
https://tc39.github.io/ecma262/#sec-string.prototype.codepointat	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.html5rocks.com/en/tutorials/canvas/hidpi/	clearbrowser.exe, 0000001A.00000003.2586334170.0000180C012FC000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2506410407.0000180C00348000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2519441434.0000180C005B0000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2513071281.0000180C00C8C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2505893270.0000180C005B0000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2513408195.0000180C00CB4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2511093714.0000180C010D4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2521348250.0000180C009A4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2590957361.0000180C0064C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2518984899.0000180C00388000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2510572267.0000180C0064C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2585883712.0000180C014AC000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2515405893.0000180C0064C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2590553519.0000180C0154C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2505086561.0000180C0064C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2505307176.0000180C0088C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2510039344.0000180C00AEC000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2505086561.0000180C0060C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2517847312.0000180C0080C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2584636838.0000180C0125C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2523515649.0000180C00C8C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crt.r2m02.amazontrust.com/r2m02.cer0	clearbrowser.exe, 00000012.00000003.2524815657.00003C2C0088C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2524953996.00003C2C00D4C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2526920362.0000711000714000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2523768493.0000711000148000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2558813825.0000711000188000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2524087774.0000711000730000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://url.spec.whatwg.org/#dom-url-tojson	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/es-shims/es5-shim/issues/150	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://chrome.google.com/webstorehttps://chromewebstore.google.com/6EAED1924DB611B6EEF2A664BD077BE7	clearbrowser.exe, 0000001C.00000002.2597861425.0000020400258000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://tc39.github.io/ecma262/#sec-promise.all	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://eev.ee/blog/2015/09/12/dark-corners-of-unicode/).	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://developer.mozilla.org/en-US/docs/Web/API/URL/revokeObjectURL	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://staging.newtab.ext.services/223/default/index.html?guid=	7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	false	Avira URL Cloud: safe	unknown
https://search.clearbar.app/crx/search.php?guid=	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://crashpad.chromium.org/	clearbrowser.exe, 00000012.00000000.2470045911.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000013.00000000.2473734042.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000017.00000002.2533596210.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000017.00000000.2484249021.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000018.00000000.2488829459.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 00000019.00000000.2493953464.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 0000001A.00000000.2497102026.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp, clearbrowser.exe, 0000001C.00000000.2501592584.00007FF7FD713000.00000002.00000001.01000000.00000015.sdmp	false	URL Reputation: safe	unknown
https://tc39.github.io/ecma262/#sec-symbol.prototype.description	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.williams-sonoma.com/shoppingcart/	clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://tc39.github.io/ecma262/#sec-createarrayiterator	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/zloirock/core-js/issues/306	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://tc39.github.io/ecma262/#sec-array.from	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://tc39.github.io/ecma262/#sec-number.isnan	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.r2m02.amazontrust.com06	clearbrowser.exe, 00000012.00000003.2524815657.00003C2C0088C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2524953996.00003C2C00D4C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2526920362.0000711000714000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2523768493.0000711000148000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2558813825.0000711000188000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2524087774.0000711000730000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://tc39.github.io/ecma262/#sec-object.defineproperty	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://chrome.google.com/webstore	clearbrowser.exe, 0000001A.00000003.2504512695.0000180C00150000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000002.2597861425.0000020400258000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://instagram.com	7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	false	Avira URL Cloud: safe	unknown
https://cloudfront.clearbar.app/profiles/common.json=https://clearbar.app/profiles/ehttps://clearbar	7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	false	Avira URL Cloud: safe	unknown
https://url.spec.whatwg.org/#dom-url-hostname	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.teacherspayteachers.com/Cart	clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ecma-international.org/ecma-262/7.0/#sec-properties-of-the-map-prototype-object)	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://clearbar.app/rd2/?id=273811Ly9hcmNhZGV0YWIuY29t&guid=	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.rootca1.amazontrust.com0:	clearbrowser.exe, 00000012.00000003.2524815657.00003C2C0088C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2524953996.00003C2C00D4C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2526920362.0000711000714000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2523768493.0000711000148000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2524087774.0000711000730000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://chrome.google.com/webstore?hl=en-GB&category=theme81https://myactivity.google.com/myactivity	clearbrowser.exe, 0000001C.00000002.2577310758.0000015EC3FE0000.00000002.00000001.00040000.00000020.sdmp	false	Avira URL Cloud: safe	unknown
https://fullscreen.spec.whatwg.org/#user-agent-level-style-sheet-defaults:	clearbrowser.exe, 0000001A.00000003.2504222722.0000180C002F0000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2503912412.0000180C002E4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2503736154.0000180C00144000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001A.00000003.2503665134.0000180C00170000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000003.2509598278.00002900002E4000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000003.2508452878.0000290000170000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000003.2510021199.00002900002F0000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.qvc.com/checkout/cart.html	clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://tc39.github.io/ecma262/#sec-symbol.keyfor	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://pdf-services.clearbar.app/api/v1/auth/handoff	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://underscorejs.org/LICENSE	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://tc39.github.io/ecma262/#sec-getsubstitution	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.rootg2.amazontrust.com/rootg2.crl0	clearbrowser.exe, 00000012.00000003.2524815657.00003C2C0088C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000012.00000003.2524953996.00003C2C00D4C000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2526920362.0000711000714000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2523768493.0000711000148000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 00000018.00000003.2524087774.0000711000730000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://o.aolcdn.com/images/dims?image_uri=https%3A%2F%2Fs.yimg.com%2Fos%2Fcreatr-uploaded-images%2F2	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl	clearbrowser.exe, 0000001C.00000002.2577310758.0000015EC3FE0000.00000002.00000001.00040000.00000020.sdmp	false	URL Reputation: safe	unknown
https://developer.mozilla.org/en-US/docs/Web/API/URL/createObjectURL	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://tc39.github.io/ecma262/#sec-function-instances-name	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://clearbar.app/rd2/?id=175902Ly9hcmNhZGV0YWIuY29t&guid=	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp, 7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	false	Avira URL Cloud: safe	unknown
https://tc39.github.io/ecma262/#sec-array.prototype.values	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://tc39.github.io/ecma262/#sec-object.values	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.samsclub.com/cart	clearbrowser.exe, 00000012.00000003.2485492957.00003C2C0060C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd	7zr.exe, 00000009.00000003.2104091144.0000000003716000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456D98000.00000002.00000001.01000000.00000014.sdmp	false	URL Reputation: safe	unknown
https://amazon.com	7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	false	URL Reputation: safe	unknown
https://earth.google.com/web	7zr.exe, 00000009.00000003.2104091144.0000000003640000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	false	Avira URL Cloud: safe	unknown
https://m.google.com/devicemanagement/data/api	clearbrowser.exe, 00000012.00000003.2484099352.00003C2C0020C000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cloudfront.clearbar.app/extensions/newtab-yahoo-20220131.xml	7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	false	Avira URL Cloud: safe	unknown
https://tc39.github.io/ecma262/#sec-array.prototype.map	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://chromewebstore.google.com/	clearbrowser.exe, 0000001C.00000002.2597861425.0000020400258000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cloudfront.clearbar.app/extensions/ycontent-mv3.xml	7zr.exe, 00000009.00000003.2104091144.00000000037ED000.00000004.00001000.00020000.00000000.sdmp, Clear.exe, 0000000D.00000000.2404125642.0000027456E6F000.00000002.00000001.01000000.00000014.sdmp	false	Avira URL Cloud: safe	unknown
https://url.spec.whatwg.org/#dom-url-password	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/mathiasbynens/String.prototype.at	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-generatorresume	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://tc39.github.io/ecma262/#sec-array.prototype.slice	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://tc39.github.io/ecma262/#sec-array.prototype.splice	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://tc39.github.io/ecma262/#sec-symbol.prototype-	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://w3.org/TR/2012/WD-url-20120524/#collect-url-parameters	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/zloirock/core-js/issues/679	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://tc39.github.io/ecma262/#sec-arrayspeciescreate	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://search.freshy.com/y-feeds/news/v1/topNews?length=-1	Clear.exe, 0000000D.00000000.2404125642.0000027456CC2000.00000002.00000001.01000000.00000014.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/zloirock/core-js/issues/677	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://mathiasbynens.be/notes/javascript-unicode).	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://clearbar.app/rd2/?id=195104Ly9hcmNhZGV0YWIuY29t&guid=	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://publickeyservice.pa.gcp.privacysandboxservices.com	clearbrowser.exe, 00000017.00000002.2498110098.0000027B3FC30000.00000002.10000000.00040000.00000000.sdmp, clearbrowser.exe, 0000001C.00000002.2543488016.0000015EC2DB0000.00000002.10000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cloudfront.clearbar.app/extensions/staging/zoomtool-v1056.xml	clearbrowser.exe, 0000001A.00000003.2504512695.0000180C00150000.00000004.00001000.00020000.00000000.sdmp, clearbrowser.exe, 0000001C.00000002.2610203411.000029000004C000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/zloirock/core-js/issues/674	7zr.exe, 00000009.00000003.2083605173.0000000003140000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
142.250.186.170	unknown	United States	15169	GOOGLEUS	false
18.239.69.89	unknown	United States	16509	AMAZON-02US	false
18.239.69.107	unknown	United States	16509	AMAZON-02US	false
142.251.40.234	unknown	United States	15169	GOOGLEUS	false
18.164.96.2	unknown	United States	3	MIT-GATEWAYSUS	false
142.250.185.238	unknown	United States	15169	GOOGLEUS	false
74.125.206.84	unknown	United States	15169	GOOGLEUS	false
172.67.70.239	unknown	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
34.205.103.86	unknown	United States	14618	AMAZON-AESUS	false
142.250.186.142	unknown	United States	15169	GOOGLEUS	false
18.245.86.18	unknown	United States	16509	AMAZON-02US	false
172.64.41.3	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.7

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1445864
Start date and time:	2024-05-22 17:38:21 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 13m 15s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	42
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Clear-TemplateSearch.b5003.SK048.ed.exe
Detection:	SUS
Classification:	sus30.spyw.evad.winEXE@69/1595@0/15
EGA Information:	Successful, ratio: 14.3%
HCA Information:	Successful, ratio: 62% Number of executed functions: 97 Number of non-executed functions: 135
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Execution Graph export aborted for target clearbrowser.exe, PID 4708 because there are no executed function
Execution Graph export aborted for target clearbrowser.exe, PID 7652 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Skipping network analysis since amount of network traffic is too extensive
VT rate limit hit for: Clear-TemplateSearch.b5003.SK048.ed.exe

Simulations

Behavior and APIs

Time	Type	Description
19:34:54	Task Scheduler	Run new task: ClearStartAtLoginTask path: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe
19:34:54	Task Scheduler	Run new task: ClearUpdateChecker path: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe s>update
19:34:54	Task Scheduler	Run new task: ClearWeatherCheck path: C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe s>weather

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1.1.1.1	PO-230821_pdf.exe	Get hash	malicious	FormBook, NSISDropper	Browse	www.974dp.com/sn26/?kJBLpb8=qaEGeuQorcUQurUZCuE8d9pas+Z0M0brqtX248JBolEfq8j8F1R9i1jKZexhxY54UlRG&ML0tl=NZlpi
	AFfv8HpACF.exe	Get hash	malicious	Unknown	Browse	1.1.1.1/
	INVOICE_90990_PDF.exe	Get hash	malicious	FormBook	Browse	www.quranvisor.com/usvr/?mN9d3vF=HHrW7cA9N4YJlebHFvlsdlDciSnnaQItEG8Ccfxp291VjnjcuwoPACt7EOqEq4SWjIf8&Pjf81=-Zdd-V5hqhM4p2S
	Go.exe	Get hash	malicious	Unknown	Browse	1.1.1.1/
239.255.255.250	https://url10.mailanyone.net/scanner?m=1s944h-0002To-5d&d=4%7Cmail%2F90%2F1716215400%2F1s944h-0002To-5d%7Cin10e%7C57e1b682%7C12862802%7C10019077%7C664B5F2B87AB20AB3656F0529EAA66DD&o=%2Fphtn%3A%2Fits-ftefceoraoefi.ognclmoc&s=TEjbZJDtuXxOW0FjTVUpySy9uwY	Get hash	malicious	Unknown	Browse
	https://idujew.sbs/NOT5u64664/index.php?lpkey=174916883959189c66&trkd=edygik.org&lpkey1=55d651zqqmy1nvr4a6&language=en-GB&scanid=55d651zqqmy1nvr4a6&ip=84.43.87.132&t1=36&t2=ALL&t3=pn&t4=796&t5=1805&dm=1&pbid=3417&uid=8xOEX_FfuSdS9gxXBMKnAtAB9taRkK&uclick=1zqqmy1nvr&uclickhash=1zqqmy1nvr-1zqqmy1nvr-b4-x9-8r8n-2tmyi4-2t1n3y-a154fa	Get hash	malicious	Unknown	Browse
	https://xerox-ndzda15184.strudse.com/edtpx73416/#bGNvbnJhZEBoaW5ja2xleWFsbGVuLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse
	http://www.cpcheckme.com	Get hash	malicious	Unknown	Browse
	https://worker-yellow-recipe-87f5.krevidajrezart.workers.dev/	Get hash	malicious	HTMLPhisher	Browse
	https://forfbidrecrossboot.pages.dev/503.js	Get hash	malicious	Unknown	Browse
	https://url12.mailanyone.net/scanner?m=1s9N28-0000qa-3G&d=4%7Cmail%2F90%2F1716288000%2F1s9N28-0000qa-3G%7Cin12d%7C57e1b682%7C11949542%7C14589158%7C664C7BD820EF00EA9CDA64C5861AF4A9&o=%2Fphta%3A%2Fvtslekssiaipcr.te%2Ftoenscino-x-pk%2F6tRunvbhyfphp.x&s=qPX4ToIpiLV6GTYf9V69nGT5pss	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	http://sonarr.vertras.xyz	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	http://ct.ke/STUDENTS-FREE-LAPT0PS	Get hash	malicious	Unknown	Browse
18.239.69.89	https://www.myprepaidcenter.com	Get hash	malicious	Unknown	Browse
18.164.96.2	Clear-EasyPrint.b7002.ntclear.top.SK008.ch.exe	Get hash	malicious	Unknown	Browse
172.64.41.3	ZXQ3AcEN5Q.exe	Get hash	malicious	Unknown	Browse
	0af4a52e.0cce76886785b0ff1283f346.workers.devemailantonio.cataneo@axactor.com.msg	Get hash	malicious	HTMLPhisher	Browse
	file.exe	Get hash	malicious	FormBook	Browse
	LametaSetup.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	FormBook	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	SmartConvertPDF_48187981.msi	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-02US	https://xerox-ndzda15184.strudse.com/edtpx73416/#bGNvbnJhZEBoaW5ja2xleWFsbGVuLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	13.32.145.9
	f_0002b5.exe	Get hash	malicious	Unknown	Browse	18.245.86.79
	http://www.cpcheckme.com	Get hash	malicious	Unknown	Browse	52.49.232.14
	2T6MGxlKZT.exe	Get hash	malicious	SmokeLoader	Browse	54.255.136.181
	EST- 250424-0370pdf.exe	Get hash	malicious	FormBook	Browse	3.64.163.50
	f_0002b5.exe	Get hash	malicious	Unknown	Browse	13.225.10.37
	https://mev-web.ca/?f=QeYBR2wfYK3JYIrbEQZr1C%2bgf3gU%2fmUvL9ovUEhJVZnxPIANQz6rboUW4U4PnItNOSuc98KvirQj3pwhsBFRc8hSk5YuKckp9PXbo9m%2baI9y9BiUYstagDwEu3371ebTwoTckHFX6OqMDkbqHH4mz6uY9e9M%2f9uY9zyYLM%2f9CmDvFT2uK2iCdJwzdbXIyiq2%2b9ClzMjyENFwui3qHuWODETmn%2b6yk0qQuV9sQ%2fGi6URseZjJRDXWcmWLNhvjc38WMu6H6e6u2IwMZcnl78FMfEZPvqt9omZdBVKeliCJX88SZ7m5zXYeBaIXu8XXIgDTSHNQrcMQ6iWL3ktNU9KNVy2%2fbL15XB8sLGGe1uVAbQ9hwGnOnoH4sBJOe3%2fpYYneZARrLcwphZSIduyqT3At%2f6Bzn57i7UC9z7ZDalFnOM1dZy5wNqsV62py1LJecHSNYxeFwHwj8D54XILdKl0BfW7sHpba1eyZjI%2bO8%2bGRE69nPLRa%2ffTy6B9wpFibF3RT	Get hash	malicious	Unknown	Browse	13.224.189.54
	https://cs-server-s2s.yellowblue.io/sync-iframe	Get hash	malicious	Unknown	Browse	54.195.106.144
	https://www.google.com.bh/url?hl=en&q=https://www.google.com.bh/url?hl%3Den%26q%3Dhttp://www.google.com/amp/www.google.com/amp/www.google.com/amp/%252574%252569%25256E%252579%252575%252572%25256C%25252E%252563%25256F%25256D%25252F%25256D%252576%252574%252575%252575%252566%252537%252533%26source%3Dgmail%26ust%3D1716286979743000%26usg%3DAOvVaw0kIG15Hao_4RLWdhQSbrTj&source=gmail&ust=1716287016979000&usg=AOvVaw2OvZXU7t2_QCy0TjxskKGn	Get hash	malicious	Unknown	Browse	18.245.253.27
	https://rstgmbh-rstsrl.start.page	Get hash	malicious	HTMLPhisher	Browse	52.217.97.172
CLOUDFLARENETUS	https://idujew.sbs/NOT5u64664/index.php?lpkey=174916883959189c66&trkd=edygik.org&lpkey1=55d651zqqmy1nvr4a6&language=en-GB&scanid=55d651zqqmy1nvr4a6&ip=84.43.87.132&t1=36&t2=ALL&t3=pn&t4=796&t5=1805&dm=1&pbid=3417&uid=8xOEX_FfuSdS9gxXBMKnAtAB9taRkK&uclick=1zqqmy1nvr&uclickhash=1zqqmy1nvr-1zqqmy1nvr-b4-x9-8r8n-2tmyi4-2t1n3y-a154fa	Get hash	malicious	Unknown	Browse	188.114.96.3
	https://xerox-ndzda15184.strudse.com/edtpx73416/#bGNvbnJhZEBoaW5ja2xleWFsbGVuLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	http://www.cpcheckme.com	Get hash	malicious	Unknown	Browse	104.17.25.14
	ZXQ3AcEN5Q.exe	Get hash	malicious	Unknown	Browse	172.64.41.3
	https://worker-yellow-recipe-87f5.krevidajrezart.workers.dev/	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://forfbidrecrossboot.pages.dev/503.js	Get hash	malicious	Unknown	Browse	188.114.96.3
	ZXQ3AcEN5Q.exe	Get hash	malicious	Unknown	Browse	104.21.45.251
	https://url12.mailanyone.net/scanner?m=1s9N28-0000qa-3G&d=4%7Cmail%2F90%2F1716288000%2F1s9N28-0000qa-3G%7Cin12d%7C57e1b682%7C11949542%7C14589158%7C664C7BD820EF00EA9CDA64C5861AF4A9&o=%2Fphta%3A%2Fvtslekssiaipcr.te%2Ftoenscino-x-pk%2F6tRunvbhyfphp.x&s=qPX4ToIpiLV6GTYf9V69nGT5pss	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.17.2.184
	2T6MGxlKZT.exe	Get hash	malicious	SmokeLoader	Browse	104.21.76.57
	SOA_41457.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
MIT-GATEWAYSUS	http://www.cpcheckme.com	Get hash	malicious	Unknown	Browse	18.66.147.95
	2T6MGxlKZT.exe	Get hash	malicious	SmokeLoader	Browse	18.66.102.80
	https://www.google.com.bh/url?hl=en&q=https://www.google.com.bh/url?hl%3Den%26q%3Dhttp://www.google.com/amp/www.google.com/amp/www.google.com/amp/%252574%252569%25256E%252579%252575%252572%25256C%25252E%252563%25256F%25256D%25252F%25256D%252576%252574%252575%252575%252566%252537%252533%26source%3Dgmail%26ust%3D1716286979743000%26usg%3DAOvVaw0kIG15Hao_4RLWdhQSbrTj&source=gmail&ust=1716287016979000&usg=AOvVaw2OvZXU7t2_QCy0TjxskKGn	Get hash	malicious	Unknown	Browse	18.172.112.40
	https://internal--alert-teamapp-site.ipns.dweb.link/#YW1hbmRhLm1vcnJpc29uQG9uZWFtZXJpY2EuY29t	Get hash	malicious	HTMLPhisher	Browse	18.66.122.44
	https://www.bing.com/ck/a?!&&p=8ea437cdae831bffJmltdHM9MTcxNTQ3MjAwMCZpZ3VpZD0wZTZlYTYzMC1mOTliLTY4ZWUtMmFlZS1iNWJmZjhiYzY5NDUmaW5zaWQ9NTIwNw&ptn=3&ver=2&hsh=3&fclid=0e6ea630-f99b-68ee-2aee-b5bff8bc6945&psq=yamamotokota.com&u=a1aHR0cHM6Ly95YW1hbW90b2tvdGEuY29tL0hPTUU#ZHVuY2FuLnJlYWRAam9obmxld2lzLmNvLnVr	Get hash	malicious	Unknown	Browse	18.116.9.206
	https://www.bing.com/ck/a?!&&p=8ea437cdae831bffJmltdHM9MTcxNTQ3MjAwMCZpZ3VpZD0wZTZlYTYzMC1mOTliLTY4ZWUtMmFlZS1iNWJmZjhiYzY5NDUmaW5zaWQ9NTIwNw&ptn=3&ver=2&hsh=3&fclid=0e6ea630-f99b-68ee-2aee-b5bff8bc6945&psq=yamamotokota.com&u=a1aHR0cHM6Ly95YW1hbW90b2tvdGEuY29tL0hPTUU#ZHVuY2FuLnJlYWRAam9obmxld2lzLmNvLnVr	Get hash	malicious	Unknown	Browse	18.116.9.206
	qwmLv2FcgD.elf	Get hash	malicious	Unknown	Browse	18.165.26.216
	http://sallywilliamson.com/	Get hash	malicious	Unknown	Browse	18.173.205.56
	http://bt-103301.weeblysite.com/	Get hash	malicious	Unknown	Browse	18.172.103.101
	http://phantym-wallett.weebly.com/	Get hash	malicious	Unknown	Browse	18.172.103.101
AMAZON-02US	https://xerox-ndzda15184.strudse.com/edtpx73416/#bGNvbnJhZEBoaW5ja2xleWFsbGVuLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	13.32.145.9
	f_0002b5.exe	Get hash	malicious	Unknown	Browse	18.245.86.79
	http://www.cpcheckme.com	Get hash	malicious	Unknown	Browse	52.49.232.14
	2T6MGxlKZT.exe	Get hash	malicious	SmokeLoader	Browse	54.255.136.181
	EST- 250424-0370pdf.exe	Get hash	malicious	FormBook	Browse	3.64.163.50
	f_0002b5.exe	Get hash	malicious	Unknown	Browse	13.225.10.37
	https://mev-web.ca/?f=QeYBR2wfYK3JYIrbEQZr1C%2bgf3gU%2fmUvL9ovUEhJVZnxPIANQz6rboUW4U4PnItNOSuc98KvirQj3pwhsBFRc8hSk5YuKckp9PXbo9m%2baI9y9BiUYstagDwEu3371ebTwoTckHFX6OqMDkbqHH4mz6uY9e9M%2f9uY9zyYLM%2f9CmDvFT2uK2iCdJwzdbXIyiq2%2b9ClzMjyENFwui3qHuWODETmn%2b6yk0qQuV9sQ%2fGi6URseZjJRDXWcmWLNhvjc38WMu6H6e6u2IwMZcnl78FMfEZPvqt9omZdBVKeliCJX88SZ7m5zXYeBaIXu8XXIgDTSHNQrcMQ6iWL3ktNU9KNVy2%2fbL15XB8sLGGe1uVAbQ9hwGnOnoH4sBJOe3%2fpYYneZARrLcwphZSIduyqT3At%2f6Bzn57i7UC9z7ZDalFnOM1dZy5wNqsV62py1LJecHSNYxeFwHwj8D54XILdKl0BfW7sHpba1eyZjI%2bO8%2bGRE69nPLRa%2ffTy6B9wpFibF3RT	Get hash	malicious	Unknown	Browse	13.224.189.54
	https://cs-server-s2s.yellowblue.io/sync-iframe	Get hash	malicious	Unknown	Browse	54.195.106.144
	https://www.google.com.bh/url?hl=en&q=https://www.google.com.bh/url?hl%3Den%26q%3Dhttp://www.google.com/amp/www.google.com/amp/www.google.com/amp/%252574%252569%25256E%252579%252575%252572%25256C%25252E%252563%25256F%25256D%25252F%25256D%252576%252574%252575%252575%252566%252537%252533%26source%3Dgmail%26ust%3D1716286979743000%26usg%3DAOvVaw0kIG15Hao_4RLWdhQSbrTj&source=gmail&ust=1716287016979000&usg=AOvVaw2OvZXU7t2_QCy0TjxskKGn	Get hash	malicious	Unknown	Browse	18.245.253.27
	https://rstgmbh-rstsrl.start.page	Get hash	malicious	HTMLPhisher	Browse	52.217.97.172

Process:	C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp
File Type:	7-zip archive data, version 0.4
Category:	dropped
Size (bytes):	87996149
Entropy (8bit):	7.999994042425019
Encrypted:	true
SSDEEP:	1572864:Cw+4FrwcXqGNfh5Tf7nzbh8LGu0fcnU1wwp42GpcdOJ8:qS7Xpf5r7nztmI/xccd5
MD5:	0B6FA19DB0B90FD9222867D893CA216B
SHA1:	F58F5E07126CD2B51170E537E0544D85C0D0E057
SHA-256:	E125ED3D1E0B34FFB9D4442092D614F26FB6CDBCC4194AA514285547F43CECAC
SHA-512:	F854FA5CB02358F9D9475582E8DA76B6BF20270B0C864C512196F65818E67019355111B4639A60A27D73E61E7180AC43F0319199DDA1B626D2D8D3E0F3C8470C
Malicious:	false
Preview:	7z..'....E._..>.....%.........'...L..]...Jxe7.E..o..wq..j..n8....r.....'iu2..S.....Q.:.o...cuq...)g.....NNu.S.C.m.y.w.;.p...K......M.#.~......f....[.~q...t.....s...O.....+`....$.-.u.....P..N [.x.............m]..[i..J6.&..W.....#`...}....^.W.q....J.h.4.W<...L.AX..h.......=.....hc..Q.Q{..4..!..{.,.Ga.E&'.....`.mG:...NX.v.V...6$..........)T...... '.We..D.H.=j...n.......8.H..W1.......%..H.-Y@(5..$7...Ooo...jC.2..OAo .{...........d.....AF..m...P....].%-....".d...S.9..P:.... ...\.1......c....,...[{...Ly...K.).e..W..h...a...`.....5........Q.nr.p......Tp../m.P=....W..GQ....;K..}...U.U....p.{.......>m.`..J.1$...&.k.U...C....I..2......4.j...2..l.d.u.....ASk...[.9..$.:..P..3.N.s.l..u.>k...%=...f...n..XLi.y36..._x..2....1.5.....DG...........EB+sS..W@..80.o......'Bn...{.W..t)\..j....S..A....\|?..o{.9LX..V?...I..=...Zvx.c..LE.1Lg...;......U.~...>..p.E.QJ.-.^..H.oc0...{p.~Rb..._.7.3pl....7,-.=....YIs.?.... ..y..9a...qq...h.7.G.Ue......+.%..G..he...+.Y..

Process:	C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	228
Entropy (8bit):	4.890604933532555
Encrypted:	false
SSDEEP:
MD5:	D82A50C6750AF1EA0480E648E9B7EC97
SHA1:	64B84CDBABA77625C95C29249F872BF72BCE8081
SHA-256:	343EEDBE46C18B0ECCD53B5760368A599BE3BAC084FCE25CD693947B3BD08901
SHA-512:	6520CCE1B30D1C8FF151AF20BB3AA3CDB104D0F3CA16D9736FE6642051694D88258CC3F9607710AC386B93EFF4FDA8533E0C41A335932613C98D78B14E9667A7
Malicious:	false
Preview:	<assembly.. xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>.. <assemblyIdentity.. name='120.0.6099.199'.. version='120.0.6099.199'.. type='win32'/>.. <file name='chrome_elf.dll'/>..</assembly>..

Process:	C:\Users\user\Desktop\Clear-TemplateSearch.b5003.SK048.ed.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	3149872
Entropy (8bit):	6.376122605923394
Encrypted:	false
SSDEEP:
MD5:	C76E26901E5B975415817DC6691B10FC
SHA1:	D11283E30BFACABF622259C169E0DD7424AA882D
SHA-256:	9801DE2908996B63652A917F25CD28DBD3FF3E0A5DD1E872320C2E1B724CCE03
SHA-512:	6FC7F516F3D0BECFD2C8F564DAE4C9A6E09A5DC6ABABB1CD6AD0F1E6EFF3A50184BA55C3B91110FC0A621E1C781BF814177A3799A806031121884DCB8F95A9EB
Malicious:	true
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...oGXb.................B,.........`V,......`,...@...........................0.....qf0...@......@....................-.......-..9..................../.0(....................................-.......................-.......-......................text.....,.......,................. ..`.itext...(...0,..*....,............. ..`.data........`,......F,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-...... -.............@..@.rsrc................"-.............@..@..............1.......0.............@..@........................................................

Entrypoint:	0x4b5eec
Entrypoint Section:	.itext
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x6258476F [Thu Apr 14 16:10:23 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	1
File Version Major:	6
File Version Minor:	1
Subsystem Version Major:	6
Subsystem Version Minor:	1
Import Hash:	e569e6f445d32ba23766ad67d1e3787f

Signature Valid:	true
Signature Issuer:	CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	13/03/2023 01:00:00 12/03/2024 00:59:59
Subject Chain	CN=ClearBar, O=ClearBar, L=San Francisco, S=California, C=US
Version:	3
Thumbprint MD5:	D9FBB2137D4612C43D68C273CDD76CAF
Thumbprint SHA-1:	17E6B9535839369889BB9AD0DF5A712973A264AB
Thumbprint SHA-256:	CCBD5B591F030A5FEA23D14EE80D0E1799166A7B7BB88C7F9EB44CF3666AE150
Serial:	0466911FFC9007D015A789311AC5F87F

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0xc4000	0x9a	.edata
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc2000	0xfdc	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xc7000	0xa9a0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x4ad7c0	0x2830
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xc6000	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xc22f4	0x254	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0xc3000	0x1a4	.didata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xb39e4	0xb3a00	43af0a9476ca224d8e8461f1e22c94da	False	0.34525867693110646	data	6.357635049994181	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.itext	0xb5000	0x1688	0x1800	185e04b9a1f554e31f7f848515dc890c	False	0.54443359375	data	5.971425428435973	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0xb7000	0x37a4	0x3800	cab2107c933b696aa5cf0cc6c3fd3980	False	0.36097935267857145	data	5.048648594372454	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.bss	0xbb000	0x6de8	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0xc2000	0xfdc	0x1000	e7d1635e2624b124cfdce6c360ac21cd	False	0.3798828125	data	5.029087481102678	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.didata	0xc3000	0x1a4	0x200	8ced971d8a7705c98b173e255d8c9aa7	False	0.345703125	data	2.7509822285969876	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.edata	0xc4000	0x9a	0x200	8d4e1e508031afe235bf121c80fd7d5f	False	0.2578125	data	1.877162954504408	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.tls	0xc5000	0x18	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0xc6000	0x5d	0x200	8f2f090acd9622c88a6a852e72f94e96	False	0.189453125	data	1.3838943752217987	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0xc7000	0xa9a0	0xaa00	0bed2352d52ebe7b3395d0d2b76f70e6	False	0.5391314338235295	data	5.9377044118959175	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xc74f8	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	English	United States	0.6781914893617021
RT_ICON	0xc7960	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304	English	United States	0.5254098360655738
RT_ICON	0xc82e8	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	English	United States	0.42706378986866794
RT_ICON	0xc9390	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	English	United States	0.2923236514522822
RT_ICON	0xcb938	0x30c8	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.9805413196668802
RT_STRING	0xcea00	0x360	data			0.34375
RT_STRING	0xced60	0x260	data			0.3256578947368421
RT_STRING	0xcefc0	0x45c	data			0.4068100358422939
RT_STRING	0xcf41c	0x40c	data			0.3754826254826255
RT_STRING	0xcf828	0x2d4	data			0.39226519337016574
RT_STRING	0xcfafc	0xb8	data			0.6467391304347826
RT_STRING	0xcfbb4	0x9c	data			0.6410256410256411
RT_STRING	0xcfc50	0x374	data			0.4230769230769231
RT_STRING	0xcffc4	0x398	data			0.3358695652173913
RT_STRING	0xd035c	0x368	data			0.3795871559633027
RT_STRING	0xd06c4	0x2a4	data			0.4275147928994083
RT_RCDATA	0xd0968	0x10	data			1.5
RT_RCDATA	0xd0978	0x2c4	data			0.6384180790960452
RT_RCDATA	0xd0c3c	0x2c	data			1.2045454545454546
RT_GROUP_ICON	0xd0c68	0x4c	data	English	United States	0.8157894736842105
RT_VERSION	0xd0cb4	0x584	data	English	United States	0.2839943342776204
RT_MANIFEST	0xd1238	0x765	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.39091389329107235

DLL	Import
kernel32.dll	GetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetSystemWindowsDirectoryW, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
comctl32.dll	InitCommonControls
version.dll	GetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
user32.dll	CreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
oleaut32.dll	SysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
netapi32.dll	NetWkstaGetInfo, NetApiBufferFree
advapi32.dll	ConvertStringSecurityDescriptorToSecurityDescriptorW, RegQueryValueExW, AdjustTokenPrivileges, GetTokenInformation, ConvertSidToStringSidW, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

Name	Ordinal	Address
TMethodImplementationIntercept	3	0x4541a8
__dbk_fcall_wrapper	2	0x40d0a0
dbkFCallWrapperAddr	1	0x4be63c

Target ID:	0
Start time:	11:39:21
Start date:	22/05/2024
Path:	C:\Users\user\Desktop\Clear-TemplateSearch.b5003.SK048.ed.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Clear-TemplateSearch.b5003.SK048.ed.exe"
Imagebase:	0x400000
File size:	4'915'184 bytes
MD5 hash:	2DFF543405ED6F5FA29BA7CD047C22F7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	11:39:22
Start date:	22/05/2024
Path:	C:\Users\user\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\is-P0J9K.tmp\Clear-TemplateSearch.b5003.SK048.ed.tmp" /SL5="$203E0,4024297,806400,C:\Users\user\Desktop\Clear-TemplateSearch.b5003.SK048.ed.exe"
Imagebase:	0x400000
File size:	3'149'872 bytes
MD5 hash:	C76E26901E5B975415817DC6691B10FC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	false

Target ID:	9
Start time:	13:34:13
Start date:	22/05/2024
Path:	C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe" x "C:\Users\user~1\AppData\Local\Temp\is-ND9CL.tmp\clear.7z" -o"C:\Users\user~1\AppData\Local\Temp\is-ND9CL.tmp\Net\app\" -y
Imagebase:	0x810000
File size:	523'776 bytes
MD5 hash:	8693D7EA0B258EDF72C6EF7CFF1E46FB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Target ID:	11
Start time:	13:34:17
Start date:	22/05/2024
Path:	C:\Users\user\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\is-ND9CL.tmp\7zr.exe" x "C:\Users\user~1\AppData\Local\Temp\is-ND9CL.tmp\chromium.7z" -o"C:\Users\user~1\AppData\Local\Temp\is-ND9CL.tmp\Net\Chromium" -y
Imagebase:	0x810000
File size:	523'776 bytes
MD5 hash:	8693D7EA0B258EDF72C6EF7CFF1E46FB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Target ID:	13
Start time:	13:34:47
Start date:	22/05/2024
Path:	C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Clear.exe" postinstall "C:\Users\user\Desktop\Clear-TemplateSearch.b5003.SK048.ed.exe" "1.1.3.0" "C:\Users\user~1\AppData\Local\Temp\is-ND9CL.tmp\Profiles" "AutoStart_=true" "BuildVariant[]="
Imagebase:	0x27456cc0000
File size:	5'407'792 bytes
MD5 hash:	26AE5F1918D76D1221ED90C7183BDC84
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	18
Start time:	13:34:53
Start date:	22/05/2024
Path:	C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe"
Imagebase:	0x7ff7fd580000
File size:	2'166'320 bytes
MD5 hash:	973083D0D50F0C6369162207CA811C69
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	19
Start time:	13:34:54
Start date:	22/05/2024
Path:	C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\ClearBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\ClearBrowser\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=ClearBrowser --annotation=ver=120.0.6099.199 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb0321e440,0x7ffb0321e44c,0x7ffb0321e458
Imagebase:	0x7ff7fd580000
File size:	2'166'320 bytes
MD5 hash:	973083D0D50F0C6369162207CA811C69
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	23
Start time:	13:34:55
Start date:	22/05/2024
Path:	C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=gpu-process --no-pre-read-main-dll --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2012 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:2
Imagebase:	0x7ff7fd580000
File size:	2'166'320 bytes
MD5 hash:	973083D0D50F0C6369162207CA811C69
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	25
Start time:	13:34:56
Start date:	22/05/2024
Path:	C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-pre-read-main-dll --mojo-platform-channel-handle=3324 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:8
Imagebase:	0x7ff7fd580000
File size:	2'166'320 bytes
MD5 hash:	973083D0D50F0C6369162207CA811C69
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	29
Start time:	13:34:57
Start date:	22/05/2024
Path:	C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=renderer --extension-process --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1716392232912672 --launch-time-ticks=7064386856 --mojo-platform-channel-handle=3892 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:1
Imagebase:	0x7ff7fd580000
File size:	2'166'320 bytes
MD5 hash:	973083D0D50F0C6369162207CA811C69
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	31
Start time:	13:34:58
Start date:	22/05/2024
Path:	C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=renderer --extension-process --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --time-ticks-at-unix-epoch=-1716392232912672 --launch-time-ticks=7065811433 --mojo-platform-channel-handle=4260 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:1
Imagebase:	0x7ff7fd580000
File size:	2'166'320 bytes
MD5 hash:	973083D0D50F0C6369162207CA811C69
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Clear-TemplateSearch.b5003.SK048.ed.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user~1\AppData\Local\Temp\is-ND9CL.tmp\chromium.7z (copy)

C:\Users\user~1\AppData\Local\Temp\is-ND9CL.tmp\clear.7z (copy)

C:\Users\user\AppData\Local\ClearBrowser\User Data\007b0d76-28a3-436d-b3ab-b5452dfa769d.tmp

C:\Users\user\AppData\Local\ClearBrowser\User Data\7a286aef-89f8-44d8-89d0-a4cf9233363d.tmp

C:\Users\user\AppData\Local\ClearBrowser\User Data\BrowserMetrics\BrowserMetrics-664E2CBE-1D64.pma

C:\Users\user\AppData\Local\ClearBrowser\User Data\Crashpad\settings.dat

C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\03a0ca70-78f0-41d9-9d1b-a5cb6e1cf5c2.tmp

C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\0f778b33-a4f4-4a85-acf8-e3163d1618ac.tmp

C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\4fe1725e-8251-473e-8e53-28c413df9cb6.tmp

C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\5f20f944-c4c6-40c1-8f7a-f50e224c4ec0.tmp

C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\71ccdf6c-cf14-42f4-98c9-965d60e94242.tmp

C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\8d7f9856-6a31-4796-9001-d863b079b6f3.tmp

C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\92621740-9ce4-414c-8639-9458514c3a01.tmp

C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\99eb271e-e102-47bf-b51f-611a86084830.tmp

C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\Affiliation Database

C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\Bookmarks (copy)

C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\BrowsingTopicsSiteData

C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\BrowsingTopicsState (copy)

C:\Users\user\AppData\Local\ClearBrowser\User Data\Default\Cache\Cache_Data\data_0

Windows Analysis Report
Clear-TemplateSearch.b5003.SK048.ed.exe

Target ID:	32
Start time:	13:34:59
Start date:	22/05/2024
Path:	C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=renderer --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --time-ticks-at-unix-epoch=-1716392232912672 --launch-time-ticks=7066277542 --mojo-platform-channel-handle=4464 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:1
Imagebase:	0x7ff7fd580000
File size:	2'166'320 bytes
MD5 hash:	973083D0D50F0C6369162207CA811C69
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	34
Start time:	13:35:01
Start date:	22/05/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff70ffd0000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	35
Start time:	13:35:08
Start date:	22/05/2024
Path:	C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --no-pre-read-main-dll --mojo-platform-channel-handle=4052 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:8
Imagebase:	0x7ff7fd580000
File size:	2'166'320 bytes
MD5 hash:	973083D0D50F0C6369162207CA811C69
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Target ID:	40
Start time:	13:35:09
Start date:	22/05/2024
Path:	C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=gpu-process --no-pre-read-main-dll --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3224 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:2
Imagebase:	0x7ff7fd580000
File size:	2'166'320 bytes
MD5 hash:	973083D0D50F0C6369162207CA811C69
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Target ID:	42
Start time:	13:35:11
Start date:	22/05/2024
Path:	C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\Chromium\clearbrowser.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Programs\Clear\1.1.3.0\chromium\clearbrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-GB --service-sandbox-type=none --no-pre-read-main-dll --mojo-platform-channel-handle=4208 --field-trial-handle=2024,i,1010881945953717101,10568412325989976514,262144 --variations-seed-version /prefetch:8
Imagebase:	0x7ff7fd580000
File size:	2'166'320 bytes
MD5 hash:	973083D0D50F0C6369162207CA811C69
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Execution Coverage:	6.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	1.8%
Total number of Nodes:	2000
Total number of Limit Nodes:	49

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre