Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://www.ccleaner.com/

Overview

General Information

Sample URL:https://www.ccleaner.com/
Analysis ID:1540680
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Query firmware table information (likely to detect VMs)
Tries to harvest and steal browser information (history, passwords, etc)
Checks if the current process is being debugged
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Creates or modifies windows services
Detected non-DNS traffic on DNS port
Drops PE files
Enables debug privileges
Found dropped PE file which has not been started or loaded
HTML page contains hidden javascript code
May sleep (evasive loops) to hinder dynamic analysis
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6872 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7060 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 --field-trial-handle=1948,i,6047240925551655931,70632006708312475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5996 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6436 --field-trial-handle=1948,i,6047240925551655931,70632006708312475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 2604 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4380 --field-trial-handle=1948,i,6047240925551655931,70632006708312475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • ccsetup629.exe (PID: 7424 cmdline: "C:\Users\user\Downloads\ccsetup629.exe" MD5: 38DB6304080B4F884A54DCDE94B02E63)
      • CCleaner64.exe (PID: 4872 cmdline: "C:\Program Files\CCleaner\CCleaner64.exe" /createSkipUAC MD5: 16887EE1FDF940AED11E2E1F9932FD8B)
      • CCUpdate.exe (PID: 1428 cmdline: "C:\Program Files\CCleaner\CCUpdate.exe" /reg MD5: 943A4F169E9A3303ED6DEFC1AC3690BD)
  • chrome.exe (PID: 6740 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.ccleaner.com/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • rundll32.exe (PID: 4016 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: https://www.ccleaner.com/ccleaner/download/standardHTTP Parser: Base64 decoded: <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="348.333px" height="348.333px" viewBox="0 0 348.333 348.334" style="enable-background:new 0 0 348.333 348.334;" xml:space="preserve"><g>...
Source: https://www.ccleaner.com/HTTP Parser: Iframe src: https://widget.trustpilot.com/trustboxes/5419b732fbfb950b10de65e5/index.html?templateId=5419b732fbfb950b10de65e5&businessunitId=4886212f0000640005030438#locale=en-us&styleHeight=24px&theme=light&styleAlignment=left&v-625cddc2=&vBcd74398=
Source: https://www.ccleaner.com/HTTP Parser: Iframe src: https://symantec.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fwww.ccleaner.com
Source: https://www.ccleaner.com/HTTP Parser: Iframe src: https://td.doubleclick.net/td/ga/rul?tid=G-YG64G9XX0R&gacid=70648926.1729724012&gtm=45je4al0v872524127za200zb9132702579&dma=0&gcs=G111&gcd=13t3t3t3t5l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101686685~101794737~101823847&z=516382242
Source: https://www.ccleaner.com/HTTP Parser: No favicon
Source: https://www.ccleaner.com/HTTP Parser: No favicon
Source: https://www.ccleaner.com/HTTP Parser: No favicon
Source: https://www.ccleaner.com/ccleaner/download/standardHTTP Parser: No favicon
Source: https://www.ccleaner.com/HTTP Parser: No <meta name="author".. found
Source: https://www.ccleaner.com/HTTP Parser: No <meta name="copyright".. found
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\CCleaner.exe
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\CCleaner64.exe
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\CCUpdate.exe
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1025.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1026.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1027.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1028.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1029.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1030.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1031.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1032.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1034.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1035.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1036.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1037.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1038.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1040.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1041.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1042.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1043.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1044.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1045.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1046.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1048.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1049.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1050.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1051.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1052.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1053.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1054.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1055.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1056.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1057.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1058.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1059.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1060.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1061.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1062.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1063.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1065.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1066.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1067.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1068.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1079.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1071.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1081.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1086.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1087.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1090.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1092.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1093.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1102.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1104.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1109.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1110.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1155.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-2052.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-2070.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-2074.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-3098.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-5146.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-9999.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\CCleanerDU.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\CCleanerPerformanceOptimizer.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\CCleanerReactivator.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\libwaapi.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\libwaheap.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\libwalocal.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\libwaresource.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\libwautils.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\libwavmodapi.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\CCleanerBugReport.exe
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\CCleanerCrashDump.exe
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\CCleanerReactivator.exe
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\uninst.exe
Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOG
Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Setup\config.def
Source: C:\Program Files\CCleaner\CCUpdate.exeDirectory created: C:\Program Files\CCleaner\Setup\
Source: C:\Users\user\Downloads\ccsetup629.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49879 version: TLS 1.2
Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49764 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: www.ccleaner.com
Source: global trafficDNS traffic detected: DNS query: cdn-production.ccleaner.com
Source: global trafficDNS traffic detected: DNS query: cdn.cookielaw.org
Source: global trafficDNS traffic detected: DNS query: dev.visualwebsiteoptimizer.com
Source: global trafficDNS traffic detected: DNS query: s.go-mpulse.net
Source: global trafficDNS traffic detected: DNS query: assets.adobedtm.com
Source: global trafficDNS traffic detected: DNS query: widget.trustpilot.com
Source: global trafficDNS traffic detected: DNS query: geolocation.onetrust.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: dpm.demdex.net
Source: global trafficDNS traffic detected: DNS query: www.nortonlifelock.com
Source: global trafficDNS traffic detected: DNS query: static.ads-twitter.com
Source: global trafficDNS traffic detected: DNS query: amplify.outbrain.com
Source: global trafficDNS traffic detected: DNS query: s.yimg.com
Source: global trafficDNS traffic detected: DNS query: mstatic.ccleaner.com
Source: global trafficDNS traffic detected: DNS query: www.mczbf.com
Source: global trafficDNS traffic detected: DNS query: symantec.demdex.net
Source: global trafficDNS traffic detected: DNS query: symantec.tt.omtrdc.net
Source: global trafficDNS traffic detected: DNS query: cm.everesttech.net
Source: global trafficDNS traffic detected: DNS query: tr.outbrain.com
Source: global trafficDNS traffic detected: DNS query: wave.outbrain.com
Source: global trafficDNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: idsync.rlcdn.com
Source: global trafficDNS traffic detected: DNS query: oms.ccleaner.com
Source: global trafficDNS traffic detected: DNS query: c5.adalyser.com
Source: global trafficDNS traffic detected: DNS query: snap.licdn.com
Source: global trafficDNS traffic detected: DNS query: connect.facebook.net
Source: global trafficDNS traffic detected: DNS query: static.hotjar.com
Source: global trafficDNS traffic detected: DNS query: cdn-uat.ccleaner.com
Source: global trafficDNS traffic detected: DNS query: t.co
Source: global trafficDNS traffic detected: DNS query: analytics.twitter.com
Source: global trafficDNS traffic detected: DNS query: c.go-mpulse.net
Source: global trafficDNS traffic detected: DNS query: analytics.google.com
Source: global trafficDNS traffic detected: DNS query: stats.g.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: td.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: script.hotjar.com
Source: global trafficDNS traffic detected: DNS query: px.ads.linkedin.com
Source: global trafficDNS traffic detected: DNS query: www.facebook.com
Source: global trafficDNS traffic detected: DNS query: www.linkedin.com
Source: global trafficDNS traffic detected: DNS query: privacyportal-de.onetrust.com
Source: global trafficDNS traffic detected: DNS query: zn4i1jhjmxub1nc6y-gendigital.siteintercept.qualtrics.com
Source: global trafficDNS traffic detected: DNS query: s1.pir.fm
Source: global trafficDNS traffic detected: DNS query: trial-eum-clientnsv4-s.akamaihd.net
Source: global trafficDNS traffic detected: DNS query: trial-eum-clienttons-s.akamaihd.net
Source: global trafficDNS traffic detected: DNS query: vx7puws7mu3oczyzpz2a-pw3ow4-31c550e30-clientnsv4-s.akamaihd.net
Source: global trafficDNS traffic detected: DNS query: 173-254-250-90_s-2-16-164-88_ts-1729724020-clienttons-s.akamaihd.net
Source: global trafficDNS traffic detected: DNS query: siteintercept.qualtrics.com
Source: global trafficDNS traffic detected: DNS query: 02179911.akstat.io
Source: global trafficDNS traffic detected: DNS query: www.youtube.com
Source: global trafficDNS traffic detected: DNS query: paid.outbrain.com
Source: global trafficDNS traffic detected: DNS query: sp.analytics.yahoo.com
Source: global trafficDNS traffic detected: DNS query: bits.avcdn.net
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49993 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49763 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49879 version: TLS 1.2
Source: C:\Program Files\CCleaner\CCleaner64.exeFile created: C:\Windows\Tasks\CCleanerCrashReporting.job
Source: classification engineClassification label: mal48.spyw.evad.win@38/93@191/746
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Program Files\CCleaner
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\CCleaner\CCleaner64.exeMutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_Monitoring
Source: C:\Program Files\CCleaner\CCleaner64.exeMutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_PreventSecondInstance
Source: C:\Program Files\CCleaner\CCUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\CCleanerSetupMutex
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsr566B.tmp
Source: C:\Users\user\Downloads\ccsetup629.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Program Files\CCleaner\CCleaner64.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629.exeFile read: C:\Users\desktop.ini
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 --field-trial-handle=1948,i,6047240925551655931,70632006708312475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.ccleaner.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 --field-trial-handle=1948,i,6047240925551655931,70632006708312475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6436 --field-trial-handle=1948,i,6047240925551655931,70632006708312475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6436 --field-trial-handle=1948,i,6047240925551655931,70632006708312475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4380 --field-trial-handle=1948,i,6047240925551655931,70632006708312475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4380 --field-trial-handle=1948,i,6047240925551655931,70632006708312475,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\ccsetup629.exe "C:\Users\user\Downloads\ccsetup629.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\ccsetup629.exe "C:\Users\user\Downloads\ccsetup629.exe"
Source: C:\Users\user\Downloads\ccsetup629.exeProcess created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe" /createSkipUAC
Source: C:\Users\user\Downloads\ccsetup629.exeProcess created: C:\Program Files\CCleaner\CCUpdate.exe "C:\Program Files\CCleaner\CCUpdate.exe" /reg
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Users\user\Downloads\ccsetup629.exeProcess created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe" /createSkipUAC
Source: C:\Users\user\Downloads\ccsetup629.exeProcess created: C:\Program Files\CCleaner\CCUpdate.exe "C:\Program Files\CCleaner\CCUpdate.exe" /reg
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: userenv.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: apphelp.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: propsys.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: dwmapi.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: cryptbase.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: oleacc.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: version.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: shfolder.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: wldp.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: profapi.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: textinputframework.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: wintypes.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: wintypes.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: wintypes.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: textshaping.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: wininet.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: msimg32.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: winhttp.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: sspicli.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: cryptsp.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: rsaenh.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: wbemcomn.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: amsi.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: dnsapi.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: webio.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: mswsock.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: winnsi.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: schannel.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: ntasn1.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: ncrypt.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: msasn1.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: gpapi.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: dpapi.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: winmm.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: winmm.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: powrprof.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: umpdc.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: wscapi.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: urlmon.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: iertutil.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: srvcli.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: netutils.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: netapi32.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: dbghelp.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: esent.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: netutils.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: samcli.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: atlthunk.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: ieframe.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: iertutil.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: wkscli.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: dataexchange.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: d3d11.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: dcomp.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: dxgi.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: urlmon.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: srvcli.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: windowscodecs.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: taskschd.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: rstrtmgr.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: riched20.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: usp10.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: msls31.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: linkinfo.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: ntshrui.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: cscapi.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: edputil.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: appresolver.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: bcp47langs.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: slc.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: sppc.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Users\user\Downloads\ccsetup629.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: userenv.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: powrprof.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dxgi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dbghelp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: winmm.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: secur32.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: urlmon.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: oleacc.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: usp10.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dnsapi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: winhttp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: iertutil.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: srvcli.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: netutils.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: cryptbase.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: sspicli.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: umpdc.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dbgcore.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: uxtheme.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: windowscodecs.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: taskschd.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: windows.storage.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: wldp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: profapi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: mstask.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: version.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: mpr.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: mpr.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: cryptsp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: rsaenh.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: webio.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: mswsock.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: wbemcomn.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: winnsi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: rasadhlp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: amsi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: schannel.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: propsys.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: resourcepolicyclient.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: ntasn1.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: ncrypt.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: msasn1.dll
Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: gpapi.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: version.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: wininet.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: winhttp.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: cabinet.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: dnsapi.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: userenv.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: wtsapi32.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: powrprof.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: umpdc.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: taskschd.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: sspicli.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: xmllite.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: webio.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: mswsock.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: winnsi.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: rasadhlp.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: schannel.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: ntasn1.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: ncrypt.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: msasn1.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: cryptsp.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: rsaenh.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: cryptbase.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: gpapi.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: dpapi.dll
Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\ccsetup629.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\CCleaner.exe
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\CCleaner64.exe
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\CCUpdate.exe
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1025.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1026.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1027.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1028.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1029.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1030.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1031.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1032.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1034.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1035.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1036.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1037.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1038.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1040.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1041.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1042.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1043.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1044.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1045.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1046.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1048.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1049.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1050.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1051.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1052.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1053.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1054.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1055.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1056.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1057.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1058.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1059.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1060.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1061.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1062.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1063.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1065.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1066.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1067.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1068.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1079.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1071.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1081.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1086.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1087.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1090.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1092.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1093.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1102.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1104.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1109.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1110.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1155.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-2052.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-2070.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-2074.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-3098.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-5146.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-9999.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\CCleanerDU.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\CCleanerPerformanceOptimizer.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\CCleanerReactivator.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\libwaapi.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\libwaheap.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\libwalocal.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\libwaresource.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\libwautils.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\libwavmodapi.dll
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\CCleanerBugReport.exe
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\CCleanerCrashDump.exe
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\CCleanerReactivator.exe
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe
Source: C:\Users\user\Downloads\ccsetup629.exeDirectory created: C:\Program Files\CCleaner\uninst.exe
Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOG
Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Setup\config.def
Source: C:\Program Files\CCleaner\CCUpdate.exeDirectory created: C:\Program Files\CCleaner\Setup\
Source: C:\Users\user\Downloads\ccsetup629.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1110.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1081.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1056.dllJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\05544bd4-0f02-482f-a729-21ed218d07fb.tmpJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1048.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1030.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1102.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1065.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1057.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1031.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-2074.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1049.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1071.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\System.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1155.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1040.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-5146.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1066.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1109.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1062.dllJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\301150ae-a9f8-432a-9957-3545633d705a.tmpJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1058.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1045.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1032.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1028.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1063.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1046.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1059.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1029.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\p\pfBL.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\INetC.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\nsProcess.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1026.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1051.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ButtonEvent.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1043.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1034.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1086.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1035.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\g\gcapi_dll.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\p\ServiceUninstaller.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1050.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-2052.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1052.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1087.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1093.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1044.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1036.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1079.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1092.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1053.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1027.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-2070.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-9999.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1104.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1037.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1054.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1061.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1041.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\UserInfo.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1067.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1038.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1068.dllJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\Unconfirmed 456581.crdownloadJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1060.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-3098.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1042.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1055.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1025.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1090.dllJump to dropped file
Source: C:\Program Files\CCleaner\CCleaner64.exeFile created: C:\Windows\Tasks\CCleanerCrashReporting.job
Source: C:\Program Files\CCleaner\CCleaner64.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk
Source: C:\Users\user\Downloads\ccsetup629.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCUpdate.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCUpdate.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCUpdate.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCUpdate.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCUpdate.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\Downloads\ccsetup629.exeSystem information queried: FirmwareTableInformation
Source: C:\Users\user\Downloads\ccsetup629.exeSystem information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exeSystem information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCUpdate.exeSystem information queried: FirmwareTableInformation
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1110.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1081.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1056.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1048.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1030.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1102.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1065.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1057.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1031.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1049.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-2074.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1071.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\System.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1155.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1040.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-5146.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1066.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1109.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1062.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1058.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1045.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1032.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1028.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1063.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1046.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1059.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1029.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\p\pfBL.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\INetC.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\nsProcess.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1051.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1026.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ButtonEvent.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1043.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1034.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1086.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1035.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\g\gcapi_dll.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\p\ServiceUninstaller.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1050.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1052.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-2052.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1087.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1093.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1044.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1036.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1092.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1079.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1053.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1027.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-2070.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-9999.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1104.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1037.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1054.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1041.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1061.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\UserInfo.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1067.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1038.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1068.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1060.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-3098.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1042.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1055.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1025.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1090.dllJump to dropped file
Source: C:\Users\user\Downloads\ccsetup629.exe TID: 7432Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\CCleaner\CCUpdate.exe TID: 3532Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Downloads\ccsetup629.exeFile opened: PhysicalDrive0
Source: C:\Users\user\Downloads\ccsetup629.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Users\user\Downloads\ccsetup629.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Users\user\Downloads\ccsetup629.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Users\user\Downloads\ccsetup629.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Users\user\Downloads\ccsetup629.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Users\user\Downloads\ccsetup629.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Users\user\Downloads\ccsetup629.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Program Files\CCleaner\CCleaner64.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Program Files\CCleaner\CCleaner64.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Program Files\CCleaner\CCleaner64.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeProcess information queried: ProcessInformation
Source: C:\Program Files\CCleaner\CCleaner64.exeProcess queried: DebugPort
Source: C:\Program Files\CCleaner\CCleaner64.exeProcess token adjusted: Debug
Source: C:\Users\user\Downloads\ccsetup629.exeProcess created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe" /createSkipUAC
Source: C:\Users\user\Downloads\ccsetup629.exeProcess created: C:\Program Files\CCleaner\CCUpdate.exe "C:\Program Files\CCleaner\CCUpdate.exe" /reg
Source: C:\Users\user\Downloads\ccsetup629.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\CC_logo_72x66.png VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\CC_Logo_40x96.png VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\PF_computer.png VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Downloads\ccsetup629.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\Downloads\ccsetup629.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cookies.sqlite
Source: C:\Users\user\Downloads\ccsetup629.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cookies.sqlite-wal
Source: C:\Users\user\Downloads\ccsetup629.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cookies.sqlite-shm
Source: C:\Users\user\Downloads\ccsetup629.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager
Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Drive-by Compromise		21
Windows Management Instrumentation		11
Windows Service		11
Windows Service		13
Masquerading		1
OS Credential Dumping		13
Security Software Discovery		Remote Services1
Data from Local System		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Scheduled Task/Job		2
Scheduled Task/Job		11
Process Injection		141
Virtualization/Sandbox Evasion		LSASS Memory141
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		2
Scheduled Task/Job		11
Process Injection		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
DLL Side-Loading		1
Registry Run Keys / Startup Folder		1
Rundll32		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
DLL Side-Loading		1
DLL Side-Loading		LSA Secrets44
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\Downloads\Unconfirmed 456581.crdownload0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\UserInfo.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\g\gcapi_dll.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\p\pfBL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ButtonEvent.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\INetC.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\nsDialogs.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\nsProcess.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\p\ServiceUninstaller.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1025.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1026.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1027.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1028.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1029.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1030.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1031.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1032.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1034.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1035.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1036.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1037.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1038.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1040.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1041.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1042.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1043.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1044.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1045.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1046.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1048.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1049.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1050.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1051.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1052.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1053.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1054.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1055.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1056.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1057.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1058.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1059.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1060.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1061.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1062.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1063.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1065.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1066.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1067.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1068.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1071.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1079.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1081.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1086.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1087.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1090.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1092.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1093.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1102.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1104.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1109.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1110.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1155.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-2052.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-2070.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-2074.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-3098.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-5146.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-9999.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
privacyportal-de.onetrust.com
104.18.32.137
truefalse
    		unknown
    dev.visualwebsiteoptimizer.com
    		34.96.102.137
    		truefalse
      		unknown
      platform.twitter.map.fastly.net
      		199.232.188.157
      		truefalse
        		unknown
        spdc-global.pbp.gysm.yahoodns.net
        		54.171.122.26
        		truefalse
          		unknown
          stats.g.doubleclick.net
          		173.194.76.154
          		truefalse
            		unknown
            adobetarget.data.adobedc.net
            		66.235.152.225
            		truefalse
              		unknown
              idsync.rlcdn.com
              		35.244.174.68
              		truefalse
                		unknown
                scontent.xx.fbcdn.net
                		157.240.252.13
                		truefalse
                  		unknown
                  t.co
                  		172.66.0.227
                  		truefalse
                    		unknown
                    script.hotjar.com
                    		13.33.187.92
                    		truefalse
                      		unknown
                      peso-1422535133.eu-west-1.elb.amazonaws.com
                      		54.77.229.148
                      		truefalse
                        		unknown
                        www.google.com
                        		216.58.206.36
                        		truefalse
                          		unknown
                          outbrain.map.fastly.net
                          		151.101.130.132
                          		truefalse
                            		unknown
                            dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com
                            		34.250.93.70
                            		truefalse
                              		unknown
                              2w99epxhne.data.adobedc.net
                              		63.140.62.27
                              		truefalse
                                		unknown
                                mstatic.ccleaner.com
                                		20.50.2.53
                                		truefalse
                                  		unknown
                                  static-cdn.hotjar.com
                                  		18.66.102.51
                                  		truefalse
                                    		unknown
                                    star-mini.c10r.facebook.com
                                    		157.240.252.35
                                    		truefalse
                                      		unknown
                                      nydc1.outbrain.org
                                      		70.42.32.223
                                      		truefalse
                                        		unknown
                                        s.twitter.com
                                        		104.244.42.3
                                        		truefalse
                                          		unknown
                                          ax-0001.ax-msedge.net
                                          		150.171.27.10
                                          		truefalse
                                            		unknown
                                            analytics-alv.google.com
                                            		216.239.36.181
                                            		truefalse
                                              		unknown
                                              youtube-ui.l.google.com
                                              		142.250.185.174
                                              		truefalse
                                                		unknown
                                                googleads.g.doubleclick.net
                                                		172.217.16.194
                                                		truefalse
                                                  		unknown
                                                  dcjdc5qmbbux7.cloudfront.net
                                                  		13.224.189.110
                                                  		truefalse
                                                    		unknown
                                                    td.doubleclick.net
                                                    		172.217.16.194
                                                    		truefalse
                                                      		unknown
                                                      widget.trustpilot.com
                                                      		52.222.236.94
                                                      		truefalse
                                                        		unknown
                                                        cdn.cookielaw.org
                                                        		104.18.86.42
                                                        		truefalse
                                                          		unknown
                                                          geolocation.onetrust.com
                                                          		172.64.155.119
                                                          		truefalse
                                                            		unknown
                                                            edge.gycpi.b.yahoodns.net
                                                            		87.248.119.252
                                                            		truefalse
                                                              		unknown
                                                              static.ads-twitter.com
                                                              		unknown
                                                              		unknownfalse
                                                                		unknown
                                                                amplify.outbrain.com
                                                                		unknown
                                                                		unknownfalse
                                                                  		unknown
                                                                  bits.avcdn.net
                                                                  		unknown
                                                                  		unknownfalse
                                                                    		unknown
                                                                    02179911.akstat.io
                                                                    		unknown
                                                                    		unknownfalse
                                                                      		unknown
                                                                      siteintercept.qualtrics.com
                                                                      		unknown
                                                                      		unknownfalse
                                                                        		unknown
                                                                        cm.everesttech.net
                                                                        		unknown
                                                                        		unknownfalse
                                                                          		unknown
                                                                          oms.ccleaner.com
                                                                          		unknown
                                                                          		unknownfalse
                                                                            		unknown
                                                                            wave.outbrain.com
                                                                            		unknown
                                                                            		unknownfalse
                                                                              		unknown
                                                                              static.hotjar.com
                                                                              		unknown
                                                                              		unknownfalse
                                                                                		unknown
                                                                                trial-eum-clientnsv4-s.akamaihd.net
                                                                                		unknown
                                                                                		unknownfalse
                                                                                  		unknown
                                                                                  www.youtube.com
                                                                                  		unknown
                                                                                  		unknownfalse
                                                                                    		unknown
                                                                                    vx7puws7mu3oczyzpz2a-pw3ow4-31c550e30-clientnsv4-s.akamaihd.net
                                                                                    		unknown
                                                                                    		unknownfalse
                                                                                      		unknown
                                                                                      c5.adalyser.com
                                                                                      		unknown
                                                                                      		unknownfalse
                                                                                        		unknown
                                                                                        assets.adobedtm.com
                                                                                        		unknown
                                                                                        		unknownfalse
                                                                                          		unknown
                                                                                          trial-eum-clienttons-s.akamaihd.net
                                                                                          		unknown
                                                                                          		unknownfalse
                                                                                            		unknown
                                                                                            connect.facebook.net
                                                                                            		unknown
                                                                                            		unknownfalse
                                                                                              		unknown
                                                                                              px.ads.linkedin.com
                                                                                              		unknown
                                                                                              		unknownfalse
                                                                                                		unknown
                                                                                                symantec.demdex.net
                                                                                                		unknown
                                                                                                		unknownfalse
                                                                                                  		unknown
                                                                                                  s.yimg.com
                                                                                                  		unknown
                                                                                                  		unknownfalse
                                                                                                    		unknown
                                                                                                    www.mczbf.com
                                                                                                    		unknown
                                                                                                    		unknownfalse
                                                                                                      		unknown
                                                                                                      sp.analytics.yahoo.com
                                                                                                      		unknown
                                                                                                      		unknownfalse
                                                                                                        		unknown
                                                                                                        paid.outbrain.com
                                                                                                        		unknown
                                                                                                        		unknownfalse
                                                                                                          		unknown
                                                                                                          s.go-mpulse.net
                                                                                                          		unknown
                                                                                                          		unknownfalse
                                                                                                            		unknown
                                                                                                            symantec.tt.omtrdc.net
                                                                                                            		unknown
                                                                                                            		unknownfalse
                                                                                                              		unknown
                                                                                                              cdn-production.ccleaner.com
                                                                                                              		unknown
                                                                                                              		unknownfalse
                                                                                                                		unknown
                                                                                                                www.nortonlifelock.com
                                                                                                                		unknown
                                                                                                                		unknownfalse
                                                                                                                  		unknown
                                                                                                                  dpm.demdex.net
                                                                                                                  		unknown
                                                                                                                  		unknownfalse
                                                                                                                    		unknown
                                                                                                                    s1.pir.fm
                                                                                                                    		unknown
                                                                                                                    		unknownfalse
                                                                                                                      		unknown
                                                                                                                      www.facebook.com
                                                                                                                      		unknown
                                                                                                                      		unknownfalse
                                                                                                                        		unknown
                                                                                                                        www.linkedin.com
                                                                                                                        		unknown
                                                                                                                        		unknownfalse
                                                                                                                          		unknown
                                                                                                                          173-254-250-90_s-2-16-164-88_ts-1729724020-clienttons-s.akamaihd.net
                                                                                                                          		unknown
                                                                                                                          		unknownfalse
                                                                                                                            		unknown
                                                                                                                            zn4i1jhjmxub1nc6y-gendigital.siteintercept.qualtrics.com
                                                                                                                            		unknown
                                                                                                                            		unknownfalse
                                                                                                                              		unknown
                                                                                                                              cdn-uat.ccleaner.com
                                                                                                                              		unknown
                                                                                                                              		unknownfalse
                                                                                                                                		unknown
                                                                                                                                analytics.twitter.com
                                                                                                                                		unknown
                                                                                                                                		unknownfalse
                                                                                                                                  		unknown
                                                                                                                                  snap.licdn.com
                                                                                                                                  		unknown
                                                                                                                                  		unknownfalse
                                                                                                                                    		unknown
                                                                                                                                    www.ccleaner.com
                                                                                                                                    		unknown
                                                                                                                                    		unknownfalse
                                                                                                                                      		unknown
                                                                                                                                      analytics.google.com
                                                                                                                                      		unknown
                                                                                                                                      		unknownfalse
                                                                                                                                        		unknown
                                                                                                                                        c.go-mpulse.net
                                                                                                                                        		unknown
                                                                                                                                        		unknownfalse
                                                                                                                                          		unknown
                                                                                                                                          tr.outbrain.com
                                                                                                                                          		unknown
                                                                                                                                          		unknownfalse
                                                                                                                                            		unknown

                                                                                                                                            Contacted URLs

                                                                                                                                            NameMaliciousAntivirus DetectionReputation
                                                                                                                                            https://www.ccleaner.com/false
                                                                                                                                              		unknown
                                                                                                                                              https://www.ccleaner.com/ccleaner/download/standardfalse
                                                                                                                                                		unknown

                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                Public IPs

                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                18.66.102.53
                                                                                                                                                		unknownUnited States
                                                                                                                                                		3MIT-GATEWAYSUSfalse
                                                                                                                                                34.111.24.1
                                                                                                                                                		unknownUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                173.194.76.154
                                                                                                                                                		stats.g.doubleclick.netUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                13.33.187.19
                                                                                                                                                		unknownUnited States
                                                                                                                                                		16509AMAZON-02USfalse
                                                                                                                                                184.27.96.174
                                                                                                                                                		unknownUnited States
                                                                                                                                                		7016CCCH-3USfalse
                                                                                                                                                2.18.64.220
                                                                                                                                                		unknownEuropean Union
                                                                                                                                                		6057AdministracionNacionaldeTelecomunicacionesUYfalse
                                                                                                                                                151.101.130.132
                                                                                                                                                		outbrain.map.fastly.netUnited States
                                                                                                                                                		54113FASTLYUSfalse
                                                                                                                                                2.18.64.24
                                                                                                                                                		unknownEuropean Union
                                                                                                                                                		6057AdministracionNacionaldeTelecomunicacionesUYfalse
                                                                                                                                                66.235.152.225
                                                                                                                                                		adobetarget.data.adobedc.netUnited States
                                                                                                                                                		15224OMNITUREUSfalse
                                                                                                                                                34.250.93.70
                                                                                                                                                		dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.comUnited States
                                                                                                                                                		16509AMAZON-02USfalse
                                                                                                                                                104.18.32.137
                                                                                                                                                		privacyportal-de.onetrust.comUnited States
                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                2.19.126.160
                                                                                                                                                		unknownEuropean Union
                                                                                                                                                		16625AKAMAI-ASUSfalse
                                                                                                                                                64.202.112.95
                                                                                                                                                		unknownUnited States
                                                                                                                                                		22075AS-OUTBRAINUSfalse
                                                                                                                                                157.240.252.13
                                                                                                                                                		scontent.xx.fbcdn.netUnited States
                                                                                                                                                		32934FACEBOOKUSfalse
                                                                                                                                                142.250.186.74
                                                                                                                                                		unknownUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                142.250.186.78
                                                                                                                                                		unknownUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                162.159.140.229
                                                                                                                                                		unknownUnited States
                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                2.18.64.212
                                                                                                                                                		unknownEuropean Union
                                                                                                                                                		6057AdministracionNacionaldeTelecomunicacionesUYfalse
                                                                                                                                                1.1.1.1
                                                                                                                                                		unknownAustralia
                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                70.42.32.223
                                                                                                                                                		nydc1.outbrain.orgUnited States
                                                                                                                                                		22075AS-OUTBRAINUSfalse
                                                                                                                                                54.77.122.229
                                                                                                                                                		unknownUnited States
                                                                                                                                                		16509AMAZON-02USfalse
                                                                                                                                                157.240.0.35
                                                                                                                                                		unknownUnited States
                                                                                                                                                		32934FACEBOOKUSfalse
                                                                                                                                                104.244.42.131
                                                                                                                                                		unknownUnited States
                                                                                                                                                		13414TWITTERUSfalse
                                                                                                                                                54.171.122.26
                                                                                                                                                		spdc-global.pbp.gysm.yahoodns.netUnited States
                                                                                                                                                		16509AMAZON-02USfalse
                                                                                                                                                142.250.185.238
                                                                                                                                                		unknownUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                172.217.18.2
                                                                                                                                                		unknownUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                2.19.126.157
                                                                                                                                                		unknownEuropean Union
                                                                                                                                                		16625AKAMAI-ASUSfalse
                                                                                                                                                172.64.155.119
                                                                                                                                                		geolocation.onetrust.comUnited States
                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                13.107.42.14
                                                                                                                                                		unknownUnited States
                                                                                                                                                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                216.58.206.46
                                                                                                                                                		unknownUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                13.33.187.92
                                                                                                                                                		script.hotjar.comUnited States
                                                                                                                                                		16509AMAZON-02USfalse
                                                                                                                                                184.28.89.148
                                                                                                                                                		unknownUnited States
                                                                                                                                                		16625AKAMAI-ASUSfalse
                                                                                                                                                239.255.255.250
                                                                                                                                                		unknownReserved
                                                                                                                                                		unknownunknownfalse
                                                                                                                                                52.222.236.94
                                                                                                                                                		widget.trustpilot.comUnited States
                                                                                                                                                		16509AMAZON-02USfalse
                                                                                                                                                23.201.240.55
                                                                                                                                                		unknownUnited States
                                                                                                                                                		16625AKAMAI-ASUSfalse
                                                                                                                                                66.235.152.156
                                                                                                                                                		unknownUnited States
                                                                                                                                                		15224OMNITUREUSfalse
                                                                                                                                                199.232.188.157
                                                                                                                                                		platform.twitter.map.fastly.netUnited States
                                                                                                                                                		54113FASTLYUSfalse
                                                                                                                                                172.217.16.194
                                                                                                                                                		googleads.g.doubleclick.netUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                35.244.174.68
                                                                                                                                                		idsync.rlcdn.comUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                142.250.185.72
                                                                                                                                                		unknownUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                104.17.208.240
                                                                                                                                                		unknownUnited States
                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                142.250.186.104
                                                                                                                                                		unknownUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                18.66.102.51
                                                                                                                                                		static-cdn.hotjar.comUnited States
                                                                                                                                                		3MIT-GATEWAYSUSfalse
                                                                                                                                                172.217.18.100
                                                                                                                                                		unknownUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                142.250.186.130
                                                                                                                                                		unknownUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                142.250.186.174
                                                                                                                                                		unknownUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                20.50.2.53
                                                                                                                                                		mstatic.ccleaner.comUnited States
                                                                                                                                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                184.28.89.29
                                                                                                                                                		unknownUnited States
                                                                                                                                                		16625AKAMAI-ASUSfalse
                                                                                                                                                142.250.185.200
                                                                                                                                                		unknownUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                52.208.241.210
                                                                                                                                                		unknownUnited States
                                                                                                                                                		16509AMAZON-02USfalse
                                                                                                                                                216.58.206.36
                                                                                                                                                		www.google.comUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                63.140.62.27
                                                                                                                                                		2w99epxhne.data.adobedc.netUnited States
                                                                                                                                                		15224OMNITUREUSfalse
                                                                                                                                                2.16.164.88
                                                                                                                                                		unknownEuropean Union
                                                                                                                                                		20940AKAMAI-ASN1EUfalse
                                                                                                                                                87.248.119.251
                                                                                                                                                		unknownUnited Kingdom
                                                                                                                                                		203220YAHOO-DEBDEfalse
                                                                                                                                                87.248.119.252
                                                                                                                                                		edge.gycpi.b.yahoodns.netUnited Kingdom
                                                                                                                                                		203220YAHOO-DEBDEfalse
                                                                                                                                                2.19.126.142
                                                                                                                                                		unknownEuropean Union
                                                                                                                                                		16625AKAMAI-ASUSfalse
                                                                                                                                                13.224.189.82
                                                                                                                                                		unknownUnited States
                                                                                                                                                		16509AMAZON-02USfalse
                                                                                                                                                2.19.126.92
                                                                                                                                                		unknownEuropean Union
                                                                                                                                                		16625AKAMAI-ASUSfalse
                                                                                                                                                199.232.214.172
                                                                                                                                                		unknownUnited States
                                                                                                                                                		54113FASTLYUSfalse
                                                                                                                                                23.201.241.99
                                                                                                                                                		unknownUnited States
                                                                                                                                                		16625AKAMAI-ASUSfalse
                                                                                                                                                157.240.252.35
                                                                                                                                                		star-mini.c10r.facebook.comUnited States
                                                                                                                                                		32934FACEBOOKUSfalse
                                                                                                                                                2.19.224.118
                                                                                                                                                		unknownEuropean Union
                                                                                                                                                		16625AKAMAI-ASUSfalse
                                                                                                                                                172.217.18.110
                                                                                                                                                		unknownUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                151.101.194.132
                                                                                                                                                		unknownUnited States
                                                                                                                                                		54113FASTLYUSfalse
                                                                                                                                                142.250.186.99
                                                                                                                                                		unknownUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                66.102.1.84
                                                                                                                                                		unknownUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                34.96.102.137
                                                                                                                                                		dev.visualwebsiteoptimizer.comUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                2.23.196.132
                                                                                                                                                		unknownEuropean Union
                                                                                                                                                		1273CWVodafoneGroupPLCEUfalse
                                                                                                                                                2.19.225.128
                                                                                                                                                		unknownEuropean Union
                                                                                                                                                		16625AKAMAI-ASUSfalse
                                                                                                                                                104.18.41.41
                                                                                                                                                		unknownUnited States
                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                34.111.175.102
                                                                                                                                                		unknownUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                54.77.229.148
                                                                                                                                                		peso-1422535133.eu-west-1.elb.amazonaws.comUnited States
                                                                                                                                                		16509AMAZON-02USfalse
                                                                                                                                                216.239.36.181
                                                                                                                                                		analytics-alv.google.comUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                142.250.186.163
                                                                                                                                                		unknownUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                142.250.185.132
                                                                                                                                                		unknownUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                142.250.185.138
                                                                                                                                                		unknownUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                104.244.42.3
                                                                                                                                                		s.twitter.comUnited States
                                                                                                                                                		13414TWITTERUSfalse
                                                                                                                                                34.160.176.28
                                                                                                                                                		unknownUnited States
                                                                                                                                                		2686ATGS-MMD-ASUSfalse
                                                                                                                                                150.171.27.10
                                                                                                                                                		ax-0001.ax-msedge.netUnited States
                                                                                                                                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                157.240.251.9
                                                                                                                                                		unknownUnited States
                                                                                                                                                		32934FACEBOOKUSfalse
                                                                                                                                                34.117.223.223
                                                                                                                                                		unknownUnited States
                                                                                                                                                		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                142.250.185.174
                                                                                                                                                		youtube-ui.l.google.comUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                142.250.185.131
                                                                                                                                                		unknownUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                52.48.129.25
                                                                                                                                                		unknownUnited States
                                                                                                                                                		16509AMAZON-02USfalse
                                                                                                                                                192.229.221.95
                                                                                                                                                		unknownUnited States
                                                                                                                                                		15133EDGECASTUSfalse
                                                                                                                                                104.18.86.42
                                                                                                                                                		cdn.cookielaw.orgUnited States
                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                13.224.189.110
                                                                                                                                                		dcjdc5qmbbux7.cloudfront.netUnited States
                                                                                                                                                		16509AMAZON-02USfalse
                                                                                                                                                172.66.0.227
                                                                                                                                                		t.coUnited States
                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                95.101.54.225
                                                                                                                                                		unknownEuropean Union
                                                                                                                                                		34164AKAMAI-LONGBfalse

                                                                                                                                                Private

                                                                                                                                                IP
                                                                                                                                                192.168.2.7
                                                                                                                                                192.168.2.4
                                                                                                                                                192.168.2.5
                                                                                                                                                192.168.2.16

                                                                                                                                                General Information

                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                Analysis ID:1540680
                                                                                                                                                Start date and time:2024-10-24 00:52:48 +02:00
                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                Overall analysis duration:
                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                Report type:full
                                                                                                                                                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                Sample URL:https://www.ccleaner.com/
                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                Number of analysed new started processes analysed:23
                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                Technologies:
                                                                                                                                                • EGA enabled
                                                                                                                                                Analysis Mode:stream
                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                Detection:MAL
                                                                                                                                                Classification:mal48.spyw.evad.win@38/93@191/746

                                                                                                                                                Warnings

                                                                                                                                                • Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
                                                                                                                                                • Excluded IPs from analysis (whitelisted): 142.250.186.163, 142.250.186.78, 66.102.1.84, 199.232.214.172, 2.19.225.128, 34.104.35.123, 142.250.186.74, 142.250.185.131, 142.250.185.200, 184.28.89.29, 2.23.196.132, 142.250.186.104, 142.250.185.72, 184.28.89.148, 2.19.224.118, 142.250.185.138, 142.250.186.138, 216.58.212.138, 172.217.16.202, 142.250.184.202, 142.250.185.234, 142.250.186.170, 216.58.206.42, 172.217.18.10, 142.250.185.106, 142.250.185.202, 142.250.186.106, 216.58.206.74, 142.250.186.42, 142.250.184.234, 142.250.185.74
                                                                                                                                                • Excluded domains from analysis (whitelisted): ip46.go-mpulse.net.edgekey.net, www.ccleaner.com.edgekey.net, cdn-production.ccleaner.com.edgekey.net, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, fonts.gstatic.com, www.nortonlifelock.com.edgekey.net, cn-assets.adobedtm.com.edgekey.net, ctldl.windowsupdate.com, clientservices.googleapis.com, wildcard.outbrain.com.edgekey.net, clients2.google.com, edgedl.me.gvt1.com, www.googletagmanager.com, e7808.dscg.akamaiedge.net, e4117.dsca.akamaiedge.net, e10883.g.akamaiedge.net, clients.l.google.com, e13363.dsca.akamaiedge.net, e4518.dscx.akamaiedge.net
                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                • Skipping network analysis since amount of network traffic is too extensive
                                                                                                                                                • VT rate limit hit for: https://www.ccleaner.com/

                                                                                                                                                LLM Input / Output

                                                                                                                                                InputOutput
                                                                                                                                                URL: https://www.ccleaner.com/ Model: claude-3-haiku-20240307
                                                                                                                                                ```json
{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "Get CCleaner Pro, Free Download",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                                                                                                                                URL: https://www.ccleaner.com/ Model: claude-3-haiku-20240307
                                                                                                                                                ```json
{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "Get CCleaner Pro, Free Download",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                                                                                                                                URL: https://www.ccleaner.com/ Model: claude-3-haiku-20240307
                                                                                                                                                ```json
{
  "brands": [
    "CCleaner"
  ]
}
                                                                                                                                                URL: https://www.ccleaner.com/ Model: claude-3-haiku-20240307
                                                                                                                                                ```json
{
  "brands": [
    "CCleaner"
  ]
}
                                                                                                                                                URL: https://www.ccleaner.com/ Model: claude-3-haiku-20240307
                                                                                                                                                ```json
{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "Get CCleaner Pro, Free Download",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                                                                                                                                URL: https://www.ccleaner.com/ Model: claude-3-haiku-20240307
                                                                                                                                                ```json
{
  "contains_trigger_text": true,
  "trigger_text": "We value your privacy",
  "prominent_button_name": "OK",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": true,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                                                                                                                                URL: https://www.ccleaner.com/ Model: claude-3-haiku-20240307
                                                                                                                                                ```json
{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "Get CCleaner Pro, Free Download",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                                                                                                                                URL: https://www.ccleaner.com/ Model: claude-3-haiku-20240307
                                                                                                                                                ```json
{
  "brands": [
    "CCleaner"
  ]
}
                                                                                                                                                URL: https://www.ccleaner.com/ Model: claude-3-haiku-20240307
                                                                                                                                                ```json
{
  "brands": [
    "CCleaner"
  ]
}
                                                                                                                                                URL: https://www.ccleaner.com/ Model: claude-3-haiku-20240307
                                                                                                                                                ```json
{
  "brands": [
    "CCleaner"
  ]
}
                                                                                                                                                URL: https://www.ccleaner.com/ccleaner/download/standard Model: claude-3-haiku-20240307
                                                                                                                                                ```json
{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "Click 'Install' to start installing CCleaner",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                                                                                                                                URL: https://www.ccleaner.com/ccleaner/download/standard Model: claude-3-haiku-20240307
                                                                                                                                                ```json
{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "Click 'Install' to start installing CCleaner",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                                                                                                                                URL: https://www.ccleaner.com/ccleaner/download/standard Model: claude-3-haiku-20240307
                                                                                                                                                ```json
{
  "brands": [
    "CCleaner"
  ]
}
                                                                                                                                                URL: https://www.ccleaner.com/ Model: gpt-4o
                                                                                                                                                ```json{  "legit_domain": "ccleaner.com",  "classification": "known",  "reasons": [    "The URL 'www.ccleaner.com' matches the legitimate domain for the brand 'CCleaner'.",    "CCleaner is a known brand associated with system optimization software.",    "There are no suspicious elements in the URL such as misspellings or unusual domain extensions.",    "The URL does not contain extra words or characters that are common in phishing attempts."  ],  "riskscore": 1}
                                                                                                                                                URL: www.ccleaner.com
            Brands: CCleaner
            Input Fields: u, n, k, n, o, w, n
                                                                                                                                                URL: https://www.ccleaner.com/ccleaner/download/standard Model: claude-3-haiku-20240307
                                                                                                                                                ```json
{
  "brands": [
    "CCleaner"
  ]
}

                                                                                                                                                Created / dropped Files

                                                                                                                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):71954
                                                                                                                                                Entropy (8bit):7.996617769952133
                                                                                                                                                Encrypted:true
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                                                                                                SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                                                                                                SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                                                                                                SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                                                                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:Certificate, Version=3
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1428
                                                                                                                                                Entropy (8bit):7.688784034406474
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:78F2FCAA601F2FB4EBC937BA532E7549
                                                                                                                                                SHA1:DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
                                                                                                                                                SHA-256:552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988
                                                                                                                                                SHA-512:BCAD73A7A5AFB7120549DD54BA1F15C551AE24C7181F008392065D1ED006E6FA4FA5A60538D52461B15A12F5292049E929CFFDE15CC400DEC9CDFCA0B36A68DD
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:0...0..x..........W..!2.9...wu\0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...130801120000Z..380115120000Z0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40.."0...*.H.............0..........sh..]J<0"0i3..%..!=..Y..).=X.v..{....0....8..V.m...y....._..<R.R....~...W.YUr.h.p..u.js2...D.......t;mq.-... .. .c)-..^N..!a.4...^.[......4@_.zf.w.H.fWW.TX..+.O.0.V..{]..O^.5.1..^......@.y.x...j.8.....7...}...>..p.U.A2...s*n..|!L....u]xf.:1D.3@...ZI...g.'..O9..X..$\F.d..i.v.v=Y]Bv...izH....f.t..K...c....:.=...E%...D.+~....am.3...K...}....!........p,A`..c.D..vb~.....d.3....C....w.....!..T)%.l..RQGt.&..Au.z._.?..A..[..P.1..r."..|Lu?c.!_. Qko....O..E_. ........~.&...i/..-............B0@0...U.......0....0...U...........0...U..........q]dL..g?....O0...*.H..............a.}.l.........dh.V.w.p...J...x\.._...)V.6I]Dc...f.#.=y.mk.T..<.C@..P.R..;...ik.

                                                                                                                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):328
                                                                                                                                                Entropy (8bit):3.2368928658074485
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:F429398012E84EEDD4E3EB8BA6E3034F
                                                                                                                                                SHA1:8EDD3ACDF5A0BD26912F42C913289B130B766991
                                                                                                                                                SHA-256:59439B07DDD140590AB088C30F9AE8CC1FA5A388E82176A1090C3D56BC8C53BA
                                                                                                                                                SHA-512:51BB5D152905F6ECC6E03C813A28395FDB1E1618E825194D044AA88F053A5EAC60A261FC2EE23906320D3D3FC33A30FFFFBA0D4568CDBB60E608D49B00F386B9
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:p...... ..........u..%..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                                                                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):254
                                                                                                                                                Entropy (8bit):3.052898866971229
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:F6953A55AD3DB39B9712F620CCF364DA
                                                                                                                                                SHA1:7320EA0D7F7E1F62F60EEEC1F7283D2575D0472D
                                                                                                                                                SHA-256:15845E04709A8030F986E5D081DDC8F60A2F8364637A91BA304089C6D92534D9
                                                                                                                                                SHA-512:4204FA044B073F65DE78327A103A7A19CC41BFA6F3544DE3CC76569CA50B80663161511077589488AD11CFBF701878DFA853C790F089A74BDB92AEAD8654EBC2
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:p...... ....l......%..(....................................................... ............n......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.R.o.o.t.G.4...c.r.t...".5.a.2.8.6.4.1.7.-.5.9.4."...

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\IZVA7BNT.txt

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:Generic INItialization configuration [Common]
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1427
                                                                                                                                                Entropy (8bit):5.421805452090305
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:D3876AA487213831ADCA2535CA0D0CEC
                                                                                                                                                SHA1:C531A95CC60D2EB7293B42E7611919F38BCA0EC2
                                                                                                                                                SHA-256:B0074610EA74B54ADA20A8486D32917D7673F5715521E86ECB52A91719F18EF7
                                                                                                                                                SHA-512:6CB5E5048B2FDDF96B863E3D7336773D06A10007597E8FE19BA834535443E68E8189E9712E9DD9C38E66C7DE912A5A11FEE0FE1CAF0809562A87479F68586836
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:[Encrypt]..CCAM=DISABLED..CCPOC=DISABLED..CCT=DISABLED..DTNP=1200..DUNP=900..[Common]..AlphaIntegration=1..AlphaMigration=1..AU2=1..AUTNV=0..CCNU=0..DriverScanInterval=7..DriverUpdater=1..DriverUpdaterVersion=1..DumpReporting=1..DUSkipOnboarding=0..GDDEBUG=0..HCAddResults=1..HCDirectCart=0..HCResolveBtn=0..HCSkipAdvanced=0..HealthCheck=1..HealthCheckIpm=1..HealthCheckNF=1..HealthCheckVersion=1..HideRegistry=1..NotificationCentre=1..OPSWATSoftwareUpdater=1..OPSWATSoftwareUpdaterHC=1..PC=0..PCCU=0..PCCUD=5..PE=1..PENP=27..PerformanceOptimizerVersion=1..POSkipOnboarding=0..PrivacyPolicyDate=2024-02-13..ProFeatureCounters=1..PTOOF=0..QuickCleanIpm=1..REU=90..ShowOffers3rdParty=1..SoftwareUpdater=1..SoftwareUpdaterIpm=1..SPERDI=8..SRDI=8..SUExclusions=tp3149,tp848,tp3197,tp2434,tp921,tp236,tp468,tp471,tp2867,tp569,tp570,tp1339,tp2843,tp2594,tp3009,tp1373,tp311,tp571,tp1434,tp2571,tp2845,tp2979,tp2047,tp411,tp1774,tp2346,tp1082,tp3083,tp366,tp2579,tp2581,tp2580,tp2697,tp361,tp605,tp1677,tp11

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):8192
                                                                                                                                                Entropy (8bit):0.39124014286970193
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:23C433AD41A642F46CD84EB3C0B342C9
                                                                                                                                                SHA1:085C95A5B6B6AF4686E1B03009E7D1F95609446E
                                                                                                                                                SHA-256:0F6E9452F6447725C69F9CECEC400C44718399A9786E2AE961EEA0817B2EE79E
                                                                                                                                                SHA-512:29C6D8717C6CDFFD4686CB9256359B4901A2935CF41951E741E3198C5636F1C185A174E0B5A949019508176B9CAE1A0A2A1C778BE2700DFC0873B0B7E00D19BF
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:H..................p0.......{..................C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\..............................................................................................................................................................................................................C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\...................................................................................................................................................................................................................,...@.......~.........5w.................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):524288
                                                                                                                                                Entropy (8bit):0.46059511658641666
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:F06D82A6DB5368BE460E2706B1F23ABB
                                                                                                                                                SHA1:14E04C095339E71FE052853B2D232B20B71A133C
                                                                                                                                                SHA-256:7C379309D3FFA67913656066D6247C41B3BBDC5CF094DC567D7BB917D0ACA392
                                                                                                                                                SHA-512:2F38C2BA9DD6C5E01A610C0995CC4F7DE23318EC5EC17134C540471EC8741ADD5E6CCDD53DF4EEAC9046677CDB5DB65F1E9E2405B14F5D240A74C1C983EF0296
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:.B...............9...|u..7...|k.........<...p0.......{..................C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\..............................................................................................................................................................................................................C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\...............................................................................................................................................................................................................0u.............................................Y...............fD..#......... ..Z)......`.......h.Z.......X.....q........{..................C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.W.e.b.C.a.c.h.e.\.W.e.b.C.a.c.h.e.V.0.1...d.a.t..............................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:Extensible storage engine DataBase, version 0x620, checksum 0x0593a9bc, page size 32768, DirtyShutdown, Windows version 10.0
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):17301504
                                                                                                                                                Entropy (8bit):1.1697037873341585
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:14712B25E8ED4BD7478873AE98361F56
                                                                                                                                                SHA1:EF0255F1219FD1F0A9878C23F319575D3A0E6A44
                                                                                                                                                SHA-256:5B4E6E4F17F93E07D0C69228F2ADB53CC7AB85803F9522F32BB92ECDEE346F77
                                                                                                                                                SHA-512:FA9452DA0278A7AAD70A51E8960BC8D59F7F25B59E140B76BD6CD4E8289F48ACF0352A4B693BC23023363ACC07B114371AE1F1611393FC50C798161209640919
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:....... .......c)......q........{......................6........8...|K..7...|[.h...........................p0.......{..............................................................................................`...........eJ......n........................................................................................................... ........9...|u.............................................................................................................................................................................................77...|...................................A.t.7...|[3..................0.7...|[..........................#......h.......................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):16384
                                                                                                                                                Entropy (8bit):0.1376878481238386
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:9EA7A66F4D7764497EBD10AA5BED0BE4
                                                                                                                                                SHA1:BFF6B1DDADEB5499046647EFFC0B2584C3A7052A
                                                                                                                                                SHA-256:7B63B38E61D530580978E496814BBD40037205FC290804F4687D2A3326CFB1B6
                                                                                                                                                SHA-512:538945C8E713C00F88EDC6B2FFF4129A885A1D370ADE0939F470237D2DB3C5BA7CA2DB0FAEA07445BFC422C19A51082D1A898DB53999FD92B4F815D6471E3292
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:..YJ.........................................{...8...|...8...|K..........8...|K..8...|K.. ..8...|.....................l.8...|K.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ButtonEvent.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):5120
                                                                                                                                                Entropy (8bit):4.070048832652426
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:C24568A3B0D7C8D7761E684EB77252B5
                                                                                                                                                SHA1:66DB7F147CBC2309D8D78FDCE54660041ACBC60D
                                                                                                                                                SHA-256:E2DA6D8B73B5954D58BAA89A949AACECE0527DFB940CA130AC6D3FD992D0909D
                                                                                                                                                SHA-512:5D43E4C838FD7F4C6A4AB6CC6D63E0F81D765D9CA33D9278D082C4F75F9416907DF10B003E10EDC1B5EF39535F722D8DBFAB114775AC67DA7F9390DCC2B4B443
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................Q..............A.......i.......Y.......X......._.....Rich....................PE..L....*.M...........!......................... ...............................`............@..........................!......\ ..<....@.......................P....................................................... ..4............................text...:........................... ..`.rdata....... ......................@..@.data...l....0......................@....rsrc........@......................@..@.reloc..2....P......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\INetC.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:modified
                                                                                                                                                Size (bytes):24064
                                                                                                                                                Entropy (8bit):5.321814815133819
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:7760DAF1B6A7F13F06B25B5A09137CA1
                                                                                                                                                SHA1:CC5A98EA3AA582DE5428C819731E1FAECCFCF33A
                                                                                                                                                SHA-256:5233110ED8E95A4A1042F57D9B2DC72BC253E8CB5282437637A51E4E9FCB9079
                                                                                                                                                SHA-512:D038BEA292FFA2F2F44C85305350645D504BE5C45A9D1B30DB6D9708BFAC27E2FF1E41A76C844D9231D465F31D502A5313DFDED6309326D6DFBE30E51A76FDB5
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........G.G.G.G.^.%...C.....F.(.C.(.D.G...A..F...F....F.RichG.........................PE..L...7M.N...........!.....,...8......A;.......@.......................................................................I..l....A..x....p...............................................................................@...............................text....+.......,.................. ..`.rdata.......@.......0..............@..@.data........P.......<..............@....rsrc........p.......P..............@..@.reloc...............V..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\System.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):12288
                                                                                                                                                Entropy (8bit):5.814115788739565
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                                                                                                SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                                                                                                SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                                                                                                SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\UserInfo.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):4096
                                                                                                                                                Entropy (8bit):3.3422620069068625
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:2F69AFA9D17A5245EC9B5BB03D56F63C
                                                                                                                                                SHA1:E0A133222136B3D4783E965513A690C23826AEC9
                                                                                                                                                SHA-256:E54989D2B83E7282D0BEC56B098635146AAB5D5A283F1F89486816851EF885A0
                                                                                                                                                SHA-512:BFD4AF50E41EBC56E30355C722C2A55540A5BBDDB68F1522EF7AABFE4F5F2A20E87FA9677EE3CDB3C0BF5BD3988B89D1224D32C9F23342A16E46C542D8DC0926
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..................[.........Rich..........................PE..L...!.Oa...........!................~........ ...............................P............@.........................@"......l ..<............................@..p.................................................... ..L............................text............................... ..`.rdata....... ......................@..@.data...h....0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\g\gcapi_dll.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                Category:modified
                                                                                                                                                Size (bytes):356864
                                                                                                                                                Entropy (8bit):6.662745889899097
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:2973AF8515EFFD0A3BFC7A43B03B3FCC
                                                                                                                                                SHA1:4209CDED0CAAC7C5CB07BCB29F1EE0DC5AC211EE
                                                                                                                                                SHA-256:D0E4581210A22135CE5DEB47D9DF4D636A94B3813E0649AAB84822C9F08AF2A0
                                                                                                                                                SHA-512:B6F9653142EC00B2E0A5045F0F2C7BA5DBBDA8EF39EDF14C80A24ECAB3C41F081EB466994AAF0879AC96B201BA5C02D478275710E4D08B3DEBC739063D177F7E
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s..e7.67.67.6q.x65.6._m65.6.c^66.6:.x6..6:.F6..6:.y6..6J.|6..6._v6,.67.6..6J.x6..6J.E66.6:.B66.67..66.6J.G66.6Rich7.6................PE..L.....5W.........."!.....J...X...............`............................................@.........................0#.......$...................................-...c..................................@............`......t"..@....................text....I.......J.................. ..`.rdata.......`.......N..............@..@.data....L...@......."..............@....tls.................<..............@....rsrc................>..............@..@.reloc...-...........D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\modern-header.bmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PC bitmap, Windows 3.x format, 150 x 57 x 24, image size 25764, resolution 3780 x 3780 px/m, cbSize 25818, bits offset 54
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):25818
                                                                                                                                                Entropy (8bit):1.1555809525391862
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:079CB79B69190FFB3A584A7344E34197
                                                                                                                                                SHA1:35A450167CD54BEAF5D50BD85E00858A6684C724
                                                                                                                                                SHA-256:AB3DEA92A333E89F41BB310D5B5D5A52B80D2AEDF78B0516F2B1A6A9AF69B222
                                                                                                                                                SHA-512:CBCD40BB163BC51DF0E42A2CE3565848734B8FD6065592CB90270182B7473ECBA71D0623505CA2C5654C9D65E16394AC55919D4018BBEFE0CB72489579593E18
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:BM.d......6...(.......9............d....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\modern-wizard.bmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PC bitmap, Windows 3.x format, 164 x 314 x 24, image size 154488, resolution 3780 x 3780 px/m, cbSize 154542, bits offset 54
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):154542
                                                                                                                                                Entropy (8bit):1.8895357436613915
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:8BD95FBD159E00B9823FE8D60CCF9B50
                                                                                                                                                SHA1:C55E1A485062EFCAE2AC4D4AA43172A0D8DC9413
                                                                                                                                                SHA-256:6EF238FAFC028BA028EACBFF28BCC670CD7213DF9318F99F619AC3E2988D16F3
                                                                                                                                                SHA-512:1BBF9D41D3180CFDDB99E300142B619DDBC225A099A43E8755AECB44000A4248A7606D04BBEA3C1E65143FC488C40D30FCF9BDD418174BD821247B932977F86F
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:BM.[......6...(.......:...........x[....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\nsDialogs.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):9728
                                                                                                                                                Entropy (8bit):5.158136237602734
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:6C3F8C94D0727894D706940A8A980543
                                                                                                                                                SHA1:0D1BCAD901BE377F38D579AAFC0C41C0EF8DCEFD
                                                                                                                                                SHA-256:56B96ADD1978B1ABBA286F7F8982B0EFBE007D4A48B3DED6A4D408E01D753FE2
                                                                                                                                                SHA-512:2094F0E4BB7C806A5FF27F83A1D572A5512D979EEFDA3345BAFF27D2C89E828F68466D08C3CA250DA11B01FC0407A21743037C25E94FBE688566DD7DEAEBD355
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|..c8O`08O`08O`08Oa0.O`0.@=05O`0llP0=O`0.If09O`0.od09O`0Rich8O`0........PE..L.....Oa...........!.........0......g........0............................................@..........................6..k....0.......p...............................................................................0...............................text............................... ..`.rdata..{....0......................@..@.data...h!...@......................@....rsrc........p....... ..............@..@.reloc..~............"..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\nsProcess.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):4608
                                                                                                                                                Entropy (8bit):4.703695912299512
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:F0438A894F3A7E01A4AAE8D1B5DD0289
                                                                                                                                                SHA1:B058E3FCFB7B550041DA16BF10D8837024C38BF6
                                                                                                                                                SHA-256:30C6C3DD3CC7FCEA6E6081CE821ADC7B2888542DAE30BF00E881C0A105EB4D11
                                                                                                                                                SHA-512:F91FCEA19CBDDF8086AFFCB63FE599DC2B36351FC81AC144F58A80A524043DDEAA3943F36C86EBAE45DD82E8FAF622EA7B7C9B776E74C54B93DF2963CFE66CC7
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s.I...I...I...n}f.L...I...P...@..K...@..H...@..H...RichI...........................PE..L...\..N...........!......................... ...............................`.......................................#....... ..<....@.......................P..|.................................................... ..d............................text............................... ..`.rdata....... ......................@..@.data... ....0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\p\ServiceUninstaller.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):509424
                                                                                                                                                Entropy (8bit):6.731421785316144
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:3053907A25371C3ED0C5447D9862B594
                                                                                                                                                SHA1:F39F0363886BB06CB1C427DB983BD6DA44C01194
                                                                                                                                                SHA-256:0B78D56ACEEFB4FF259660BD55BBB497CE29A5D60206B5D19D05E1442829E495
                                                                                                                                                SHA-512:226530658B3E1530F93285962E6B97D61F54039C1BBFCBC5EC27E9BA1489864AECD2D5B58577C8A9D7B25595A03AA35EE97CC7E33E026A89CBF5D470AA65C3E8
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j.v#...p...p...p:..q#..p:..q...p:..q6..p|..q>..p|..q9..p|..qg..p:..q)..p'..p,..p...p...px..q'..px..q/..px..p/..p..p/..px..q/..pRich...p........PE..L..."-.b...........!................................................................Yy....@A.........................+.......,..P.......h................)......DB......T...............................@............................................text...:........................... ..`.rdata.............................@..@.data....6...@...(...*..............@....rsrc...h............R..............@..@.reloc..DB.......D...X..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\p\pfBL.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):6076616
                                                                                                                                                Entropy (8bit):6.861827761940168
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:A5D2425F4B23DA1A37B9994D0A17F152
                                                                                                                                                SHA1:1F66A16C37E935DFA6527485412D752FCAFBC8AD
                                                                                                                                                SHA-256:5B0366ECB5F36F9517AA1A46C0EA0466C85A01326F33927B73EF63CC39191870
                                                                                                                                                SHA-512:2712D8E53E8ACEB52B8BE377914FBE2C82A036D6B9854BCD093EF3517789C0C658994FA28EB1932245B3731148D9CBB9EBC9B3AC1F6379B21BCC770E651185FB
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$........]...<...<...<..D...<...i..<.....<.....<....<..D...<..D...<..sR...<..&I...<...I...<..I...<..?N...<..vR...<..I...<..&I..x?...D...<...<...<..D...<...<..c?.....>......<...k..<...<...<......<..Rich.<..........PE..L...Ps.g...........!...&..<... .......0.......=...............................^.......\...@A..........................L.......R.......Y...............\..*....Z..r...F.T...................@.F.......F.@.............=..............................text...Z.<.......<................. ..`.rdata..b.....=.......<.............@..@.data.........R.......R.............@....rsrc.........Y......&X.............@..@.reloc...r....Z..t....Y.............@..B........................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\CC_Logo_40x96.png

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PNG image data, 40 x 37, 8-bit/color RGBA, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2917
                                                                                                                                                Entropy (8bit):7.919668479594029
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:D32B0460183056D3056D6DB89C992B88
                                                                                                                                                SHA1:79823E151B3438AB8D273A6B4A3D56A9571379B4
                                                                                                                                                SHA-256:B013039E32D2F8E54CFEBDBFDABC25F21AA0BBE9EF26A2A5319A20024961E9A7
                                                                                                                                                SHA-512:3AD36F9D4015F2D3D5BC15EAC221A0ECEF3FCB1EF4C3C87B97B3413A66FAA445869E054F7252CC233CD2BF8F1AA75CB3351D2C70C8121F4850B3DB29951BC817
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:.PNG........IHDR...(...%.....0`......sRGB.........IDATX..Xil\..=o..3....1.q"b.,.HS.R...J.EE.*Z.K.R...Z.*..."~..?*U.PK.....KH..(aQ.g..N....>o.....8..8f..;.-w9.|.}Z.....dN>.7..W,.wl@.a4.a.."..F8....E.\...*.<......B...f[0....pu..f ....`v^.h.F4..Pc..3..e0.p.r/..ox.f. ...N .a....%....).6-....<.S...Z...).......|....3.L..w._..,.0b1 ..f..F4.....f.... ..>..:..#..+.V,.....h.......0~ ............q.3):...#_...x/......p.WF+.w@.T.Qy.......BO'.zj'......Qj..+3o...?Dxb.."\...U.$.......`.E.)...i8.X..Yc<...6.L.......).Ri....8..]L.r'..".$....d...."L...o....Lc[$...\.3.l.v.V.l.d........ZU ...<q...z.a...+PuV(Z..[..F.z..../E')r..E.5...lN=..9....(.~.G~.....z...<M.;].7.@.$7*,.E}d.8..6b49.UF...)X.K@.......V .....f........2.......8.G.&.r....y..&...t..;#.X.W......5...l.z.G.:+Wc.7....pQ+v.%d.{.aM#..k.H...W.....(^[..'.^.p.u.I.p.B...F=..T..FguO..g.....?.1Z.w../.0=.....4*.l^....;..5..............*.u7~...e..jv...#........f..f ..z(......X.......dP....#.w'....?D}2.

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\CC_logo_72x66.png

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PNG image data, 72 x 66, 8-bit/color RGBA, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):7486
                                                                                                                                                Entropy (8bit):7.964739649140705
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:A736159759A56C29575E49CB2A51F2B3
                                                                                                                                                SHA1:B1594BBCA4358886D25C3A1BC662D87C913318CB
                                                                                                                                                SHA-256:58E75DE1789C90333DAAF93176194D2A3D64F2EECDF57A4B9384A229E81F874F
                                                                                                                                                SHA-512:4DA523A36375B37FA7BC4B4CCF7C93E1DF7B2DA15152EDF7D419927AA1BB271EF8BA27FE734D2F623FCC02B47319E75333DF014BED01EB466E0CD9EC4111EF53
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:.PNG........IHDR...H...B......v.!....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..\..\U.>.........N.... .;.Yd..DP.ap..q@d..qp\>..AEP6..E.(.a...hX...Y:K..N.....9wyU.p...q:y]...........5...s..3..[.....FC.D....8-.!(.......E.v....d_....,H6........kXf.i.S)12......P...G<....p(...~......]...=.......>yR.T.T..[.5.0M...&%`.&bB.......o....8.@..}.....+.^..+..(..?v......?.@..b|...klJ~..y..p.q.....p..(>.?0,0 .Fp!..l.<8...........S.(?.d._......{....}.k.........'5..W..g&S.aY...X...gk.....,I...>...M....e.....<......4B6E@.$. ..`y>.....cE..-=..~.cdd....c...N^S..?.J.-..."m."@.>..S4/.H....(..j=.>.8.F6v.t..7...5.. .Z..2.).i...x. X.@.........f.X...u......y.../...cs..h.6M.1a...1.%D\).....R..Sp"...X.t"...ws..^..x3~.....8Q...... .d.>...M....u..8v.=?..:........x.A..$.;....6@....A..U&....L4..4...V........M.L..!..c.T. .UG.r...~.c.cP.X.M......^2..@......6'.O.YD..M.V........4.19..|",@....w.U...,.g.a.".....2.I..&..QM.(f.8.8^|\.<...mL..3....8t.....=.t..I{y.c.#A....M...

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\Montserrat-Regular.otf

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:OpenType font data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):45360
                                                                                                                                                Entropy (8bit):6.905288287751393
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:27E50FFD6A14CBC8221C9DBD3B5208DC
                                                                                                                                                SHA1:713C997CE002A4D8762C2DCC405213061233E4BC
                                                                                                                                                SHA-256:40FC1142200A5C1C18F80B6915257083C528C7F7FD2B00A552AEEBC42898D428
                                                                                                                                                SHA-512:0A602F88CFBA906B41719943465EDB09917C447D746BFED5C9CE9C75D077F6AED2F8146697ACD74557359F1AE267CA2A8E3A2CA40FB1633BDE8E6114261ABD90
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:OTTO.......@CFF c\.}........GDEF.S.0...h...(GPOSU.?....`....GSUB3.'.........OS/2h......0...`cmap5.p........@head..t*.......6hhea.A.9.......$hmtxD%:.........maxp.zP....(....name............post...2....... .........p._.<...........>......>.....e.....................>.........e.................z..P..z.....6.........X...K...X...^.2.?............................UKWN.@. ............ .............. .......>.........;.............;...........E...........L...........;.........H.i...................................................................................}.........v.........................!.........:./.......................i.........$..........."..........."...........2.?.........2.?......... .q.........4..Copyright . 2014 by Julieta Ulanovsky. All rights reserved.MontserratRegular1.000;UKWN;Montserrat-RegularVersion 1.000;PS 002.000;hotconv 1.0.70;makeotf.lib2.5.58329 DEVELOPMENTMontserrat-RegularJulieta Ulanovskyhttp://www.zkysky.com.ar/This Font Software is licensed under the SIL

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\PF_computer.png

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PNG image data, 679 x 176, 8-bit/color RGB, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):89461
                                                                                                                                                Entropy (8bit):7.994111178657751
                                                                                                                                                Encrypted:true
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:7F4F45C9393A0664D9D0725A2FF42C6B
                                                                                                                                                SHA1:B7B30EB534E6DC69E8E293443C157134569E8CE7
                                                                                                                                                SHA-256:DBD8B6FDB66604A0A5E8EFE269FBFA598E4A94DC146006036409D905209DA42B
                                                                                                                                                SHA-512:0C27F9CE615CBFF3E17FD772CE3929AB4419D7432D96223B7EEC1BA70953F2AC993404B954020247B52D7F7499212D44EB6F85DA2E2676773CAFE1CE89B390F9
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:.PNG........IHDR...............PY....IDATx..k.-[V.W.9.j......~Cw.41..D...<d.l..E....K1A..r"......X..VL....C^.......8....W....{.9{..9.*...m.....n..g.Z...s....?.........y.....?....3/.|..._.}..y...gyVd16iY.i,.r.}]....bN3....*....{..-..,.?.o......U.m[.e].m.^...u.cU..4.eY...E....\...z[.L.K...YQ.K.].X...}..*...~'..l.f..ee..e.E.....u...,3......)M.....,.E.w-...X..\{...vZ....V...so.6..aO[.......J....Z.E....\...Z.YK..y...YU...u.x...Uo..).gJml..T.OEQU...n[.A.E..>o....K..a...2-.).Z..s..~K...i.,f...!...m[...aJ{./..%-.....*.OZ..!g.!.sJUU......%..|}^....*j.M.4z.4.r....u].$....ZvnQ.U%Y...'.^}BG..V.7.c.....T"......3.*_..6q..P...U...H}_.p..Im..^......i.8l...B......B.m..R.3.[.Ul....^$.3l...L..._.7..N.B-.+...].I?.-.uF.<..hv_..%..j$v.b.l.:K8.....,....\...'.U..Gp..Z....jI$.M`..7.....M..I.j.}...A......|].%....\.l..m.0..z@.We.'nu.....]...h.U.>..$.mQ..i...MI..Q.V.A.]/|>.t..\o.._..b....7.<...K....o.....r.f..ND_..Rq..Y.r(y...T...5Ls...qYfN...i.^a

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1025.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):257224
                                                                                                                                                Entropy (8bit):4.240052700721162
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:9E33B42185826F18C9B0BC5F62FC770F
                                                                                                                                                SHA1:F360A050C31C84F72B1CE552934DC9FE2FF39C94
                                                                                                                                                SHA-256:363DEF9535136E7723A30919856E93CE9C9CFC73474F0F93EC9FB1AA9C9E7228
                                                                                                                                                SHA-512:6183A2F33A2986D8F1134A8C851A6DDD4D330FDF5F288333B836CF563F3B73B9B1ED214C7BD3DD92B30F72251F762E6AC2967067997CC1817FB31E909C4C12AA
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'............................................................NO....@.......................................... ..................*...........................................................................................rdata..............................@..@.rsrc....... ......................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M..H....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1026.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):306888
                                                                                                                                                Entropy (8bit):4.12528167747302
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:59915C885769C6B868EDC142B94CAFE3
                                                                                                                                                SHA1:87F715D67EF67922ECE18C6239C0F4EC40D30C81
                                                                                                                                                SHA-256:438D554B8DF2FBAD630063CCA763FBE14D2864880EB2E1ED62211DC9C7F94256
                                                                                                                                                SHA-512:9CE9A0C34C5C79C395D3B7FD402AC0BB24B9D108B4DB500BF4A99CA6F3E0BAFCF533ACF1F6EB0ACD9D74FB740DFD7CDE2C7E1E60654515012A5174B5E0D99F47
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'..................................................................@.......................................... ...~...............*...........................................................................................rdata..............................@..@.rsrc....~... ......................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M..(Q...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1027.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):308936
                                                                                                                                                Entropy (8bit):3.640221592092463
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:EEA5DAA3A91BFCD529374997A5BE3A56
                                                                                                                                                SHA1:DED4C873E3A82BAA58BA97E12D03BCA5947D01B1
                                                                                                                                                SHA-256:F7B5C7D2B41C3DED8686EDD613306045EC8651A1916B94184E58BC5CE513D3D7
                                                                                                                                                SHA-512:E054FE3A27AAECB4C9BB4E8E9ABC01AE701B21921959DE2DDA623E1415A0962A993CD870238B3FC10AE1C870E69A6DC29D2CF31EF772A61E95BE96C01C02CB1E
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'..................................................................@.......................................... ...................*...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M...Z...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1028.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):120520
                                                                                                                                                Entropy (8bit):6.462861673675204
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:1C22EF70A599170DA19B787C196C5513
                                                                                                                                                SHA1:DDA1B02C71E536A2BFB698C4E62BAD45313AE032
                                                                                                                                                SHA-256:427579B55A9D2BE576D2DF71907B3681C30010CC807B8B4F6EEFEDE3EB309D9A
                                                                                                                                                SHA-512:B17A6DF912BC2BCD2F6262EB84DC1F692C7337CE69D71FFBA6BD5EDBF976F88C9D9251145A774A6A11A0E291F31208C5726C9F2ED734B4C368688C1C0039E67D
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.............................................................\....@.......................................... .. ................*...........................................................................................rdata..............................@..@.rsrc... .... ......................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M...y...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1029.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):272072
                                                                                                                                                Entropy (8bit):3.9711567694374876
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:56A40F5128A2066E68250A8E09DFE762
                                                                                                                                                SHA1:CB148FBF364359505F97C8ABFFE07EE1566C0DAB
                                                                                                                                                SHA-256:0378945D2E3F6A290C6B3D637F5C8A068900E74FEDF11D41D4210E04998C52F0
                                                                                                                                                SHA-512:1415D2AFA7BB32370A4906DB2DFD350E7CF47B99A3EB806C9ECF82922BF14EE521633F9AFBE343227E5520DB6E7A4728686B576E169F240D695EB31EA6D849F5
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'..................................................... ............@.......................................... ..(................*...........................................................................................rdata..............................@..@.rsrc...(.... ......................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1030.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):268488
                                                                                                                                                Entropy (8bit):3.6898118050528312
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:22EC8777722E28AA8DF3D719A147C280
                                                                                                                                                SHA1:B069B41F350BE531624D9C2DDB41B6C040B42244
                                                                                                                                                SHA-256:B091FC2D4E0824CE7BE34D6220C14DEBEB62DBBA419DA99C031C2E4EC5ADAA69
                                                                                                                                                SHA-512:9BF5DEEC2327D707587B71EB13813AE5E56CE66F9F35231AC39599EDF82112A787497C49FF4838006D29BBE7E04714F9B3872A986AD29115853894ECD86C70DA
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'............................................................eA....@.......................................... ..h................*...........................................................................................rdata..............................@..@.rsrc...h.... ......................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1031.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):303304
                                                                                                                                                Entropy (8bit):3.6916358451286384
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:1AFD60C547231BD8083372E4D67B242C
                                                                                                                                                SHA1:F7311EB3746FA9C0317126BA3FF3D01BD62FBDD2
                                                                                                                                                SHA-256:B4A93E8B8D6BFCC4658ECF1DAB82D4C2E070F60C31B2DA121E88744FFDC78A33
                                                                                                                                                SHA-512:01EEDF3B09CCB5936C807A0769B73133C779F69D057AFF52F5995FD3E5AF636604F223F7B9AB886D173BDFC2FC45324C6295AB7E377512DE10CF346F81B6C52D
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....t......................................................0:....@.......................................... ..hq...........v...*...........................................................................................rdata..............................@..@.rsrc...hq... ...r..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M...C...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1032.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):317128
                                                                                                                                                Entropy (8bit):4.295317070736888
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:16A6BE94F3DAA78279EAB85E78D40B07
                                                                                                                                                SHA1:5CC5DAF69340EE6D3F9694655442AD04D60868EA
                                                                                                                                                SHA-256:46BD15EC07FB1CC9D9507B4AA5A3F313FF30B09A6B46459C8378F60F03CE4F8E
                                                                                                                                                SHA-512:9AD1A0A8B66DD5B99E2A876EE8DF832C4B6808A5E159C6307616387BD43C2064288873BB1DFED8372622758C928D09057B03140C53A479A8666AEC156A39C282
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.................................................................@.......................................... ...................*...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M..pz...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1034.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):302280
                                                                                                                                                Entropy (8bit):3.6182468809702506
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:1CBEE5889C173C332C0B2299BA709735
                                                                                                                                                SHA1:FBCB8B771C1E169E157BD64CA99C8F3301299D3F
                                                                                                                                                SHA-256:32CFB7C94DC992EAE1732AD3B11E567FAF4A6E88101FC597EC105ED8E4E60397
                                                                                                                                                SHA-512:5785DF5FC1396C9CDB600833E2CE27DE810AEDDC941AFB9F9A523AEF495B8C88AA6F07F877B2DE7139459919548761433BD613A638630A44E5711EDE4B49DCFC
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....p......................................................Ko....@.......................................... .. m...........r...*...........................................................................................rdata..............................@..@.rsrc... m... ...n..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M...?...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1035.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):280264
                                                                                                                                                Entropy (8bit):3.640906567909241
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:B8FF21C0067C7581F5D9C23D884F7BB6
                                                                                                                                                SHA1:8B8151E11AF01B74AF3BDD18DC1E1EAA14E98438
                                                                                                                                                SHA-256:7206856F430FC75F2CC1A06F243DB0F87C12C6AA0B51447AA421791ED8A4FFC7
                                                                                                                                                SHA-512:257BF3621B9D7E8EBA69E0974EDE2295CB4B99DDAC3DE79A0F821F2589C6571293E56CC70C10021FCFFA5371F668BD76ED0F007B50277707A64D2C30C934AF21
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....................................................@...........@.......................................... ...................*...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M..0....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1036.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):314568
                                                                                                                                                Entropy (8bit):3.6378517360901492
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:11BAEA0F726FCF3B33B5799B3E11684C
                                                                                                                                                SHA1:2FF4E6E2DEB858ACDE7E6AB6BE3BF5437CF95EFE
                                                                                                                                                SHA-256:DF3C603756341C5F91DA5B38B7A43416ABD7A221C9A03754DDF8578F65F88EBC
                                                                                                                                                SHA-512:FFC54874E9C8CBAC6E05425F48BEBEA273E10A15E662F5B7C853F5AC26C26AAD8166FA3002B06EE7A2093F4C818496E9F681A4ABE30C8883C9F4E3BF44037382
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.............................................................o....@.......................................... ..X................*...........................................................................................rdata..............................@..@.rsrc...X.... ......................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M...n...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1037.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):85192
                                                                                                                                                Entropy (8bit):4.77114223788146
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:059AD1EE36883AFE25D977F6E2E26AAA
                                                                                                                                                SHA1:67175C2202286BB4AAE3ABAF5047B44F69F1E351
                                                                                                                                                SHA-256:7B6348DF847E82EB5B63A51F68F72AA8635C56367F25CB88832E453B0575659A
                                                                                                                                                SHA-512:02B44EFC1509D701C5F30BB949029AAE329B387C366AB0CD5CD263C19BEF55A37270200777CEDFA6FC23CF4807157BC49B8175719AAF4C49926B6FF443B63F19
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'..... ...............................................@.......7....@.......................................... ..............."...*...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9..p....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1038.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):300232
                                                                                                                                                Entropy (8bit):3.8202500154948864
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:3BCC475772879FBAB82A7D7288B3A6B0
                                                                                                                                                SHA1:6FDE70FB9860B93E7419DF44FE6C5323FDBBFA8E
                                                                                                                                                SHA-256:541FACF4CDCE1B309CE81CA10646F7FD9C812B2D87BF07E3DD2DE08AE02C93C6
                                                                                                                                                SHA-512:9EFFD43BA2B7DB72701287138B7E086C6B18AE4D12F6ADE7997B8D340DD4B696C77DF5429C563015DBB3DB1A81B245440BB6563693E50ADC8D9B62D331605C32
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....h............................................................@.......................................... ...d...........j...*...........................................................................................rdata..............................@..@.rsrc....d... ...f..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M...6...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1040.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):296648
                                                                                                                                                Entropy (8bit):3.6082348096374095
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:E289BAA86E0A74A3DB7CEAD96F21E99D
                                                                                                                                                SHA1:FDF9564BDCC38B8B4DE3087EC2EB67544775DA71
                                                                                                                                                SHA-256:3D1459A087D56F4CA96CC2567CB08619A2CF923CE9C20BFE600C56E8CAB1FEA2
                                                                                                                                                SHA-512:DDBE5E49E7B11029F821A15EE7243CA4960519E692F587749F4D0FC06B76A4927E8CB388D3860185415E5F90685CA63D33ED678EBD3A3D45ED4205BA7B087B8C
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....Z......................................................'.....@.......................................... ...V...........\...*...........................................................................................rdata..............................@..@.rsrc....V... ...X..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M..h)...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1041.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):161480
                                                                                                                                                Entropy (8bit):5.59332628361754
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:88ABD5AF9B70B3CCAE19787AD1C0747C
                                                                                                                                                SHA1:1A1249F54DD4DD3F8C3C447871B8D08CB7C75D03
                                                                                                                                                SHA-256:6F9A797BB910D599829A2E0EC315583180851F0ABFE566361C09FD06BCA6FE24
                                                                                                                                                SHA-512:936CC37822502128D3F4809FA291C05333AA2014B42511078242B9C634C2828EE4EF409E12101E5CBA2DFC061708B2F8BF5DE860CE1A7E0C179F4DE760716FEF
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....J...............................................p......h.....@.......................................... ...G...........L...*...........................................................................................rdata..............................@..@.rsrc....G... ...H..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1042.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):156360
                                                                                                                                                Entropy (8bit):5.841710785432194
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:DFE0E9A9FFB4448AE501730F141C6651
                                                                                                                                                SHA1:DE2C10B2A9135A7F001873E668E78E1E31FC0381
                                                                                                                                                SHA-256:A97FDE06D52E37966FB7C718FFC4A166D82D7062781B1B24E745B26D0E239711
                                                                                                                                                SHA-512:4FAE9A7C7F6552371B264D4B56FBA8AC5B52666E2C6EE0BE43480F69D4103B834C889F1CE10F68494FE2443961646128EB6EE6D10718F408DA1BB22140521FC2
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....6...............................................`............@.......................................... ...2...........8...*...........................................................................................rdata..............................@..@.rsrc....2... ...4..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M..(....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1043.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):297672
                                                                                                                                                Entropy (8bit):3.6323029338156076
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:2272A3BD1C98C2C0B885FBE136D30E67
                                                                                                                                                SHA1:A83363D68D404D0AEAF20227DE4D3BDADB430FD3
                                                                                                                                                SHA-256:F550A5554293E69EC95AA934E74CFF91B8D6BDF94A1D33C6A8C5F06D2F4B2A43
                                                                                                                                                SHA-512:1BE12828E94D87F2E149E6FC853E04E134624CFD27AC7C83AC765A3DDB6F4038185325BBC323A8CD0DA60AED6FCDE8B96890FBC4FE5E33D6EC55A3A4D04A0CA1
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....^............................................................@.......................................... ...[...........`...*...........................................................................................rdata..............................@..@.rsrc....[... ...\..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M..@....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1044.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):269000
                                                                                                                                                Entropy (8bit):3.6792270321747242
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:5BF974BFE8D0F5B9E243F4A89AB2C168
                                                                                                                                                SHA1:9521AE80B829576E93DA6AD52166102D4508AAC2
                                                                                                                                                SHA-256:67B1A90E9A6DA4DAA730D2A4EAF3F71044F5D09A35E9D2C609D1478E8CC84BF3
                                                                                                                                                SHA-512:82118BDDEA3891953B7C25767DE4F52F79B2F4222D850EA5E680E9BFE7C995783D6136786C1233FF95D3EA336BAA910F4EE51E522971A557FC8F723F3B9CACDF
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'............................................................L.....@.......................................... ...................*...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1045.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):303816
                                                                                                                                                Entropy (8bit):3.8807358114490933
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:3AE506E4736A53001B6A3A2D003036D7
                                                                                                                                                SHA1:BCD510847CFA1DD26B4D1BB9702933E3C001E15F
                                                                                                                                                SHA-256:4BA04B476E3E91CD2CF864B56D4E921EAF92C5ECDDF5D1D82FB462C065475AEA
                                                                                                                                                SHA-512:9744FE5AD2B5961FAEF06BE07A2D74BD8D1B839A3182DA14DD9F9D96A8A20C984CA0D2D32329B958B6D2670D562A2A8E307C05A32E9A2756BD9A1421AE662549
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....v.......................................................6....@.......................................... ...s...........x...*...........................................................................................rdata..............................@..@.rsrc....s... ...t..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M...E...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1046.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):293064
                                                                                                                                                Entropy (8bit):3.6606390937628257
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:404E1E230791E40D91EFAA9F0F1F5A5B
                                                                                                                                                SHA1:25E32F899CC5374889D37D91F7209D77ADF9E2C9
                                                                                                                                                SHA-256:062056A86A17F8EEBC2577CBC9386ADC1C798EF03CFADF33586683CA8857997F
                                                                                                                                                SHA-512:7874AB34B476932309B0FC9E7D6A7E1BD5CC1C169A335721BE5D14C619F981C5F2F2D93CBE82F05A8E0C46188DF021F0E6AC46CED1A8EC40430F115FE16EAFA8
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....L...............................................p......n.....@.......................................... .. I...........N...*...........................................................................................rdata..............................@..@.rsrc... I... ...J..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1048.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):314568
                                                                                                                                                Entropy (8bit):3.7680761749977436
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:C8DAED752F9E155C41931A1FE2E556AA
                                                                                                                                                SHA1:D9B7BEE197B1F11719CCC1CBA4C39793D7FF213C
                                                                                                                                                SHA-256:ED648374E7842BC8BD70578FA01387ABB79F6D6BBC249B602790D3E575DB79B0
                                                                                                                                                SHA-512:AC364024B13FBE0CED8FB95E7A2818EFFD40460CB6BB9CD51DDA1029B24E9AA3202D3F244E4BC35E7FE956427D4E99814220A617BF78E58E9BD745BDB7362688
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'..................................................................@.......................................... ...................*...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M..xo...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1049.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):281800
                                                                                                                                                Entropy (8bit):4.254161582120436
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:9431F12D8A73167648F39E721C038A10
                                                                                                                                                SHA1:EA3254E72F415308628AC5C391D9A74C51CD1985
                                                                                                                                                SHA-256:36E987E348596276096299E1CCCD22DFECE5ED311C80118E3F8AB77A698489D6
                                                                                                                                                SHA-512:2E2FAB5E08FFAF4AE63C9582C160DFA0BD66CE62779586FD77391916C913AA144FCA9B3002FE901EA5ACC1AD8DD4A437CE688B78B3E677C3EE3BC3A3E38168BD
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'..... ...............................................@............@.......................................... ..P............"...*...........................................................................................rdata..............................@..@.rsrc...P.... ......................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1050.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):293064
                                                                                                                                                Entropy (8bit):3.7521153119259405
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:48EB397793004247A90F18594543284F
                                                                                                                                                SHA1:B1223B87EEB9F964BFA7FC8F0BBDF2F993F9EB6B
                                                                                                                                                SHA-256:C53D94423A6F6BEA3A6DA4C7EF066C6AB5125A2DACCF534CAF1DC7B5A15EB8DF
                                                                                                                                                SHA-512:C1D764E1BE333F29B8B33B4D05583CB2EADE7EEE7F149EAB6409954B7B61578B47DE022537BD7FF5E6041932D1BD66E6720ADDAC1084E95ACF92CF231E45F297
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....L...............................................p......5.....@.......................................... ...I...........N...*...........................................................................................rdata..............................@..@.rsrc....I... ...J..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M..`....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1051.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):278728
                                                                                                                                                Entropy (8bit):3.9300359073601046
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:9AFA9D90C4FE7DB08AC0FDF915AFC75A
                                                                                                                                                SHA1:5D3141A4806EEC1A8373908B864D502C291E3373
                                                                                                                                                SHA-256:4FC11C6076466F793DFF467C2D5CDA5AB2C5C3DE4C55B63F6AB8CD71926C2522
                                                                                                                                                SHA-512:00D40E08B92BD08713077992DB4974D406F9D3B3E6979A4AE4F7B21B66450252701BEA45AF0585A784AE0DB610011A49046A5951D33BB19816B39CEC51870CE2
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....................................................@......v.....@.......................................... ..p................*...........................................................................................rdata..............................@..@.rsrc...p.... ......................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1052.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):99528
                                                                                                                                                Entropy (8bit):4.1830583051423025
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:5C64D07BCD62D1CC7941AC658C100A00
                                                                                                                                                SHA1:B83ED940C57C38138F2A67872243C709C37F0EDC
                                                                                                                                                SHA-256:1333E37703CC02476F23E107F293ABD7703B5137B6DCA557AE16AA4C9BA8B623
                                                                                                                                                SHA-512:EFC185BE02AF962A0C283FCA0EBF01725D4FC8BE2376425046DF1CC92EB9946F987070133C0AC1F44159F8FC998942668C2075F32AF6CEA09A2475CC1E9C37BC
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....X.......................................................Q....@.......................................... ..hT...........Z...*...........................................................................................rdata..............................@..@.rsrc...hT... ...V..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...;...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1053.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):274632
                                                                                                                                                Entropy (8bit):3.698308844073592
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:3AF5674420B5E2FCB6473217418E7E3A
                                                                                                                                                SHA1:79C27357666AB4F886AC0E292E0B141E6913330C
                                                                                                                                                SHA-256:1573838DA1A0CAC90644D14A114C25D74C047A3B75B23565BAB049D0AE1D65E4
                                                                                                                                                SHA-512:69FD2F8BBC0F7C34FCC8624D27F9C5661279DA6A0E9B9E78E491BE057032BFA761293D7C0B8289435453145B8137760078A3CBA430FC22DA9BC00E65E6ED217A
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....................................................0.......T....@.......................................... ...................*...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1054.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):262344
                                                                                                                                                Entropy (8bit):4.408880536070622
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:DFC76754A1C3E15659D3D490ABAF50BD
                                                                                                                                                SHA1:3BF0EEC03418FFDDF050E8C7A0037F12AD3BA134
                                                                                                                                                SHA-256:DACDC6807BF8DB0A8B6FE808B0E583396176BC15A702D47E8040C6650BA1CB33
                                                                                                                                                SHA-512:E375CB7F18B6D18E9B0D7415485DF97F0ECD9069DBE338D3ABC90EE51B3AC723EC036504B1B5E4B26DD7E8354D1B39628705A3A8E5B2A1C7CA510F7216D4743C
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'..................................................................@.......................................... ..x................*...........................................................................................rdata..............................@..@.rsrc...x.... ......................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1055.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):294600
                                                                                                                                                Entropy (8bit):3.87143163429255
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:7A8BEC7B3C0D24DB83ED060A4856CF9A
                                                                                                                                                SHA1:A25C0DBA0AB429057E9EC6998D255A60B39E43CF
                                                                                                                                                SHA-256:E6FC1B1382CB923AB59E9B2005D9C30C2D2A8EB002238698C0B9C38D49BDAA7D
                                                                                                                                                SHA-512:D648BCF720D9234E80FC273E0F4F2BA06E72BA22E7485CEF080BB783839571CED9E3280E873DD29D29BF639A16753B4793363C96874815DDC44CA78EA5D09CD2
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....R...............................................p............@.......................................... ..(O...........T...*...........................................................................................rdata..............................@..@.rsrc...(O... ...P..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M...!...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1056.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):281288
                                                                                                                                                Entropy (8bit):4.177829424885574
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:5A27268C53E3CFA666973BF554C8638D
                                                                                                                                                SHA1:17B4E33AE5678A3413B861E3E6C1B945D4674C9B
                                                                                                                                                SHA-256:91D9DBAA2A379BEDE9C2568140FFA31660B2EEE7C091911FA5DE029AFC4B359C
                                                                                                                                                SHA-512:C9F3C60C0CDB56A16D84E70F0FC229D66B7B7A40EA11D5AA723CF240E577E2055FB528BEDE07ADEEE988852217142583BBEB396861DFD76797181D6672702970
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....................................................@.......z....@.......................................... ..H............ ...*...........................................................................................rdata..............................@..@.rsrc...H.... ......................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1057.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):283848
                                                                                                                                                Entropy (8bit):3.6357477317475086
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:31073F1E979DA8A1066DE2A12E064044
                                                                                                                                                SHA1:C60AE2807869256E75D8BC2358055B8860DCD8AF
                                                                                                                                                SHA-256:9BDA7AEBAFC0831AD71669ED35CF6FCF9622DC47D7359CFC4CC25CD87165EF04
                                                                                                                                                SHA-512:0851E0405A04B5063E87445709E784D796C384B1DE8F9346D92096DB217345225A4CD4D4684C83912F23C43868065686BF3EC75C2273F9ABDF4B4B62E5D55314
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....(...............................................P............@.......................................... .. $...........*...*...........................................................................................rdata..............................@..@.rsrc... $... ...&..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1058.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):285896
                                                                                                                                                Entropy (8bit):4.278688707575103
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:A06115E06DCE0E9D498F6788C0508901
                                                                                                                                                SHA1:231E7ED8C6F48883BEE624DEE466083E594E0472
                                                                                                                                                SHA-256:9EDEC8869972204FC06F2929AAD7B18303E392DC216B13410CCA1BFE37478FD9
                                                                                                                                                SHA-512:27CE4E66A4A6652B494D9ACEF376FA1BBCDBF647AD9995B5A5CB8CBDED69164C19805BCA557B53EFEA78575D20AE28FD956BDBEF0D87B753F05FF786FA3E7C54
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....0...............................................P...........@.......................................... ..x-...........2...*...........................................................................................rdata..............................@..@.rsrc...x-... ......................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1059.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):280264
                                                                                                                                                Entropy (8bit):4.278658419006491
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:B8D2D225BD4B112AC57744A547611186
                                                                                                                                                SHA1:F8192CBD6C61823EBFBE64F7D2FFFB419C6A352F
                                                                                                                                                SHA-256:76B6CD313CE7935068F68C1BA638672854D5662FC6264C880C94180632E679A8
                                                                                                                                                SHA-512:745C4C534EE5B129CB1FC15E469B0C744543ECA03A8C3DA8F6AD9C6BE354B79E284CA4898D03D314EBB0BC762E593F9D26DDC7B759677B603AC18FBCD5A2D92F
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....................................................@............@.......................................... .. ................*...........................................................................................rdata..............................@..@.rsrc... .... ......................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1060.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):297672
                                                                                                                                                Entropy (8bit):3.7314042402744514
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:88155CA18A434F52BF82741CC9DE3095
                                                                                                                                                SHA1:E7CC4AF5592748DCE76BFC9E631CEB6414CCFB50
                                                                                                                                                SHA-256:440592AD8F3ECB6869E7C3A3170FC4B61F7C822D665D68EE2FC608DCA7381942
                                                                                                                                                SHA-512:2CBB2230D2E34D5ADA2E24AF17F4F4C55024557F91C294F9115EC585FA17BAD5F9416CA694ED32849225DF5B808345313018CAE3DDEA33BDDF481276E177105D
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....^.......................................................d....@.......................................... ...Z...........`...*...........................................................................................rdata..............................@..@.rsrc....Z... ...\..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M...-...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1061.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):270024
                                                                                                                                                Entropy (8bit):3.6773032611878507
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:4EB403BF2D6979FEFDF09198846EB85F
                                                                                                                                                SHA1:8A2AE67EE4C606336FB6F010C9306C4FF0DED2DF
                                                                                                                                                SHA-256:8877821CA16D6DEDABDB2CE1A643C852F871185AF7FDF8490D82A0E78481134B
                                                                                                                                                SHA-512:CA441C0964379CF62F18D74367F362B93DE92CEE9BDCB43EF4EF4E1CE269D376FC60E303144C5F12CF918F1CE09A1B1F60AC44D2519CDED47E884EB01CB8F3B1
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.............................................................S....@.......................................... ..`................*...........................................................................................rdata..............................@..@.rsrc...`.... ......................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1062.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):278216
                                                                                                                                                Entropy (8bit):3.8829896109933966
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:9295FAD37911AF5568DC4A6F065DAD45
                                                                                                                                                SHA1:858D6B5D8722908E2EBA789564B2AC4EE5C41573
                                                                                                                                                SHA-256:B69398CB7C9A2099C785C0BBF3BEB9A8326048EEA788D9FD8C875958D7B0EBA8
                                                                                                                                                SHA-512:6E076B6FFA8C82ED8C30F463F1C03AF421BC6DEF8C3A32E9B75080BDE0263D93D87D4A518C9B9407586E356C598700C8A40D4123F1FEF6EB999F2BCFFB40075F
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....................................................0......L.....@.......................................... ..P................*...........................................................................................rdata..............................@..@.rsrc...P.... ......................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1063.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):285384
                                                                                                                                                Entropy (8bit):3.8415313617090088
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:DBEF06D6FCE17B9EB0A80AA703B99904
                                                                                                                                                SHA1:7A24DD285CC679BAE1F5E7BED0488741471ACFB5
                                                                                                                                                SHA-256:3066BA3A14AA555C74D91CE72E128782DCA3BBBF48A230899BC61DFFB5E68C40
                                                                                                                                                SHA-512:602E34855B4E0325A61DC270DDE13CDE12B9ADBF58889F63BB714AE5B01401D12813A9A641557FAE756B03CAB7D21F25C9F9623FF69E7396C1FD51AAF5CFC012
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....................................................P.......]....@.......................................... ..P+...........0...*...........................................................................................rdata..............................@..@.rsrc...P+... ...,..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1065.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):279752
                                                                                                                                                Entropy (8bit):4.131369740306817
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:2E675C9C1C4E2D295D0E4488290439DC
                                                                                                                                                SHA1:1A3A181DCFE88B4419DD2129D3537D0DE421A485
                                                                                                                                                SHA-256:1F0ACF02A234B0C4EE84EF12E70071F5A000876815D7040CE6F26E9B33538CD6
                                                                                                                                                SHA-512:3370BD349D33C987C44FA12532F5A2E7BA0E6B8EC793690114E028B84CFC7C8A4E931219B1E5DD13A630F39FC5060CB92A762004318F94E74116FD13D378A933
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....................................................@.......k....@.......................................... ...................*...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M..p....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1066.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):290504
                                                                                                                                                Entropy (8bit):4.219899810947864
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:7DF0AFC013983A6A6AD7E549A6E3EF8F
                                                                                                                                                SHA1:D41354966F4E5B2A402003B4F6BB61D3094C03B6
                                                                                                                                                SHA-256:A83628F363DE3CAC3800BF59A46F454F4DA9563397D44F106F0DAB78F733F69F
                                                                                                                                                SHA-512:75F1CC7AA63E3A2DA0EC5683B97E8F71F2A71ED1D35225E2B92FA604C67DD49CB43D8D57A072B61CFD71219D49D8A5446BDA07D62DA1B7EC518060ED188BFB8E
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....B...............................................`......Pl....@.......................................... ...>...........D...*...........................................................................................rdata..............................@..@.rsrc....>... ...@..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M..P....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1067.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):97992
                                                                                                                                                Entropy (8bit):4.756729896757535
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:6764F4096BB31F09427193B88DDCE886
                                                                                                                                                SHA1:9B8A9ECCE9DD3E150C644C5282145DF5AD1C1E57
                                                                                                                                                SHA-256:1F80C59D97100F2F90A8C81C184AC310ACB9574D7F8ED6E17CFF20B8B9F2E9D2
                                                                                                                                                SHA-512:4B3CE13A27ECA892C454E45C2A0AA19F718C151D9D339DFEFA0B96CFCBA7CFB692266CC003CAC35FE11A824B8BB4AF95159842D112F2780377AF3E8832237C50
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....R...............................................p............@.......................................... ...O...........T...*...........................................................................................rdata..............................@..@.rsrc....O... ...P..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...6...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1068.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):97480
                                                                                                                                                Entropy (8bit):4.313269070094942
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:4FD58E4C2D081EFB560DEFAC731B6FF9
                                                                                                                                                SHA1:C85CD523AF2CAF397889C85D8353BAF71DE7D111
                                                                                                                                                SHA-256:4DC6CA474055F5A6AE72E6D90E429E7C4796903A220B1AF4530AC0CE8B4532E2
                                                                                                                                                SHA-512:A019CCFC5F14577964E2E3BF78C93A55A3FE508D603076D323C9B26B1A09EE5B523B0EC88BD970ADBC9746DC48B8FE81B532F9C908591DAAB318111AE9D76C22
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....P...............................................p............@.......................................... ...M...........R...*...........................................................................................rdata..............................@..@.rsrc....M... ...N..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9..P4...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1071.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):106696
                                                                                                                                                Entropy (8bit):4.697773302568603
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:BE92BAD82A1B7597A203B10F75A3438B
                                                                                                                                                SHA1:97F9C1C7119BBAE2B8CCC4E5EC36C49C1AC7ABC1
                                                                                                                                                SHA-256:E4255B2D7AAFA1E28097A073459C6F1BE826A712A1CF5DCF6F9984E3FA43B012
                                                                                                                                                SHA-512:FB1B78E73B07D2D1E8835FBCCE77487E2890CC0F482808B41058E02F09D78BEEA2D05810617F06232AA215DDBDE43D056EC3C2FAC09674F93211F115C6430F59
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....t............................................................@.......................................... ...p...........v...*...........................................................................................rdata..............................@..@.rsrc....p... ...r..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...W...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1079.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):99016
                                                                                                                                                Entropy (8bit):4.823209775763027
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:45C995A05979AEBF7F3B9C5C7605D800
                                                                                                                                                SHA1:DABF1CD6453330E92590A69B193E4F0363F963BD
                                                                                                                                                SHA-256:1033CED3B485272EC4DBDE00297FAE8417FB60655E51D19349C9780C942FBF7C
                                                                                                                                                SHA-512:E8456CEB94386DCF095E22FBF7616BAB535984F5B1016BA95A3E12CA1AC7D8E7ABB224636BE1A55C28F18A4C558B1875A56BF0B8CFB71472BA676879D276C732
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....V......................................................,r....@.......................................... ..(S...........X...*...........................................................................................rdata..............................@..@.rsrc...(S... ...T..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...9...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1081.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):282824
                                                                                                                                                Entropy (8bit):4.289917887520371
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:AAF5905A866F46012DE56365E47D2DA7
                                                                                                                                                SHA1:953635C78DDD8B67A27FDE207291175740E8B3B5
                                                                                                                                                SHA-256:78952B09E8B4BF7FF23D2A8ED6F342B19F0D70CD5C9B67014B51884C28B1E4C4
                                                                                                                                                SHA-512:68A1C8378F36CD87DF50E8417665CAD25B9BF018FD9327293AF68F7AA12FE0D6EAD13E3E97CB6655A7AB1FA86EC0EA1CA7177B2E5700ED96B6FC8426DAF4A68A
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....$...............................................P.......2....@.......................................... ... ...........&...*...........................................................................................rdata..............................@..@.rsrc.... ... ..."..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1086.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):294088
                                                                                                                                                Entropy (8bit):3.5921712782493715
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:FA18775EC55C62696DA99E31F754A1C9
                                                                                                                                                SHA1:0739943630C0342809E724C9325103F9D11195B8
                                                                                                                                                SHA-256:0A95369BF45442F4B906805A5D08B907407103AE196671843A08245B074FB1E6
                                                                                                                                                SHA-512:8F0F4829010C3B85F363705316B73A0B93820BCB043A90413BBB3CFD79428805B684FADF089F3BD1B5D8A56C2258DF6BF2A47DA56D5375759BE3550564921939
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....P...............................................p.......B....@.......................................... ..hM...........R...*...........................................................................................rdata..............................@..@.rsrc...hM... ...N..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1087.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):95944
                                                                                                                                                Entropy (8bit):4.743220807223974
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:1198CD977C4578945A93F11FC7155567
                                                                                                                                                SHA1:A20992E72C28FA5550D082FA0B9B15CBB604BE95
                                                                                                                                                SHA-256:D6E3F54FF750B3337109F50577E8B0F3102A23D56D0A0113C2960E0CB5509313
                                                                                                                                                SHA-512:A48BA5F51371C5AA57D7604BE00401CABCCCEC79FF6AE5BE6BC4B4448E4353F5A5AD119D154F9EB15C1D770273328DC99CA29C5EDB2B8F0E42829429E712A06D
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....J...............................................p............@.......................................... ...F...........L...*...........................................................................................rdata..............................@..@.rsrc....F... ...H..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9..P-...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1090.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):107720
                                                                                                                                                Entropy (8bit):4.234311062940748
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:7B1E0D23AEC49F8D206F7158BF644400
                                                                                                                                                SHA1:68C7660646E6707C05C0C8FCEE42AF8B781A9D0E
                                                                                                                                                SHA-256:35E2E6967CA8DF73454ED9ED16865EFEA9F31B32CEA7D2CB12BAA29445E002BA
                                                                                                                                                SHA-512:8513E5E706C3698A4F79FEFF980515AFF817710D52EB600057F2B52DD5FC261EA69488130B0D1A2503AD789AF2E6F46A7F768F22A0FF2908C6161F7D3E28FFD5
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....x.......................................................R....@.......................................... ...u...........z...*...........................................................................................rdata..............................@..@.rsrc....u... ...v..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...[...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1092.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):95432
                                                                                                                                                Entropy (8bit):4.8557583064221745
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:F9A8A3A4EB2A9F058FC7D840CF84A819
                                                                                                                                                SHA1:5ED479C418B253672230C0D0CDA4A32489F608D7
                                                                                                                                                SHA-256:89DB9A1EA78131E83C3C98F8DEB2C4EAE120E4D513A5AE80B313903486D45449
                                                                                                                                                SHA-512:347CBBC5354719845C671C8443944CA09C80A68B9B679D86C1656FF2299042A8DCB5A4B2073A023CA89D1607A4CF1FC44BCB027554671EC4897A1CE75C133937
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....H...............................................p...........@.......................................... ..(E...........J...*...........................................................................................rdata..............................@..@.rsrc...(E... ...F..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...+...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1093.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):286408
                                                                                                                                                Entropy (8bit):4.350088351515968
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:3710FC03EA22F1B71E01EF1CAC7E8A1D
                                                                                                                                                SHA1:EBE6EABB2EB7098860A20D9CE70E96BD42D168C8
                                                                                                                                                SHA-256:AEE454B2E58325A8FA2EE1DC60FAC276832D3624BED16FAE3336B58D386CCCCF
                                                                                                                                                SHA-512:91C37A48A732F1F7FE331BFCAC9D8D1123E0838CEC55106065FB383BECF4C8BB807B2F6C73E0FDD798A8825F8EB2A89E26803F5697781D69C9A6770EE28459A5
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....2...............................................P......J.....@.......................................... .../...........4...*...........................................................................................rdata..............................@..@.rsrc..../... ...0..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M..(....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1102.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):100040
                                                                                                                                                Entropy (8bit):4.740016309596835
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:570F87D0668F18456CC2D63762836389
                                                                                                                                                SHA1:09F4FF35FEBFC2D3DCEB4015E02D3993214EB680
                                                                                                                                                SHA-256:FB4661569421C3C609D875FDD72499A867DC13C9D9459CF1B1E8060855299001
                                                                                                                                                SHA-512:051AC6FB5A6A42D69FC86EDC8A4D6CF380ED805AC31A139983C16823FDFF446BDBBBC15C28AFE4441A909459E22559DA1B9B2951B200DA63D5AFA4FFE0F43669
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....Z......................................................~E....@.......................................... ...V...........\...*...........................................................................................rdata..............................@..@.rsrc....V... ...X..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9..`=...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1104.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):97992
                                                                                                                                                Entropy (8bit):4.765510152969893
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:DA0A79BB557A7222BEAE39E8994A1EE0
                                                                                                                                                SHA1:54C5C7D81914B4178BFF1027BD89E63AB2CB077C
                                                                                                                                                SHA-256:B8E1795FE9F97060ED15497952E0F2163C9AB60D44CA2DC7F90EC60CC25CCF20
                                                                                                                                                SHA-512:FB420D20607B6844606F2DC7D16700ADFF66E5E64862E77C3336C403B44FC9E799635ACB617024CFACB19A6A75866A2C14641625AE786E80F83A87BA29FF0489
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....R...............................................p......pf....@.......................................... ..PN...........T...*...........................................................................................rdata..............................@..@.rsrc...PN... ...P..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...5...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1109.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):102600
                                                                                                                                                Entropy (8bit):4.70272707159566
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:3B4261B28B09120E38EFACD8C3D42E08
                                                                                                                                                SHA1:EA8922CDDD8315CDAC630CDCF562E54527EDCFD7
                                                                                                                                                SHA-256:88D98E86189D4DF154C574C143A15A6BAD7829781D66A3005EE416EE92480C02
                                                                                                                                                SHA-512:0610E31BDDDFF7EDDE9EF84B98CCD1F42F79FBC740568367032161438DA416215EA6E73074B04D148F3B66C253168A1E1A50B52931F29DAFFB0E573E5385EDFB
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....d......................................................yb....@.......................................... ...a...........f...*...........................................................................................rdata..............................@..@.rsrc....a... ...b..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...H...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1110.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):97480
                                                                                                                                                Entropy (8bit):4.1630938547314935
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:1B84872C032359C847C72E14802180BF
                                                                                                                                                SHA1:86A9FED92268520C478FF7018354FA7D1D9C0045
                                                                                                                                                SHA-256:073BE2E301013D18C155B62EEF64860677BCDE25471ACF2A99C8666BCFEF3759
                                                                                                                                                SHA-512:41351BAB06268F8C1F058A2299A1B022AA7ED2B7A1A93542C1A6B5A1367F8EF6F3842D2B3CA1C7FC56CF15F93852BC0C9CE304C53D0631FA847043689047E998
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....P...............................................p...........@.......................................... ...M...........R...*...........................................................................................rdata..............................@..@.rsrc....M... ...N..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9..84...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-1155.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):114376
                                                                                                                                                Entropy (8bit):4.065322208835991
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:652455BCD82E79B4C11DF54B2A45A5EF
                                                                                                                                                SHA1:459F4F2E6B89A429B19F662BF583364950504C69
                                                                                                                                                SHA-256:3E7FF72FCE278017BAEC66D29B53B1278B905DBD594B72B3BE861C0D71823DF8
                                                                                                                                                SHA-512:68B6A1C348CD459A3A0C16CB042C7D15481249A43B49EEF43D2DCDDD69AE60502C405F18946A5D661FA8C2AFD9A524D117C7BDD34C6FC24633DBEBC13FB7E6D6
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.................................................................@.......................................... ..................*...........................................................................................rdata..............................@..@.rsrc....... ......................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...v...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-2052.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):116936
                                                                                                                                                Entropy (8bit):6.41545956699352
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:0953455F6D9284045507F807D01CDDA8
                                                                                                                                                SHA1:22E88B732710770111A6CF6DAAD75C25DE320457
                                                                                                                                                SHA-256:917C98B3B85199A060A559FFF1B31BA553B05B286525077A0528A8A435909755
                                                                                                                                                SHA-512:DC5F505B71DF3F54C38A2698D1EA30ABFF3851C45921CCAD606CF4CC6BE22BB5CAE0DA54EBB01E903A1D6294F334BB2945516233D8AE8F87F50C53A21DDA9108
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'............................................................lQ....@.......................................... ...................*...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M...l...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-2070.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):296648
                                                                                                                                                Entropy (8bit):3.64633775924821
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:915CEB2C55CFA66442DAF066044F8F44
                                                                                                                                                SHA1:2B09AE933252F8AE13A759A05A051596D51EA10D
                                                                                                                                                SHA-256:157829B23C10478D6DCA3697E11CD4D24EFF5A562437303CE1F521C51E7215AC
                                                                                                                                                SHA-512:2DD31249065B3E746D41D85BA10C335AAA4E0FDA53DC94254145246AC3F524506B74CFE5360D6D08886CD9B0D9D3279CDE174E1B89768C30BCF0A310C4685ECB
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....Z.......................................................w....@.......................................... ..@W...........\...*...........................................................................................rdata..............................@..@.rsrc...@W... ...X..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M...)...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-2074.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):292040
                                                                                                                                                Entropy (8bit):3.7481971619360905
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:BE17836A50A3A6C180E12B775C65DAD8
                                                                                                                                                SHA1:302FBE090EDC40FBA0E763E39C737A35DBE73BD0
                                                                                                                                                SHA-256:E06838203B5093E2ADC1EF7A29D67EAA256AC510595733B825F48840A6E43098
                                                                                                                                                SHA-512:AC9899A2EB19C125483587B8B616D5A69A5BB33AC11684ED55E239E494B0F7887FDB94CD4F916EDC46C669034017A90118AA20321870A63FB5E2EC7323E06DE4
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....H...............................................p......q.....@.......................................... ...D...........J...*...........................................................................................rdata..............................@..@.rsrc....D... ...F..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...-...rsrc$01.....M.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-3098.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):100040
                                                                                                                                                Entropy (8bit):4.71331369793178
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:971B4581772124BAB87CE0B7578E7EFB
                                                                                                                                                SHA1:8A02A0082FC11D06BB55C444DEFDFBC23A68B900
                                                                                                                                                SHA-256:8DDD3C14766C4558829FBAA4B11C4E2F52E2402A7459CC0B09DFADD9F20B4E15
                                                                                                                                                SHA-512:309D32B440C337F6532BE2AB8D64B3C0E63DDD2E757C968E046698EA50CA18FC1FB9B35DDACA2381F9709EBFB57C571AF63A20C54B94CF946EB0CD6B13EE1051
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....Z......................................................i.....@.......................................... ...V...........\...*...........................................................................................rdata..............................@..@.rsrc....V... ...X..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...<...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-5146.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):103112
                                                                                                                                                Entropy (8bit):4.184162867412695
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:BDFC4760C70F827DEED7A80795B9D129
                                                                                                                                                SHA1:C8C683DCAA4703FD9A0A05FC54872EEC4C02DF56
                                                                                                                                                SHA-256:52F21F4113AB656AFC15387DA2E036F646F5897B29C89C0D2C7C1DEDF19BDC99
                                                                                                                                                SHA-512:58A216134541744D83EA0B6C9D15BAE42F8CD7F736F32DE9A27A2E0FF717976FD472D39AE92730D30AC599D0E71D2ED1A6955D376F2C41FE94138B3B03A071EA
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....f......................................................9s....@.......................................... ...b...........h...*...........................................................................................rdata..............................@..@.rsrc....b... ...d..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...I...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsc5796.tmp\ui\res\lang-9999.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):101576
                                                                                                                                                Entropy (8bit):4.738727482984826
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:36AF090971FE470C3FCB570389096855
                                                                                                                                                SHA1:1C93734B9CDC61F5BE0B0B232DCA2FBD9A0CE864
                                                                                                                                                SHA-256:E3BE71099D4FEA7FA479A2DC857C3E47AE284CB1F7CB6CD30C910A866F946247
                                                                                                                                                SHA-512:BA7370FFC13822B8002D96AB64CECBB1BDF31334142EA2E0830775BC5D8A699B8A18870CD091040E2744C4896E7B8A6B7EBC736EFA59F3C0CEE89F4E9C13AF48
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....q.g...........!...'.....`............................................................@.......................................... ...\...........b...*...........................................................................................rdata..............................@..@.rsrc....\... ...^..................@..@.....q.g........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...C...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 21:53:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2673
                                                                                                                                                Entropy (8bit):3.986790303529538
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:C2A8CDD896DD04B901A691C095C0E076
                                                                                                                                                SHA1:BDEFF7CA26CAF6AEC588446FEED8358A1ADC2732
                                                                                                                                                SHA-256:0BADCF2F7A2CB37ADBE7AF3B31B90D61674153B7F1AB38AE21C02420FFD409AF
                                                                                                                                                SHA-512:7A008FFB2645E8B9DEE8AF575604BB305B4E3F3AC6FC2CFD57DE16A72E01C7F79E4F194CF865D7B43EDEED8DE656914A0E29734EF173D769F9E30BCEB39B3564
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:L..................F.@.. ...$+.,.....wz\.%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........y.\......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 21:53:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2675
                                                                                                                                                Entropy (8bit):3.999171166821071
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:40450159D2DA6C633F1349EDDAB459F8
                                                                                                                                                SHA1:B5CAAA80A8963A6A760D560C5995928FB39CC660
                                                                                                                                                SHA-256:FDDF79500FCEE3B1C4A0C4F855591D2B246D1643FF9E335F006DE321C02117D4
                                                                                                                                                SHA-512:CD0F0D66C9FEBAE7A7D9554B7E52148B842BAF9E6726C3880998BB7BE181284483415D70B92F12BC164CE9011B972659701A5ABFCC60594176EE4D16CC1A9F3A
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:L..................F.@.. ...$+.,......l\.%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........y.\......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2689
                                                                                                                                                Entropy (8bit):4.009446862719483
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:3B537F2083EA16E255BB5EFBCFBD374A
                                                                                                                                                SHA1:D470FE499B5A5EC6F0362D975CF0F932249369D3
                                                                                                                                                SHA-256:B2F4A5C4FF3052A94C0CB44B6A03B4BCFF5CCA197F03EA0B69C285472FF0EB23
                                                                                                                                                SHA-512:DD372600BC96F88D7B96FEA4D8A7D69089566FBCD178465E1DEAED8B23D8EFD95505EE7D9CD23424AEE08709857FA3AA23A80E26D044955F45053104964264F2
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........y.\......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 21:53:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2677
                                                                                                                                                Entropy (8bit):3.996883622561863
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:C219F610339C622079086AE7FD488A28
                                                                                                                                                SHA1:AF4248F9AC874BA97936C1F0957980C5D3C322BA
                                                                                                                                                SHA-256:5AAF95D71114AB6757B1A8FED38693332B81E9D1A4BE93C7CF69F400A7F61900
                                                                                                                                                SHA-512:D02BD19AA37BDD03468E3F6C70B9C2E1093216A772D2E4420A99318B0A521E0EE06D8F64B0BD0D228D80DA622E2541BD31B8AD9143578B8B8A524CACF3F1AA3B
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:L..................F.@.. ...$+.,....4.e\.%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........y.\......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 21:53:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2677
                                                                                                                                                Entropy (8bit):3.9876496012224094
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:B68A3C68BCC016AD6AD042A12F4698D6
                                                                                                                                                SHA1:56CF569076F9B0F0245D790B8B60FA3DFE59D030
                                                                                                                                                SHA-256:229BC0E2ED08A2542A763D7513B09F5F39D5F86A4D41785D119A3372E3FB8790
                                                                                                                                                SHA-512:3912204A11B5176FAFDC6B7F0FFE9976C8EB8E9006784C26E178E0FDDBDEA73C78598FC62C0049034810F12F23D7FB74CEF6467C73BBC4C72320F8960F9EC222
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:L..................F.@.. ...$+.,......t\.%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........y.\......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 21:53:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2679
                                                                                                                                                Entropy (8bit):3.998036279443044
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:A47D65C9A07E702B46B8F1E3CE240E99
                                                                                                                                                SHA1:A62BC79D6D685AC6A8689194F3A9B7A21A181A88
                                                                                                                                                SHA-256:18CDCE6DEAD3038BE0280E67C9C8EF751230EDD53A2FE4F385A77C9BE4473E24
                                                                                                                                                SHA-512:EC901D5D330A1D3DFD2D9BCEC1DB38C6933088FB25E30ED2670A443E885570CDDAA3A93AD63151D6E97698729D45F98EE8FB36EED8028E52D809C4D90DEF3C39
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:L..................F.@.. ...$+.,.....~[\.%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........y.\......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cookies.sqlite-shm

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Downloads\ccsetup629.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):32768
                                                                                                                                                Entropy (8bit):0.017262956703125623
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                Malicious:true
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\Downloads\05544bd4-0f02-482f-a729-21ed218d07fb.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1349
                                                                                                                                                Entropy (8bit):3.655898592507967
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:A8A7BA0AA8B21D2EB73DE73090086DA3
                                                                                                                                                SHA1:36AAAAC498445A28FE153F6C198E69FA6A6AFB49
                                                                                                                                                SHA-256:844B3BF5800AA41E5618B3A837062856FF6EF333974AE0BB2AE3B557F7828628
                                                                                                                                                SHA-512:25AD56B4E4EF16E911F0FB86D086E47F97F186DE6A2D7A5B6D33DC4DBB5F106B40F584272F2F729EF7E61F17DE008A73F27B09B75DA132B68C2FCB30D7114455
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h.......@..@6............@..........................`A.....B....@...........................................@..................*...........................................................................................text...vf.......h.................. ..`.rdata...............l..............@..@.data...xc..........................@....ndata....9..............................rsrc.........@.....................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\Downloads\301150ae-a9f8-432a-9957-3545633d705a.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):16123
                                                                                                                                                Entropy (8bit):6.261262131159535
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:9C56591BBFE314269492C5414393AC36
                                                                                                                                                SHA1:D65A99087EB544803E248CD8A1553B6764B77A41
                                                                                                                                                SHA-256:4C71D7DD326F474B0DB087EFED57ADE6069679454F11F171EFF23ED8B375E271
                                                                                                                                                SHA-512:ABD69E8FAF1D12201B7A0C0E45C86050A5DC5927FB67E15A59FF045F63B8F67C708F806CF94699417DFF26CB5232967399CC6DAB28559BAEC68A7886EF634585
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h.......@..@6............@..........................`A.....B....@...........................................@..................*...........................................................................................text...vf.......h.................. ..`.rdata...............l..............@..@.data...xc..........................@....ndata....9..............................rsrc.........@.....................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\Downloads\Unconfirmed 290419.crdownload (copy)

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):0
                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:9C56591BBFE314269492C5414393AC36
                                                                                                                                                SHA1:D65A99087EB544803E248CD8A1553B6764B77A41
                                                                                                                                                SHA-256:4C71D7DD326F474B0DB087EFED57ADE6069679454F11F171EFF23ED8B375E271
                                                                                                                                                SHA-512:ABD69E8FAF1D12201B7A0C0E45C86050A5DC5927FB67E15A59FF045F63B8F67C708F806CF94699417DFF26CB5232967399CC6DAB28559BAEC68A7886EF634585
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h.......@..@6............@..........................`A.....B....@...........................................@..................*...........................................................................................text...vf.......h.................. ..`.rdata...............l..............@..@.data...xc..........................@....ndata....9..............................rsrc.........@.....................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\Downloads\Unconfirmed 456581.crdownload

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):77195320
                                                                                                                                                Entropy (8bit):7.999981984134706
                                                                                                                                                Encrypted:true
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:38DB6304080B4F884A54DCDE94B02E63
                                                                                                                                                SHA1:C4A130857CEE9B4B29C55110DFB30CCF3AFB00F3
                                                                                                                                                SHA-256:939072506875347227D3661B2BD3E1FFE7CC50FE3BE1D7342897FF664E326BB8
                                                                                                                                                SHA-512:5860ADA87B0CA37AF423767252C7576B37911EC3B27EB21BD23597A01DE30B0668F7DAC93308D36CBD30CCF99315600B86D8B56C0C93847331EA264F18EA437F
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h.......@..@6............@..........................`A.....B....@...........................................@..................*...........................................................................................text...vf.......h.................. ..`.rdata...............l..............@..@.data...xc..........................@....ndata....9..............................rsrc.........@.....................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\Downloads\ccsetup629.exe (copy)

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):0
                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:38DB6304080B4F884A54DCDE94B02E63
                                                                                                                                                SHA1:C4A130857CEE9B4B29C55110DFB30CCF3AFB00F3
                                                                                                                                                SHA-256:939072506875347227D3661B2BD3E1FFE7CC50FE3BE1D7342897FF664E326BB8
                                                                                                                                                SHA-512:5860ADA87B0CA37AF423767252C7576B37911EC3B27EB21BD23597A01DE30B0668F7DAC93308D36CBD30CCF99315600B86D8B56C0C93847331EA264F18EA437F
                                                                                                                                                Malicious:true
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h.......@..@6............@..........................`A.....B....@...........................................@..................*...........................................................................................text...vf.......h.................. ..`.rdata...............l..............@..@.data...xc..........................@....ndata....9..............................rsrc.........@.....................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                Static File Info

                                                                                                                                                No static file info