Windows Analysis Report
lw2HMxuVuf.exe

Overview

General Information

Sample name:	lw2HMxuVuf.exe renamed because original name is a hash value
Original sample name:	5c48490b288fbb3b9d7b17aebc15b0f76edc4339029cadf91b28113111c2b20b.exe
Analysis ID:	1561836
MD5:	d12d2a0f8909a768683f6c548205e955
SHA1:	2fccbec13bc847741b7cdd85cbdd560af59d96e1
SHA256:	5c48490b288fbb3b9d7b17aebc15b0f76edc4339029cadf91b28113111c2b20b
Tags:	exeNineRiversSkyRoarCommitTradeCoLtduser-JAMESWT_MHT
Infos:

Detection

Score:	42
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Compliance

Score:	35
Range:	0 - 100

Signatures

Yara detected AntiVM3

Bypasses PowerShell execution policy

Contains functionality to infect the boot sector

Disables Windows system restore

Found stalling execution ending in API Sleep call

Query firmware table information (likely to detect VMs)

Reads the Security eventlog

Reads the System eventlog

Sigma detected: Script Interpreter Execution From Suspicious Folder

Tries to harvest and steal browser information (history, passwords, etc)

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if the current process is being debugged

Connects to many different domains

Contains capabilities to detect virtual machines

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to launch a process as a different user

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Creates or modifies windows services

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evasive API chain (may stop execution after accessing registry keys)

Found evasive API chain (may stop execution after checking a module file name)

Found evasive API chain checking for process token information

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTML page contains hidden javascript code

Is looking for software installed on the system

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains executable resources (Code or Archives)

PE file does not import any functions

Queries disk information (often used to detect virtual machines)

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: PSScriptPolicyTest Creation By Uncommon Process

Sigma detected: PowerShell Script Run in AppData

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Uses the system / local time for branch decision (may execute only at specific dates)

Classification

Signatures

Cryptography

Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_ed7bcb60-1

Phishing

HTML page contains hidden javascript code

Source: https://www.ccleaner.com/knowledge/ccleaner-v6-30-11385?cv=v6-30-11385

HTTP Parser: Base64 decoded: <svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="348.333px" height="348.333px" viewBox="0 0 348.333 348.334" style="enable-background:new 0 0 348.333 348.334;" xml:space="preserve"><g>...

Source: https://www.ccleaner.com/knowledge/ccleaner-v6-30-11385?cv=v6-30-11385	HTTP Parser: Iframe src: https://symantec.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fwww.ccleaner.com
Source: https://www.ccleaner.com/knowledge/ccleaner-v6-30-11385?cv=v6-30-11385	HTTP Parser: Iframe src: https://td.doubleclick.net/td/ga/rul?tid=G-YG64G9XX0R&gacid=246986528.1732446933&gtm=45je4bk0v872524127za200zb9132702579&dma=0&gcs=G111&gcd=13t3t3t3t5l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102077855~102081485&z=492160558
Source: https://www.ccleaner.com/knowledge/ccleaner-v6-30-11385?cv=v6-30-11385	HTTP Parser: Iframe src: https://symantec.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fwww.ccleaner.com
Source: https://www.ccleaner.com/knowledge/ccleaner-v6-30-11385?cv=v6-30-11385	HTTP Parser: Iframe src: https://td.doubleclick.net/td/ga/rul?tid=G-YG64G9XX0R&gacid=246986528.1732446933&gtm=45je4bk0v872524127za200zb9132702579&dma=0&gcs=G111&gcd=13t3t3t3t5l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102077855~102081485&z=492160558

Source: https://www.ccleaner.com/knowledge/ccleaner-v6-30-11385?cv=v6-30-11385	HTTP Parser: No favicon
Source: https://www.ccleaner.com/knowledge/ccleaner-v6-30-11385?cv=v6-30-11385	HTTP Parser: No favicon

Source: https://www.ccleaner.com/knowledge/ccleaner-v6-30-11385?cv=v6-30-11385	HTTP Parser: No <meta name="author".. found
Source: https://www.ccleaner.com/knowledge/ccleaner-v6-30-11385?cv=v6-30-11385	HTTP Parser: No <meta name="author".. found
Source: https://www.ccleaner.com/knowledge/ccleaner-v6-30-11385?cv=v6-30-11385	HTTP Parser: No <meta name="author".. found

Source: https://www.ccleaner.com/knowledge/ccleaner-v6-30-11385?cv=v6-30-11385	HTTP Parser: No <meta name="copyright".. found
Source: https://www.ccleaner.com/knowledge/ccleaner-v6-30-11385?cv=v6-30-11385	HTTP Parser: No <meta name="copyright".. found
Source: https://www.ccleaner.com/knowledge/ccleaner-v6-30-11385?cv=v6-30-11385	HTTP Parser: No <meta name="copyright".. found

Compliance

Uses 32bit PE files

Source: lw2HMxuVuf.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49801 version: TLS 1.0

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleaner.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleaner64.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCUpdate.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1025.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1026.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1027.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1028.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1029.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1030.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1031.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1032.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1034.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1035.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1036.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1037.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1038.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1040.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1041.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1042.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1043.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1044.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1045.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1046.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1048.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1049.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1050.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1051.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1052.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1053.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1054.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1055.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1056.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1057.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1058.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1059.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1060.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1061.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1062.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1063.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1065.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1066.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1067.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1068.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1079.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1071.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1081.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1086.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1087.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1090.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1092.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1093.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1102.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1104.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1109.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1110.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1155.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-2052.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-2070.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-2074.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-3098.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-5146.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-9999.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleanerDU.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleanerPerformanceOptimizer.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleanerReactivator.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\libwaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\libwaheap.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\libwalocal.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\libwaresource.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\libwautils.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\libwavmodapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleanerBugReport.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleanerReactivator.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\uninst.exe	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Setup\config.def	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Directory created: C:\Program Files\CCleaner\Setup\	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Directory created: C:\Program Files\CCleaner\Setup\02cb0e58-d7f9-4650-aaa3-c382df995438.ini	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Directory created: C:\Program Files\CCleaner\Setup\92a778af-76d6-4186-8535-ae66d08f623f.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Directory created: C:\Program Files\CCleaner\Setup\9c909bc2-cad9-48a5-8b4a-a855a60d0635.xml	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Directory created: C:\Program Files\CCleaner\log\DumpProcess.log.tmp.f53516a7-b1d4-4e35-9f9f-5bf19acd8d46	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Directory created: C:\Program Files\CCleaner\LOG\unp31145570364458760i-unhandled.mdmp	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Directory created: C:\Program Files\CCleaner\LOG\last.dump	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Directory created: C:\Program Files\CCleaner\log\BugReport.log.tmp.dae51f4d-55cc-41f8-b071-6a014d36c644
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Directory created: C:\Program Files\CCleaner\log\BugReport.status
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\gcapi_dll.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\DriverUpdaterLib.log.tmp.accacbd3-aee6-455d-9f5d-9609fdf807c7
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\DriverUpdEng.log.tmp.62d78b02-53aa-4397-82ba-6f79541c1b50
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\DriverUpdEngTask.log.tmp.25e35e65-8152-4023-ad23-4ef6ff68a13b
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\journal
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\log
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\report
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\chest
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\moved
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\fw
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\event_manager.log.tmp.57b5a0f5-3c1f-4a68-8856-fdecb876f055
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\burger_client
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\burger_client\825E3DD4-926B-4EB9-A66E-9F88AAD28A0F
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\usercfg.ini
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\44ED97C8-2D40-4A50-913D-673F6858B9AF
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\BackupStorage
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\203abf8c-03ea-4cb7-b490-fe04ea1c26bb
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\su_controller.log.tmp.528f08fa-e71c-4268-add3-1b0450e8eb1a
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\su_telemetry.log.tmp.3dbb3c72-b585-4e54-aa6e-48787f35bd13
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\burger_client
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\burger_client\825E3DD4-926B-4EB9-A66E-9F88AAD28A0F
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\44ED97C8-2D40-4A50-913D-673F6858B9AF
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\2bab7519-4020-4dae-a822-3e7f39e8fa82
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\su_adapter.log.tmp.5669dd20-a121-429d-bc95-a17865357101
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\DUState.dat
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\StateHistory
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\StateHistory\DUState 2024-11-24 11-16-32-817.dat
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\StateHistory\InitialDUState V24_2.dat
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\gcapi_dll.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\StateHistory\DUState 2024-11-24 11-17-08-263.dat
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\gcapi_dll.dll
Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe	Directory created: C:\Program Files\CCleaner\LOG\pd.log.tmp.ecbf8d94-bb5d-46ed-abbb-da465ab5d3b8

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner

Jump to behavior

Source: lw2HMxuVuf.exe

Static PE information: certificate valid

Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.24.1:443 -> 192.168.2.5:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.175.102:443 -> 192.168.2.5:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.209.22:443 -> 192.168.2.5:49803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.209.22:443 -> 192.168.2.5:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.175.102:443 -> 192.168.2.5:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49825 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49840 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49839 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49849 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49851 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49862 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49872 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49876 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49894 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49895 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49895 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49909 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49918 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49919 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49935 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49936 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49951 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49953 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49965 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49981 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.175.102:443 -> 192.168.2.5:49986 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.5:49996 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.24.1:443 -> 192.168.2.5:49993 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.24.1:443 -> 192.168.2.5:49994 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.175.102:443 -> 192.168.2.5:49995 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49998 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50013 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50014 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.5:50017 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.175.102:443 -> 192.168.2.5:50016 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50023 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50024 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50026 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50033 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50042 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.202.126:443 -> 192.168.2.5:50044 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50045 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50052 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50060 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50062 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50064 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50079 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50110 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.202.126:443 -> 192.168.2.5:50126 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50141 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50182 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50226 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.24.1:443 -> 192.168.2.5:50229 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50230 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50231 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50269 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50345 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50352 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50416 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50477 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50508 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50527 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50592 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50698 version: TLS 1.2

Source: lw2HMxuVuf.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: UxTheme.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: CLBCatQ.pdbr; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rsaenh.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winnsi.pdb`; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bcrypt.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wbemcomn.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: taskschd.pdbw; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\c1dae475bef2edc0\bin_x86\v143\Release Static\neutral\pfUI_link.pdb# source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2802095777.000000006B047000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: cryptsp.pdbo; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mskeyprotect.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcrt.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winnsi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: cryptsp.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: advapi32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\67d9289f94964a81\BUILDS\Release\x86\CCUpdate.pdb source: CCUpdate.exe, 00000007.00000000.2510072602.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000007.00000002.2687185247.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000008.00000002.2527898318.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000008.00000000.2524315754.0000000000A34000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: CLBCatQ.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: urlmon.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: schannel.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: shlwapi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: taskschd.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\work\848d668bab18d6e2\bin_x86\v142\Release Static\neutral\ServiceUninstaller_link.pdb source: lw2HMxuVuf.exe, 00000000.00000002.2800041545.000000006A14B000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: kernel32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2557982481.000001A4341F0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: usp10.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: oleacc.pdb.A source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: win32u.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: urlmon.pdb)A source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: srvcli.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: imm32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gcapi_dll.dll.pdb\| source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: comdlg32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ws2_32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winspool.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mswsock.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: iphlpapi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nsi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: webio.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winmm.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: cfgmgr32.pdb~; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gpapi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: powrprof.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ole32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gcapi_dll.dll.pdb source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: iertutil.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: imm32.pdb$A source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msasn1.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\_av\BUILDS\Release\x86\emupdate.pdb source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\c1dae475bef2edc0\bin_x86\v143\Release Static\neutral\pfBL_link.pdb source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: C:\BUILD\work\8889074bed3874b9\bin\CCleaner\Release Static\x64\CCleaner64.pdb source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: cfgmgr32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: combase.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Windows.Storage.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\7f23b0fca235e2b8\BUILDS\Release\x64\AvBugReport.pdb source: CCleanerBugReport.exe, 0000000B.00000002.2666069416.00007FF66186A000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: ncrypt.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: secur32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dpapi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: apphelp.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rasadhlp.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: UMPDC.pdbc; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: kernelbase.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: netutils.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\c1dae475bef2edc0\bin_x86\v143\Release Static\neutral\pfUI_link.pdb source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2802095777.000000006B047000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: UMPDC.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dhcpcsvc.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rpcrt4.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: netutils.pdby; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: fastprox.pdbe; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: schannel.pdbt; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: shcore.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: oleacc.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: shell32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sspicli.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp_win.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dnsapi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\7f23b0fca235e2b8\BUILDS\Release\x64\avDump.pdb source: CCleanerCrashDump.exe, 00000009.00000002.2559469510.00007FF66A0F9000.00000002.00000001.01000000.00000019.sdmp, CCleanerCrashDump.exe, 00000009.00000000.2543417283.00007FF66A0F9000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: userenv.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\7f23b0fca235e2b8\BUILDS\Release\x64\avDump.pdbG source: CCleanerCrashDump.exe, 00000009.00000002.2559469510.00007FF66A0F9000.00000002.00000001.01000000.00000019.sdmp, CCleanerCrashDump.exe, 00000009.00000000.2543417283.00007FF66A0F9000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: winhttp.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntasn1.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gdi32full.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gdiplus.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dbghelp.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gdi32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: profapi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dhcpcsvc6.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WindowsCodecs.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dnsapi.pdbQ; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WLDP.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sechost.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dpapi.pdb;1 source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: propsys.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winhttp.pdbl; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: fastprox.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wbemsvc.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mstask.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ncryptsslp.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\3ec84b7238d5b18a\BUILDS\Release\x86\AvastAdSDK_Release Static.pdb source: lw2HMxuVuf.exe, 00000000.00000002.2823648359.000000006B7E5000.00000002.00000001.01000000.0000000A.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msctf.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: version.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dbgcore.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: user32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winmm.pdb'A source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Kernel.Appcore.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: fwpuclnt.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: cryptbase.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bcryptprimitives.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\c1dae475bef2edc0\bin_x86\v143\Release Static\neutral\pfBL_link.pdb#@ source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: ntdll.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2557982481.000001A4341F0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Amsi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msctf.pdbj; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: oleaut32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dxgi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: apphelp.pdb.1 source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: comctl32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wbemprox.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: crypt32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp

Spreading

Creates COM task schedule object (often to register a task for autostart)

Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs

Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009CF00C __EH_prolog3_GS,FindFirstFileW,SetFileAttributesW,DeleteFileW,GetLastError,Sleep,FindNextFileW,SetFileAttributesW,RemoveDirectoryW,GetLastError,FindClose,	7_2_009CF00C
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A25B9E FindFirstFileExW,	7_2_00A25B9E
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009E0B37 __EH_prolog3_GS,FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,	7_2_009E0B37

Networking

Connects to many different domains

Source: unknown

Network traffic detected: DNS query count 60

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49712 -> 34.111.24.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49708 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49783 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49790 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49784 -> 34.111.175.102:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49792 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49803 -> 35.190.209.22:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49825 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49810 -> 35.190.209.22:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49798 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49743 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49816 -> 34.111.175.102:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49840 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49851 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49863 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49849 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49862 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49747 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49872 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49876 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49894 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49895 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49909 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49935 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49919 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49936 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49951 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49965 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49953 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49981 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50013 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49918 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49998 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50014 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50024 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50023 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50026 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50033 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50042 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50044 -> 34.149.202.126:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50052 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50062 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50045 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50060 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50079 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50110 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50064 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50126 -> 34.149.202.126:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50141 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50182 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50231 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50226 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50230 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50269 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50345 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50352 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50416 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50477 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50527 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50592 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50697 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49737 -> 34.160.176.28:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49765 -> 34.160.176.28:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49986 -> 34.111.175.102:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49996 -> 34.160.176.28:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49993 -> 34.111.24.1:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49995 -> 34.111.175.102:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49994 -> 34.111.24.1:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50017 -> 34.160.176.28:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50016 -> 34.111.175.102:443
Source: Network traffic	Suricata IDS: 2022112 - Severity 1 - ET EXPLOIT_KIT Possible Nuclear EK Landing Nov 17 2015 : 192.168.2.5:50029 -> 172.66.0.227:443
Source: Network traffic	Suricata IDS: 2022112 - Severity 1 - ET EXPLOIT_KIT Possible Nuclear EK Landing Nov 17 2015 : 192.168.2.5:50032 -> 104.244.42.195:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50698 -> 34.117.223.223:443

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49801 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63

Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /?p_elm=76&action=1&p_age=0&p_bau=0&p_bsls=0&p_chcc=2&p_chr=0&p_dvt=3&p_fds=172544&p_gis=0&p_hid=aa2c86aa-7fc5-4c8e-a69d-19a7dbc0b72a&p_lid=en-CH&p_lng=en&p_midex=1F2CCAD3812656C4930608337C4FB4A5DA9202DE17AF565647702A83E3FCF3B0&p_osv=10.0&p_pro=90&p_sbi=0&p_scbu=0&p_tos=0&p_vbd=11385&p_vep=6&p_ves=30&p_wid=1675281926 HTTP/1.1Connection: Keep-AliveUser-Agent: Avast AntivirusHost: ipm-provider.ff.avast.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=GRl3eG9fkn88GgF&MD=UgZxxMnN HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /?p_vep=6&p_ves=30&p_vbd=11385&p_lit=0&p_midex=1F2CCAD3812656C4930608337C4FB4A5DA9202DE17AF565647702A83E3FCF3B0&p_hid=aa2c86aa-7fc5-4c8e-a69d-19a7dbc0b72a&p_pro=90&p_osv=10.0&p_gksw=0&p_lng=en&p_lid=en-us HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.30.11385)Host: shepherd.ff.avast.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /?p_vep=6&p_ves=30&p_vbd=11385&p_lit=0&p_midex=1F2CCAD3812656C4930608337C4FB4A5DA9202DE17AF565647702A83E3FCF3B0&p_hid=aa2c86aa-7fc5-4c8e-a69d-19a7dbc0b72a&p_pro=90&p_osv=10.0&p_gksw=0&p_lng=en&p_lid=en-us HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.30.11385)Host: shepherd.ff.avast.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v2/info HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: CCleaner Update AgentHost: ip-info.ff.avast.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v2/info HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: CCleaner Update AgentHost: ip-info.ff.avast.com
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=GRl3eG9fkn88GgF&MD=UgZxxMnN HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /consent/831b8ee0-e952-49a5-af6b-01382c722774/OtAutoBlock.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/otSDKStub.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /scripttemplates/otSDKStub.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /consent/831b8ee0-e952-49a5-af6b-01382c722774/OtAutoBlock.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /consent/831b8ee0-e952-49a5-af6b-01382c722774/831b8ee0-e952-49a5-af6b-01382c722774.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.ccleaner.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /consent/831b8ee0-e952-49a5-af6b-01382c722774/831b8ee0-e952-49a5-af6b-01382c722774.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cookieconsentpub/v1/geo/location HTTP/1.1Host: geolocation.onetrust.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"accept: application/jsonsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://www.ccleaner.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1732446913141 HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: /Origin: https://www.ccleaner.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cookieconsentpub/v1/geo/location HTTP/1.1Host: geolocation.onetrust.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /m2/symantec/mbox/json?mbox=sym_global_mbox&mboxSession=e429fa507a58432fa5e510cf4405a010&mboxPC=&mboxPage=022aa431307845d2a0697896603780bd&mboxRid=4ef1b8fbaa2444e8aafbdfba074c45d0&mboxVersion=1.8.3&mboxCount=1&mboxTime=1732428913249&mboxHost=www.ccleaner.com&mboxURL=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&mboxReferrer=&browserHeight=870&browserWidth=1017&browserTimeOffset=-300&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&webGLRenderer=ANGLE%20(Google%2C%20Vulkan%201.3.0%20(SwiftShader%20Device%20(Subzero)%20(0x0000C0DE))%2C%20SwiftShader%20driver)&country=us&language=en&pagename=ccleaner-v6-30-11385&at_property=74efb873-ee28-a71f-a807-f416259640d3&site_section=ccleaner&site_subsection=knowledge&mboxMCSDID=4523341CF3BE0AEE-41D4D261AA724F9B HTTP/1.1Host: symantec.tt.omtrdc.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.ccleaner.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1732446913141 HTTP/1.1Host: dpm.demdex.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=87069833943671932313219418043970534423
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /dest5.html?d_nsid=0 HTTP/1.1Host: symantec.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=87069833943671932313219418043970534423
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.36.0/otBannerSdk.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /m2/symantec/mbox/json?mbox=sym_global_mbox&mboxSession=e429fa507a58432fa5e510cf4405a010&mboxPC=&mboxPage=022aa431307845d2a0697896603780bd&mboxRid=4ef1b8fbaa2444e8aafbdfba074c45d0&mboxVersion=1.8.3&mboxCount=1&mboxTime=1732428913249&mboxHost=www.ccleaner.com&mboxURL=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&mboxReferrer=&browserHeight=870&browserWidth=1017&browserTimeOffset=-300&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&webGLRenderer=ANGLE%20(Google%2C%20Vulkan%201.3.0%20(SwiftShader%20Device%20(Subzero)%20(0x0000C0DE))%2C%20SwiftShader%20driver)&country=us&language=en&pagename=ccleaner-v6-30-11385&at_property=74efb873-ee28-a71f-a807-f416259640d3&site_section=ccleaner&site_subsection=knowledge&mboxMCSDID=4523341CF3BE0AEE-41D4D261AA724F9B HTTP/1.1Host: symantec.tt.omtrdc.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /consent/831b8ee0-e952-49a5-af6b-01382c722774/01912753-8c21-7a17-883f-0a91a4e5ae8b/en.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.ccleaner.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /wi/ytc.js HTTP/1.1Host: s.yimg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /uwt.js HTTP/1.1Host: static.ads-twitter.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.36.0/assets/otCenterRounded.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.ccleaner.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.36.0/assets/v2/otPcCenter.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.ccleaner.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.36.0/assets/otCommonStyles.css HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.ccleaner.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tags/563151391133/tag.js HTTP/1.1Host: www.mczbf.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/mhubc.js HTTP/1.1Host: mstatic.ccleaner.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: at_check=true; AMCVS_67C716D751E567F70A490D4C%40AdobeOrg=1; AMCV_67C716D751E567F70A490D4C%40AdobeOrg=179643557%7CMCIDTS%7C20052%7CMCMID%7C86915098161613896303235469939112226982%7CMCAAMLH-1733051715%7C6%7CMCAAMB-1733051715%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1732454115s%7CNONE%7CvVersion%7C5.5.0; mbox=session#e429fa507a58432fa5e510cf4405a010#1732448778\|PC#e429fa507a58432fa5e510cf4405a010.37_0#1795691718; avstperm=C0001%3A0%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0%2CC0005%3A0; sourceCodeCookie=999_a8k\|\|source=direct\|medium=(none)\|campaign=(not set)\|segmentCode=a; __trSrc=999_a8k; sdl_cid=1094632226.1732446919; _gcl_au=1.1.225519617.1732446920; __srcCookie=007_z8k\|\|source=(Other)\|medium=(none)\|campaign=(not set)\|segmentCode=z; pglpid=undefined
Source: global traffic	HTTP traffic detected: GET /b/ss/symanteccom/1/JS-2.22.0-LDQM/s18539589585813?AQB=1&ndh=1&pf=1&t=24%2F10%2F2024%206%3A15%3A21%200%20300&sdid=4523341CF3BE0AEE-41D4D261AA724F9B&mid=86915098161613896303235469939112226982&aamlh=6&ce=UTF-8&pageName=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-30-11385&g=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&cc=USD&server=norton&events=event69&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=us&c3=en&c8=D%3Dv163&c14=D%3Dv16&v18=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-30-11385&v21=D%3Dc21&v27=D%3Dc2&v28=D%3Dc3&c35=D%3DpageName&c41=ccleaner&v41=D%3Dc41&c46=html&c47=page&v47=s_code_norton%202024-10-07&c48=CCleaner%20v6.30.11385&v48=D%3Dc49&c49=knowledge&v49=D%3Dc48&v57=86915098161613896303235469939112226982&c59=ccleaner%3Aknowledge%3Accleaner-v6-30-11385&v59=D%3Dc59&v72=ccleaner&c75=D%3Dv57&v96=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385&v164=ccleaner%3A999_a&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1034&bh=870&mcorgid=67C716D751E567F70A490D4C%40AdobeOrg&AQE=1 HTTP/1.1Host: oms.ccleaner.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: at_check=true; AMCVS_67C716D751E567F70A490D4C%40AdobeOrg=1; AMCV_67C716D751E567F70A490D4C%40AdobeOrg=179643557%7CMCIDTS%7C20052%7CMCMID%7C86915098161613896303235469939112226982%7CMCAAMLH-1733051715%7C6%7CMCAAMB-1733051715%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1732454115s%7CNONE%7CvVersion%7C5.5.0; mbox=session#e429fa507a58432fa5e510cf4405a010#1732448778\|PC#e429fa507a58432fa5e510cf4405a010.37_0#1795691718; avstperm=C0001%3A0%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0%2CC0005%3A0; sourceCodeCookie=999_a8k\|\|source=direct\|medium=(none)\|campaign=(not set)\|segmentCode=a; __trSrc=999_a8k; sdl_cid=1094632226.1732446919; _gcl_au=1.1.225519617.1732446920; __srcCookie=007_z8k\|\|source=(Other)\|medium=(none)\|campaign=(not set)\|segmentCode=z; pglpid=undefined; s_nr=1732446921978-New; event69=event69; channelStack=s_eVar72~ccleaner; s_tbm=true; s_gpv=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-30-11385; s_gpv_custom=ccleaner%3Aknowledge%3Accleaner-v6-30-11385; s_cc=true
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /ibs:dpid=411&dpuuid=Z0MKzAAAAHGmGQO- HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=87069833943671932313219418043970534423
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.36.0/otBannerSdk.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /unifiedPixel?au=false&bust=09954157885839694&referrer=&cht=ot&marketerId=001ac0827d67b7b38319c9517e7fa2f4cc&name=PAGE_VIEW&dl=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&g=1&zone=all&obApiVersion=1.1&obtpVersion=2.0.5 HTTP/1.1Host: tr.outbrain.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligible: trigger=navigation-sourceReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wi/config/10180940.json HTTP/1.1Host: s.yimg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.ccleaner.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v1/info HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.30.11385)Host: ip-info.ff.avast.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /consent/831b8ee0-e952-49a5-af6b-01382c722774/01912753-8c21-7a17-883f-0a91a4e5ae8b/en.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.36.0/assets/otCenterRounded.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.36.0/assets/otCommonStyles.css HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.36.0/assets/v2/otPcCenter.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?p_lng=en&p_lid=en-us&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=1F2CCAD3812656C4930608337C4FB4A5DA9202DE17AF565647702A83E3FCF3B0&p_hid=aa2c86aa-7fc5-4c8e-a69d-19a7dbc0b72a&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_012_999_a8k_m&p_dols=0&p_sols=0&p_pts=0&p_ftc=0&p_btc=0&p_pro=90&p_vep=6&p_ves=30&p_vbd=11385&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=172544&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_wvv=117.0.2045.47&p_age=0&p_tcy=0&p_pct=0&p_jct=0 HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.30.11385)Host: shepherd.ff.avast.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /?action=1&p_elm=0&p_lng=en&p_lid=en-us&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=1F2CCAD3812656C4930608337C4FB4A5DA9202DE17AF565647702A83E3FCF3B0&p_hid=aa2c86aa-7fc5-4c8e-a69d-19a7dbc0b72a&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_012_999_a8k_m&p_dols=0&p_sols=0&p_pts=0&p_ftc=0&p_btc=0&p_pro=90&p_vep=6&p_ves=30&p_vbd=11385&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=172544&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_wvv=117.0.2045.47&p_age=0&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20241124 HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.30.11385)Host: ipm-provider.ff.avast.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /?action=1&p_elm=229&p_lng=en&p_lid=en-us&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=1F2CCAD3812656C4930608337C4FB4A5DA9202DE17AF565647702A83E3FCF3B0&p_hid=aa2c86aa-7fc5-4c8e-a69d-19a7dbc0b72a&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_012_999_a8k_m&p_dols=0&p_sols=0&p_pts=0&p_ftc=0&p_btc=0&p_pro=90&p_vep=6&p_ves=30&p_vbd=11385&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=172544&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_wvv=117.0.2045.47&p_age=0&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20241124 HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.30.11385)Host: ipm-provider.ff.avast.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /v1/info HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.30.11385)Host: ip-info.ff.avast.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /uwt.js HTTP/1.1Host: static.ads-twitter.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /b/ss/symanteccom/1/JS-2.22.0-LDQM/s18539589585813?AQB=1&ndh=1&pf=1&t=24%2F10%2F2024%206%3A15%3A21%200%20300&sdid=4523341CF3BE0AEE-41D4D261AA724F9B&mid=86915098161613896303235469939112226982&aamlh=6&ce=UTF-8&pageName=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-30-11385&g=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&cc=USD&server=norton&events=event69&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=us&c3=en&c8=D%3Dv163&c14=D%3Dv16&v18=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-30-11385&v21=D%3Dc21&v27=D%3Dc2&v28=D%3Dc3&c35=D%3DpageName&c41=ccleaner&v41=D%3Dc41&c46=html&c47=page&v47=s_code_norton%202024-10-07&c48=CCleaner%20v6.30.11385&v48=D%3Dc49&c49=knowledge&v49=D%3Dc48&v57=86915098161613896303235469939112226982&c59=ccleaner%3Aknowledge%3Accleaner-v6-30-11385&v59=D%3Dc59&v72=ccleaner&c75=D%3Dv57&v96=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385&v164=ccleaner%3A999_a&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1034&bh=870&mcorgid=67C716D751E567F70A490D4C%40AdobeOrg&AQE=1 HTTP/1.1Host: oms.ccleaner.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: at_check=true; AMCVS_67C716D751E567F70A490D4C%40AdobeOrg=1; AMCV_67C716D751E567F70A490D4C%40AdobeOrg=179643557%7CMCIDTS%7C20052%7CMCMID%7C86915098161613896303235469939112226982%7CMCAAMLH-1733051715%7C6%7CMCAAMB-1733051715%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1732454115s%7CNONE%7CvVersion%7C5.5.0; mbox=session#e429fa507a58432fa5e510cf4405a010#1732448778\|PC#e429fa507a58432fa5e510cf4405a010.37_0#1795691718; sourceCodeCookie=999_a8k\|\|source=direct\|medium=(none)\|campaign=(not set)\|segmentCode=a; __trSrc=999_a8k; sdl_cid=1094632226.1732446919; _gcl_au=1.1.225519617.1732446920; __srcCookie=007_z8k\|\|source=(Other)\|medium=(none)\|campaign=(not set)\|segmentCode=z; pglpid=undefined; s_nr=1732446921978-New; event69=event69; channelStack=s_eVar72~ccleaner; s_tbm=true; s_gpv=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-30-11385; s_gpv_custom=ccleaner%3Aknowledge%3Accleaner-v6-30-11385; s_cc=true; avstperm=C0001%3A1%2CC0002%3A1%2CC0003%3A1%2CC0004%3A1%2CC0005%3A1; OptanonConsent=isIABGlobal=false&datestamp=Sun+Nov+24+2024+06%3A15%3A24+GMT-0500+(Eastern+Standard+Time)&version=6.36.0&hosts=&consentId=7d48a426-7a11-45ab-8358-f0f1978a2c57&interactionCount=0&landingPath=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&groups=C0001%3A1%2CC0003%3A1%2CC0002%3A1%2CBG232%3A1%2CC0004%3A1%2CC0005%3A1
Source: global traffic	HTTP traffic detected: GET /wi/ytc.js HTTP/1.1Host: s.yimg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /?p_lng=en&p_lid=en-us&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=1F2CCAD3812656C4930608337C4FB4A5DA9202DE17AF565647702A83E3FCF3B0&p_hid=aa2c86aa-7fc5-4c8e-a69d-19a7dbc0b72a&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_012_999_a8k_m&p_dols=0&p_sols=0&p_pts=0&p_ftc=0&p_btc=0&p_pro=90&p_vep=6&p_ves=30&p_vbd=11385&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=172544&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_wvv=117.0.2045.47&p_age=0&p_tcy=0&p_pct=0&p_jct=0 HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.30.11385)Host: shepherd.ff.avast.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v1/info HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.30.11385)Host: ip-info.ff.avast.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /i/adsct?bci=3&dv=America%2FNew_York%26en-US%2Cen%26Google%20Inc.%26Win32%26255%261280%261024%264%2624%261280%26984%260%26na&eci=2&event_id=f0466fac-a653-4a79-868b-04f8676bc357&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=1bd174fb-a78f-4078-9437-448582031ffa&tw_document_href=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4ls7&type=javascript&version=2.3.31 HTTP/1.1Host: t.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/adsct?bci=3&dv=America%2FNew_York%26en-US%2Cen%26Google%20Inc.%26Win32%26255%261280%261024%264%2624%261280%26984%260%26na&eci=2&event_id=f0466fac-a653-4a79-868b-04f8676bc357&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=1bd174fb-a78f-4078-9437-448582031ffa&tw_document_href=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4ls7&type=javascript&version=2.3.31 HTTP/1.1Host: analytics.twitter.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cachedClickId?marketerId=001ac0827d67b7b38319c9517e7fa2f4cc HTTP/1.1Host: tr.outbrain.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /adalyser.js?cid=ccleaner HTTP/1.1Host: c5.adalyser.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /en_US/fbevents.js HTTP/1.1Host: connect.facebook.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bat.js HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /logos/static/powered_by_logo.svg HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /711037.gif?partner_uid=20038232-384c-4316-839d-646e1b28eccd HTTP/1.1Host: idsync.rlcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /td/ga/rul?tid=G-YG64G9XX0R&gacid=246986528.1732446933&gtm=45je4bk0v872524127za200zb9132702579&dma=0&gcs=G111&gcd=13t3t3t3t5l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102077855~102081485&z=492160558 HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c/hotjar-857043.js?sv=6 HTTP/1.1Host: static.hotjar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tracking/track/v3/p?stm=1732446933112&e=lce1&url=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&cid=ccleaner&p=%7B%22et%22%3A1732446933109%2C%22nr%22%3A%22New%22%2C%22cg%22%3A%22Direct%22%2C%22dt%22%3A%22desktop%22%2C%22so%22%3A%22direct%22%2C%22me%22%3A%22none%22%2C%22ca%22%3A%22direct%22%2C%22co%22%3A%22(not%20set)%22%2C%22ke%22%3A%22(not%20set)%22%2C%22vid%22%3A%221%22%2C%22sid%22%3A%221b678712-0cc8-486d-89d0-05e165f88b18%22%2C%22duid%22%3A%226a43d717-b772-42a5-badd-e897920af092%22%2C%22cw%22%3A1732446933109%7D&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F117.0.0.0%20Safari%2F537.36&domain=www.ccleaner.com HTTP/1.1Host: c5.adalyser.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /signals/config/2679475345708101?v=2.9.176&r=stable&domain=www.ccleaner.com&hme=872f04a0547459b3285cb03b0d7a47bfde40628f4b386809918a621e2688602f&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C195%2C194%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113 HTTP/1.1Host: connect.facebook.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /1000.gif?memo=CP2yKxIwCiwIARCl_gkaJDIwMDM4MjMyLTM4NGMtNDMxNi04MzlkLTY0NmUxYjI4ZWNjZBAAGg0I15WMugYSBQjoBxAAQgBKAA HTTP/1.1Host: idsync.rlcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: rlas3=4O3GqXr0wiwus41xdBVgeySaSv5OKJjsacwPv7nhkl4=; pxrc=CAA=
Source: global traffic	HTTP traffic detected: GET /sp.pl?a=10000&d=Sun%2C%2024%20Nov%202024%2011%3A15%3A25%20GMT&n=5&b=CCleaner%20v6.30.11385&.yp=10180940&f=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&enc=UTF-8&yv=1.16.5&tagmgr=gtm%2Cadobe HTTP/1.1Host: sp.analytics.yahoo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /modules.86621fa4aeada5bcf025.js HTTP/1.1Host: script.hotjar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tr/?id=2679475345708101&ev=PageView&dl=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&rl=&if=false&ts=1732446936663&sw=1280&sh=1024&v=2.9.176&r=stable&ec=0&o=4126&fbp=fb.1.1732446936660.65224446665965545&cs_est=true&ler=empty&cdl=API_unavailable&it=1732446935268&coo=false&dpo=&tm=1&rqm=GET HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /privacy_sandbox/pixel/register/trigger/?id=2679475345708101&ev=PageView&dl=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&rl=&if=false&ts=1732446936663&sw=1280&sh=1024&v=2.9.176&r=stable&ec=0&o=4126&fbp=fb.1.1732446936660.65224446665965545&cs_est=true&ler=empty&cdl=API_unavailable&it=1732446935268&coo=false&dpo=&tm=1&rqm=FGET HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAttribution-Reporting-Eligible: event-source, trigger, not-navigation-sourceReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /i/adsct?bci=3&dv=America%2FNew_York%26en-US%2Cen%26Google%20Inc.%26Win32%26255%261280%261024%264%2624%261280%26984%260%26na&eci=2&event_id=f0466fac-a653-4a79-868b-04f8676bc357&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=1bd174fb-a78f-4078-9437-448582031ffa&tw_document_href=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4ls7&type=javascript&version=2.3.31 HTTP/1.1Host: t.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: muc_ads=25f3b841-45cb-48a6-b59e-9071b88de6cb; __cf_bm=yLFGeSfoAWKrGQq18FlQttVx.yvgNuczc8oFxhEZlkU-1732446932-1.0.1.1-Da5R_X9JfmXgKB7loXsUHO0OG24QaBQgJQdp4xKWnweu5QLf.cUqD97wWrfxz7U.ICQyLRst1n00q6h7Z8LzbA
Source: global traffic	HTTP traffic detected: GET /ibs:dpid=411&dpuuid=Z0MKzAAAAHGmGQO- HTTP/1.1Host: dpm.demdex.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=87069833943671932313219418043970534423; dpm=87069833943671932313219418043970534423
Source: global traffic	HTTP traffic detected: GET /unifiedPixel?au=false&bust=09954157885839694&referrer=&cht=ot&marketerId=001ac0827d67b7b38319c9517e7fa2f4cc&name=PAGE_VIEW&dl=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&g=1&zone=all&obApiVersion=1.1&obtpVersion=2.0.5 HTTP/1.1Host: tr.outbrain.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/adsct?bci=3&dv=America%2FNew_York%26en-US%2Cen%26Google%20Inc.%26Win32%26255%261280%261024%264%2624%261280%26984%260%26na&eci=2&event_id=f0466fac-a653-4a79-868b-04f8676bc357&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=1bd174fb-a78f-4078-9437-448582031ffa&tw_document_href=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4ls7&type=javascript&version=2.3.31 HTTP/1.1Host: analytics.twitter.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: personalization_id="v1_N7fGwYhwKdk8ai2C9LmtZw=="
Source: global traffic	HTTP traffic detected: GET /cachedClickId?marketerId=001ac0827d67b7b38319c9517e7fa2f4cc HTTP/1.1Host: tr.outbrain.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /api/mhubc.js HTTP/1.1Host: mstatic.ccleaner.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: at_check=true; AMCVS_67C716D751E567F70A490D4C%40AdobeOrg=1; mbox=session#e429fa507a58432fa5e510cf4405a010#1732448778\|PC#e429fa507a58432fa5e510cf4405a010.37_0#1795691718; sourceCodeCookie=999_a8k\|\|source=direct\|medium=(none)\|campaign=(not set)\|segmentCode=a; __trSrc=999_a8k; sdl_cid=1094632226.1732446919; _gcl_au=1.1.225519617.1732446920; __srcCookie=007_z8k\|\|source=(Other)\|medium=(none)\|campaign=(not set)\|segmentCode=z; pglpid=undefined; s_nr=1732446921978-New; event69=event69; channelStack=s_eVar72~ccleaner; s_tbm=true; s_gpv=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-30-11385; s_gpv_custom=ccleaner%3Aknowledge%3Accleaner-v6-30-11385; s_cc=true; avstperm=C0001%3A1%2CC0002%3A1%2CC0003%3A1%2CC0004%3A1%2CC0005%3A1; OptanonConsent=isIABGlobal=false&datestamp=Sun+Nov+24+2024+06%3A15%3A24+GMT-0500+(Eastern+Standard+Time)&version=6.36.0&hosts=&consentId=7d48a426-7a11-45ab-8358-f0f1978a2c57&interactionCount=0&landingPath=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&groups=C0001%3A1%2CC0003%3A1%2CC0002%3A1%2CBG232%3A1%2CC0004%3A1%2CC0005%3A1; cjConsent=MHxOfDB8Tnww; cjUser=20038232-384c-4316-839d-646e1b28eccd; cjLiveRampLastCall=2024-11-24T11:15:25.327Z; AMCV_67C716D751E567F70A490D4C%40AdobeOrg=179643557%7CMCIDTS%7C20052%7CMCMID%7C86915098161613896303235469939112226982%7CMCAAMLH-1733051715%7C6%7CMCAAMB-1733051715%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1732454115s%7CNONE%7CMCSYNCSOP%7C411-20059%7CvVersion%7C5.5.0; _ga_YG64G9XX0R=GS1.1.1732446932.1.0.1732446932.60.0.0; _ga=GA1.1.246986528.1732446933; __adal_ses=*; __adal_id=6a43d717-b772-42a5-badd-e897920af092.1732446933.1.1732446933.1732446933.1b678712-0cc8-486d-89d0-05e165f88b18; __adal_ca=so%3Ddirect%26me%3Dnone%26ca%3Ddirect%26co%3D%28not%2520set%29%26ke%3D%28not%2520set%29%26cg%3DDirect; __adal_cw=1732446933109; _fbp=fb.1.1732446936660.65224446665965545
Source: global traffic	HTTP traffic detected: GET /tags/563151391133/tag.js HTTP/1.1Host: www.mczbf.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /563151391133/pageInfo HTTP/1.1Host: www.mczbf.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /logos/static/powered_by_logo.svg HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /1000.gif?memo=CP2yKxIwCiwIARCl_gkaJDIwMDM4MjMyLTM4NGMtNDMxNi04MzlkLTY0NmUxYjI4ZWNjZBAAGg0I15WMugYSBQjoBxAAQgBKAA HTTP/1.1Host: idsync.rlcdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: rlas3=X1eD2AyWGZUus41xdBVgeySaSv5OKJjsacwPv7nhkl4=; pxrc=CNmVjLoGEgUI6AcQAA==
Source: global traffic	HTTP traffic detected: GET /en_US/fbevents.js HTTP/1.1Host: connect.facebook.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /signals/config/2679475345708101?v=2.9.176&r=stable&domain=www.ccleaner.com&hme=872f04a0547459b3285cb03b0d7a47bfde40628f4b386809918a621e2688602f&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C195%2C194%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113 HTTP/1.1Host: connect.facebook.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bat.js HTTP/1.1Host: bat.bing.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c/hotjar-857043.js?sv=6 HTTP/1.1Host: static.hotjar.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?action=1&p_elm=0&p_lng=en&p_lid=en-us&p_geo=US&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=1F2CCAD3812656C4930608337C4FB4A5DA9202DE17AF565647702A83E3FCF3B0&p_hid=aa2c86aa-7fc5-4c8e-a69d-19a7dbc0b72a&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_012_999_a8k_m&p_dols=0&p_sols=0&p_pts=0&p_ftc=0&p_btc=0&p_pro=90&p_vep=6&p_ves=30&p_vbd=11385&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=172544&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_wvv=117.0.2045.47&p_age=0&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20241124 HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.30.11385)Host: ipm-provider.ff.avast.comCache-Control: no-cacheCookie: ViewCounter_OTHER_CCLEANER=1732446927; ViewCounter_ipmb-12865=1732446927; ClientId=c1f2ec16-faa6-41ef-9c79-4d9f7f7d30b1; ViewCounter_ccleaner_en-ww_toaster-229-toaster-campaigns_ccleaner-cloud-cleaning-paid-free-90_default-20243001=1732446927
Source: global traffic	HTTP traffic detected: GET /adalyser.js?cid=ccleaner HTTP/1.1Host: c5.adalyser.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tracking/track/v3/p?stm=1732446933112&e=lce1&url=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&cid=ccleaner&p=%7B%22et%22%3A1732446933109%2C%22nr%22%3A%22New%22%2C%22cg%22%3A%22Direct%22%2C%22dt%22%3A%22desktop%22%2C%22so%22%3A%22direct%22%2C%22me%22%3A%22none%22%2C%22ca%22%3A%22direct%22%2C%22co%22%3A%22(not%20set)%22%2C%22ke%22%3A%22(not%20set)%22%2C%22vid%22%3A%221%22%2C%22sid%22%3A%221b678712-0cc8-486d-89d0-05e165f88b18%22%2C%22duid%22%3A%226a43d717-b772-42a5-badd-e897920af092%22%2C%22cw%22%3A1732446933109%7D&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F117.0.0.0%20Safari%2F537.36&domain=www.ccleaner.com HTTP/1.1Host: c5.adalyser.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v4/receive/get/json/10?data=%7B%22record%22%3A%5B%7B%22event%22%3A%7B%22type%22%3A10%2C%22subtype%22%3A2%2C%22request_id%22%3A%2299d2cdc0-81c8-45c9-b62b-632bd0fee553%22%7D%2C%22identity%22%3A%7B%22guid%22%3A%22aa2c86aa-7fc5-4c8e-a69d-19a7dbc0b72a%22%2C%22hwid%22%3A%221F2CCAD3812656C4930608337C4FB4A5DA9202DE17AF565647702A83E3FCF3B0%22%7D%2C%22product%22%3A%7B%22id%22%3A104%2C%22lang%22%3A%22en-us%22%2C%22version_app%22%3A%226.30.11385.mmm_ccl_012_999_a8k_m%22%2C%22build%22%3A11385%2C%22ipm_product%22%3A90%7D%2C%22platform%22%3A%7B%22version%22%3A%2210.0%22%2C%22lang%22%3A%22en-us%22%7D%2C%22license%22%3A%7B%22subscription_mode%22%3Afalse%2C%22stack%22%3A%22STACK_AVAST%22%2C%22gen_license%22%3A%7B%22state%22%3A%22EXPIRED%22%7D%7D%2C%22shepherd%22%3A%7B%7D%2C%22ab_test%22%3A%7B%7D%2C%22ipm%22%3A%7B%22common%22%3A%7B%22element%22%3A229%2C%22license_type%22%3A%22STANDARD%22%2C%22licensing_stage%22%3A%22LICENSED%22%2C%22installation_age%22%3A0%2C%22remaining_days_to_expiration%22%3A-1%2C%22flow_id%22%3A%2299d2cdc0-81c8-45c9-b62b-632bd0fee553%22%7D%2C%22content%22%3A%7B%22content_identifier%22%3A%22ccleaner%2Fen-ww%2Ftoaster-229-toaster-campaigns_ccleaner-cloud-cleaning-paid-free-90_default.html%22%2C%22content_type%22%3A%22SCREEN%22%2C%22screen_language%22%3A%22en%22%2C%22mamba_campaign%22%3A%22CCleanerCloudCleaningPaid%22%2C%22screen_name%22%3A%22toaster-229-toaster-campaigns_ccleaner-cloud-cleaning-paid-free-90_default%22%2C%22tracking%22%3A%5B%7B%22key%22%3A%22CampaignBusinessSource%22%2C%22value%22%3A%22Consumer%22%7D%2C%7B%22key%22%3A%22LicenseBusinessSource%22%2C%22value%22%3A%22NotSet%22%7D%5D%2C%22campaign_unique_key%22%3A%22ccleaner-cloud-cleaning-paid-90%22%2C%22brand%22%3A%22CCleaner%22%2C%22placement_type%22%3A%22toaster%22%2C%22message_name%22%3A%22free%22%7D%2C%22action%22%3A%7B%7D%7D%7D%5D%7D HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: analytics.ff.avast.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tr/?id=2679475345708101&ev=PageView&dl=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&rl=&if=false&ts=1732446936663&sw=1280&sh=1024&v=2.9.176&r=stable&ec=0&o=4126&fbp=fb.1.1732446936660.65224446665965545&cs_est=true&ler=empty&cdl=API_unavailable&it=1732446935268&coo=false&dpo=&tm=1&rqm=GET HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sp.pl?a=10000&d=Sun%2C%2024%20Nov%202024%2011%3A15%3A25%20GMT&n=5&b=CCleaner%20v6.30.11385&.yp=10180940&f=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&enc=UTF-8&yv=1.16.5&tagmgr=gtm%2Cadobe HTTP/1.1Host: sp.analytics.yahoo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: A3=d=AQABBNoKQ2cCEFAudPibrzlJujwabq63G0AFEgEBAQFcRGdMZ9xS0iMA_eMAAA&S=AQAAAjxU9K5ZYwqaB8_bY4aB9_s
Source: global traffic	HTTP traffic detected: GET /privacy_sandbox/pixel/register/trigger/?id=2679475345708101&ev=PageView&dl=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&rl=&if=false&ts=1732446936663&sw=1280&sh=1024&v=2.9.176&r=stable&ec=0&o=4126&fbp=fb.1.1732446936660.65224446665965545&cs_est=true&ler=empty&cdl=API_unavailable&it=1732446935268&coo=false&dpo=&tm=1&rqm=FGET HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v4/receive/get/json/10?data={"record":[{"event":{"type":10,"subtype":2,"request_id":"4cb4da2a-423f-480f-a7e4-1539d39c2718"},"identity":{"guid":"aa2c86aa-7fc5-4c8e-a69d-19a7dbc0b72a","hwid":"1F2CCAD3812656C4930608337C4FB4A5DA9202DE17AF565647702A83E3FCF3B0"},"product":{"id":104,"lang":"en-us","version_app":"6.30.11385.mmm_ccl_012_999_a8k_m","build":11385,"ipm_product":90},"platform":{"version":"10.0","lang":"en-us"},"license":{"subscription_mode":false,"stack":"STACK_AVAST","gen_license":{"state":"EXPIRED"}},"shepherd":{},"ab_test":{},"ipm":{"common":{"element":0,"license_type":"STANDARD","licensing_stage":"LICENSED","installation_age":0,"remaining_days_to_expiration":-1,"flow_id":"4cb4da2a-423f-480f-a7e4-1539d39c2718"},"content":{"content_identifier":"ccleaner/en-ww/banner-0-banner-campaigns_ccleaner-cloud-cleaning-paid-free-banner-90_default.html","content_type":"SCREEN","screen_language":"en","mamba_campaign":"CCleanerCloudCleaningPaid","screen_name":"banner-0-banner-campaigns_ccleaner-cloud-cleaning-paid-free-banner-90_default","tracking":[{"key":"CampaignBusinessSource","value":"Consumer"},{"key":"LicenseBusinessSource","value":"NotSet"}],"campaign_unique_key":"ccleaner-cloud-cleaning-paid-90","brand":"CCleaner","placement_type":"banner","message_name":"free-banner"},"action":{}}}]} HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.30.11385)Host: analytics.ff.avast.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net

Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp

String found in binary or memory: the next 30 days.Welcome!CCleaner ActivationYou have unlocked the full power of CCleaner Professional. Enjoy!Your upgrade is complete.Thank you for purchasing CCleaner Professional.Popup/HealthCheck/PostAnalysis/UpgradedToProPopup/HealthCheck/PostAnalysis/UpgradedToTrialCCleaner Professional TrialOK*.ccleaner.com*.piriform.comaccounts.google.comwww.google.commail.netscape.comwebmail.earthlink.netyahoo.commail.yahoo.commy.screenname.aol.comwebmail.aol.com*.avast.com*.ccleanercloud.comlogin.live.comLatestICSwww.google.com/accountsmail.google.comgoogle.comgoogle.com/accountsscreenname.aol.comicloud.comfacebook.comaol.comservices.adobe.comtwitter.com5.41mail.lycos.comfastmail.fmauth.me.commail.rulogin.comcast.netovi.com/services/signinmail.aol.comwww.mail.lycos.comfile://CloudCleaning.htmopenCloudCleaningshowUpgradeDialogopenLearnMorePopup/CloudDriveCleaner/UpgradeShowOneDrivePopup/CloudDriveCleaner/CC Pro TrialIsFreeUserDataProblemScan For Issues + CancelregTrueScan For Issues/bkpregistry.txtCCScanreg.txtUsernameRegistry KeyFix selected issues...CToolsRegistryCtrl::SetControlsBackSelect allReg Files (*.reg)*.regcc_%d%02d%02d_%02d%02d%02d.reg, Drive: System.IO.File:GetDirectory() - FullPath: System.IO.File:GetDirectory() - DirectoryName after removing trailing slash : Piriform::IO::File::GetDirectory(App), Filename: , Directory: , Extension: System.IO.File:GetDirectory() - Error code returned from _tsplitpath_s: BRANDINGPiriform::CLicense::OnRegisterInvalid KeyExpiredActiveDisabled%s equals www.yahoo.com (Yahoo)

Source: global traffic	DNS traffic detected: DNS query: analytics.avcdn.net
Source: global traffic	DNS traffic detected: DNS query: ipm-provider.ff.avast.com
Source: global traffic	DNS traffic detected: DNS query: shepherd.ff.avast.com
Source: global traffic	DNS traffic detected: DNS query: service.piriform.com
Source: global traffic	DNS traffic detected: DNS query: license.piriform.com
Source: global traffic	DNS traffic detected: DNS query: ip-info.ff.avast.com
Source: global traffic	DNS traffic detected: DNS query: ncc.avast.com
Source: global traffic	DNS traffic detected: DNS query: emupdate.avcdn.net
Source: global traffic	DNS traffic detected: DNS query: ccleaner.tools.avcdn.net
Source: global traffic	DNS traffic detected: DNS query: winqual.sb.avast.com
Source: global traffic	DNS traffic detected: DNS query: www.ccleaner.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cdn-production.ccleaner.com
Source: global traffic	DNS traffic detected: DNS query: cdn.cookielaw.org
Source: global traffic	DNS traffic detected: DNS query: dev.visualwebsiteoptimizer.com
Source: global traffic	DNS traffic detected: DNS query: s.go-mpulse.net
Source: global traffic	DNS traffic detected: DNS query: assets.adobedtm.com
Source: global traffic	DNS traffic detected: DNS query: geolocation.onetrust.com
Source: global traffic	DNS traffic detected: DNS query: dpm.demdex.net
Source: global traffic	DNS traffic detected: DNS query: symantec.tt.omtrdc.net
Source: global traffic	DNS traffic detected: DNS query: symantec.demdex.net
Source: global traffic	DNS traffic detected: DNS query: www.nortonlifelock.com
Source: global traffic	DNS traffic detected: DNS query: c.go-mpulse.net
Source: global traffic	DNS traffic detected: DNS query: cm.everesttech.net
Source: global traffic	DNS traffic detected: DNS query: static.ads-twitter.com
Source: global traffic	DNS traffic detected: DNS query: amplify.outbrain.com
Source: global traffic	DNS traffic detected: DNS query: s.yimg.com
Source: global traffic	DNS traffic detected: DNS query: mstatic.ccleaner.com
Source: global traffic	DNS traffic detected: DNS query: www.mczbf.com
Source: global traffic	DNS traffic detected: DNS query: oms.ccleaner.com
Source: global traffic	DNS traffic detected: DNS query: tr.outbrain.com
Source: global traffic	DNS traffic detected: DNS query: cdn-uat.ccleaner.com
Source: global traffic	DNS traffic detected: DNS query: download.avira.com
Source: global traffic	DNS traffic detected: DNS query: t.co
Source: global traffic	DNS traffic detected: DNS query: analytics.twitter.com
Source: global traffic	DNS traffic detected: DNS query: wave.outbrain.com
Source: global traffic	DNS traffic detected: DNS query: c5.adalyser.com
Source: global traffic	DNS traffic detected: DNS query: snap.licdn.com
Source: global traffic	DNS traffic detected: DNS query: driver-updater.ff.avast.com
Source: global traffic	DNS traffic detected: DNS query: connect.facebook.net
Source: global traffic	DNS traffic detected: DNS query: static.hotjar.com
Source: global traffic	DNS traffic detected: DNS query: analytics.google.com
Source: global traffic	DNS traffic detected: DNS query: idsync.rlcdn.com
Source: global traffic	DNS traffic detected: DNS query: td.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: px.ads.linkedin.com
Source: global traffic	DNS traffic detected: DNS query: sp.analytics.yahoo.com
Source: global traffic	DNS traffic detected: DNS query: stats.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: script.hotjar.com
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: www.linkedin.com
Source: global traffic	DNS traffic detected: DNS query: 684d0d45.akstat.io
Source: global traffic	DNS traffic detected: DNS query: zn4i1jhjmxub1nc6y-gendigital.siteintercept.qualtrics.com
Source: global traffic	DNS traffic detected: DNS query: s1.pir.fm
Source: global traffic	DNS traffic detected: DNS query: trial-eum-clientnsv4-s.akamaihd.net
Source: global traffic	DNS traffic detected: DNS query: trial-eum-clienttons-s.akamaihd.net
Source: global traffic	DNS traffic detected: DNS query: 8-46-123-75_s-2-20-68-230_ts-1732446949-clienttons-s.akamaihd.net
Source: global traffic	DNS traffic detected: DNS query: siteintercept.qualtrics.com
Source: global traffic	DNS traffic detected: DNS query: baxhwsyxgzi4uz2dblsq-p08v2f-49ff2084c-clientnsv4-s.akamaihd.net
Source: global traffic	DNS traffic detected: DNS query: ipmcdn.avast.com
Source: global traffic	DNS traffic detected: DNS query: analytics.ff.avast.com

Source: unknown

HTTP traffic detected: POST /receive3 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-enc-sbUser-Agent: Avast AntivirusContent-Length: 329Host: analytics.avcdn.net

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 0Connection: closeDate: Sun, 24 Nov 2024 11:15:47 GMTX-Robots-Tag: noindex, nofollowX-Request-ID: 74590e39-aa55-11ef-80d5-cb47cf2d9396Server: nginxX-Cache: Error from cloudfrontVia: 1.1 6481f3b72e695f5d2b0b995611da44a2.cloudfront.net (CloudFront)X-Amz-Cf-Pop: BAH53-P2X-Amz-Cf-Id: bDiq7B1bURj8-rltkxWQ02YcodXDz3tpX6PH6ZjjkOAsSxP-MHGxaQ==

Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://%s:%d;https=https://%s:%dHTTP/1.0%u.%u.%u.%u01234567890123456789abcdef0123456789ABCDEFCONOUT$
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://api.webrep.avast.com/avast_webrepapi://avast_domainreputation://avast_webrepipc://http://fra2
Source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: lw2HMxuVuf.exe, 00000000.00000003.2294225394.000000000773A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: lw2HMxuVuf.exe, 00000000.00000003.2270251081.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270300318.0000000006001000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2284247616.000000000772B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA-2.crt0
Source: lw2HMxuVuf.exe, 00000000.00000003.2270251081.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288416809.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2275697474.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2294225394.000000000773A000.00000004.00000800.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288318115.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270427153.0000000005FFB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270319331.0000000005FFB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288480612.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293252543.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270401010.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293376550.0000000006003000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293393367.0000000005FFD000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2275697474.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288480612.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt0
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: CCUpdate.exe, 00000007.00000003.2571029060.0000000000D31000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000D31000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000003.2571029060.0000000000D00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ccleaner.tools.avcdn.net/
Source: CCUpdate.exe, 00000007.00000002.2688383482.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ccleaner.tools.avcdn.net/tools/ccleaner/update
Source: CCUpdate.exe, 00000007.00000003.2570867815.0000000002FD0000.00000004.00000800.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000003.2571029060.0000000000D00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ccleaner.tools.avcdn.net/tools/ccleaner/update/20180205.dll
Source: CCUpdate.exe, 00000007.00000003.2571029060.0000000000D15000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000003.2571262365.0000000000D17000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000D15000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ccleaner.tools.avcdn.net/tools/ccleaner/update/20180205.dlli
Source: CCUpdate.exe, 00000007.00000002.2688383482.0000000000D75000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000D00000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000CEF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ccleaner.tools.avcdn.net/tools/ccleaner/update/ccupdate029.cab
Source: CCUpdate.exe, 00000007.00000002.2688383482.0000000000D75000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000D00000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000CEF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ccleaner.tools.avcdn.net/tools/ccleaner/update/ccupdate049.cab
Source: CCUpdate.exe, 00000007.00000002.2688383482.0000000000D75000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000D00000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000CEF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ccleaner.tools.avcdn.net/tools/ccleaner/update/ccupdate10.cab
Source: CCUpdate.exe, 00000007.00000003.2571262365.0000000000D17000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000D15000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000008.00000002.2527630454.000000000073F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ccleaner.tools.avcdn.net/tools/ccleaner/update/patches.ini
Source: CCUpdate.exe, 00000007.00000000.2510072602.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000007.00000002.2687185247.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000008.00000002.2527898318.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000008.00000000.2524315754.0000000000A34000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: http://ccleaner.tools.avcdn.net/tools/ccleaner/update/patches.inihttp://ccleaner.tools.avcdn.net/too
Source: CCUpdate.exe, 00000007.00000002.2688383482.0000000000D15000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000CEF000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000008.00000002.2527630454.000000000073F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ccleaner.tools.avcdn.net/tools/ccleaner/update/updates.xml
Source: CCUpdate.exe, 00000007.00000003.2533840644.0000000000D65000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000003.2533803649.0000000000D31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.m
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
Source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: lw2HMxuVuf.exe, 00000000.00000003.2294225394.000000000773A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: lw2HMxuVuf.exe, 00000000.00000003.2270251081.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270300318.0000000006001000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2284247616.000000000772B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: lw2HMxuVuf.exe, 00000000.00000003.2270251081.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288416809.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2275697474.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2294225394.000000000773A000.00000004.00000800.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288318115.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270427153.0000000005FFB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270319331.0000000005FFB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288480612.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293252543.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270401010.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293376550.0000000006003000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293393367.0000000005FFD000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2275697474.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288480612.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigicertSHA2SecureServerCA-1.crl0?
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
Source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: lw2HMxuVuf.exe, 00000000.00000003.2270251081.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270300318.0000000006001000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2284247616.000000000772B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: lw2HMxuVuf.exe, 00000000.00000003.2270251081.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288416809.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2275697474.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2294225394.000000000773A000.00000004.00000800.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288318115.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270427153.0000000005FFB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270319331.0000000005FFB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288480612.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293252543.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270401010.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293376550.0000000006003000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293393367.0000000005FFD000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2275697474.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288480612.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigicertSHA2SecureServerCA-1.crl0
Source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp	String found in binary or memory: http://domrep.ff.avast.com/http://api.webrep.avast.com/avast_webrepapi://http://ui.ff.avast.com/avas
Source: CCUpdate.exe, 00000007.00000003.2571029060.0000000000D00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://emupdate.avcdn.net/
Source: CCUpdate.exe	String found in binary or memory: http://emupdate.avcdn.net/files/emupdate/pong.txt
Source: CCUpdate.exe, 00000007.00000002.2688383482.0000000000CC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://emupdate.avcdn.net/files/emupdate/pong.txt32.dll
Source: CCUpdate.exe, 00000007.00000000.2510072602.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000007.00000002.2687185247.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000008.00000002.2527898318.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000008.00000000.2524315754.0000000000A34000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: http://emupdate.avcdn.net/files/emupdate/pong.txtAvEmUpdate
Source: CCUpdate.exe, 00000008.00000002.2527630454.0000000000728000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://emupdate.avcdn.net/files/emupdate/pong.txtUT32.dll
Source: CCUpdate.exe, 00000007.00000002.2688383482.0000000000D00000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000003.2571029060.0000000000D00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://emupdate.avcdn.net/files/emupdate/pong.txts
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://files.avast.com/beta9x/avast_free_antivirus_setup_online.exeASWSig2A5549FF2866EA44F68D28FB2B1
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://files.avast.com/iavs9x/avast_premier_antivirus_setup_online.exeASWSig2A5FB1A9FDC683FA551EB348
Source: CCUpdate.exe	String found in binary or memory: http://honzik.avcdn.net/diffs/
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://honzik.avcdn.net/setup/avast-tu/beta/avast_cleanup_online_setup.exeASWSig2A1E3DD1C1B204ED89FD
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://honzik.avcdn.net/setup/avast-tu/release/avast_cleanup_online_setup.exeASWSig2A4C1A1197A19B18F
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exeASWSig2A2D7E61EA63DA
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://honzik.avcdn.net/setup/avg-av/release/avg_internet_security_online_setup.exeASWSig2A40170EEB1
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://honzik.avcdn.net/setup/avg-bs/beta/avg_battery_saver_online_setup.exeASWSig2A4D178CA216002CE0
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://honzik.avcdn.net/setup/avg-bs/release/avg_battery_saver_online_setup.exeASWSig2A7E478FFFFFA84
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://honzik.avcdn.net/setup/avg-tu/beta/avg_tuneup_online_setup.exeASWSig2A51F05E8C170B452F21205C3
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://honzik.avcdn.net/setup/avg-tu/release/avg_tuneup_online_setup.exeASWSig2A19497FDBA8D930F12196
Source: CCUpdate.exe	String found in binary or memory: http://honzik.avcdn.net/universe/
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://keys.backup.norton.com
Source: CCleaner64.exe, 00000005.00000002.2560641566.00000197BC015000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ncc.avast.com/
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2560641566.00000197BBFAA000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://ncc.avast.com/ncc.txt
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://ncc.avast.com/ncc.txtavast_activationcodefull://C-type
Source: CCleaner64.exe, 00000005.00000002.2560641566.00000197BBFAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ncc.avast.com/ncc.txter
Source: CCleaner64.exe, 00000005.00000002.2562103985.00000197BE450000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ncc.avast.com:80/ncc.txtz
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000040A000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000000.2054490205.000000000040A000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270251081.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2294225394.000000000773A000.00000004.00000800.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270300318.0000000006001000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2284247616.000000000772B000.00000004.00000800.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0:
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp, CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: lw2HMxuVuf.exe, 00000000.00000003.2270251081.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288416809.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2275697474.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2294225394.000000000773A000.00000004.00000800.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288318115.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270427153.0000000005FFB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270319331.0000000005FFB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288480612.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293252543.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270401010.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293376550.0000000006003000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293393367.0000000005FFD000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2275697474.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288480612.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0N
Source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.msocsp.com0S
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://p%03d.sb.avast.com/V1/MD/Do
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp	String found in binary or memory: http://p%03d.sb.avast.com/V1/MD/avast_streambackraw_%03d://CommChannelAddr_StreambackGetBody
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp	String found in binary or memory: http://p%03d.sb.avast.com/V1/PD/Do
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://p%03d.sb.avast.com/V1/PD/avast_streambacksubmit_%03d://
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://p000.sb.avast.com/V1/PD/avast_streambackraw_000://https://auth-test.ff.avast.com/V1/REGavast_
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://program.avast.com/credit_monitor/avast_creditmonitor://avast_activationcodelegacy://https://a
Source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL
Source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLCopyright
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avast.com0/
Source: lw2HMxuVuf.exe, 00000000.00000003.2501478642.0000000005F26000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2501048660.0000000006530000.00000004.00000800.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2792248940.000000000092D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.com/ccleaner
Source: lw2HMxuVuf.exe, 00000000.00000002.2792248940.000000000092D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.com/go/app_license?p=1&l=
Source: lw2HMxuVuf.exe, 00000000.00000002.2794848571.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2766117669.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.com/go/app_license?p=1&l=1033&a=0
Source: lw2HMxuVuf.exe, 00000000.00000002.2792248940.000000000092D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.com/go/app_privacy?p=1&l=
Source: lw2HMxuVuf.exe, 00000000.00000002.2794848571.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2766117669.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.com/go/app_privacy?p=1&l=1033&a=0
Source: lw2HMxuVuf.exe, 00000000.00000002.2792248940.000000000092D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.com/go/app_releasenotes?p=
Source: lw2HMxuVuf.exe, 00000000.00000003.2766117669.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0
Source: lw2HMxuVuf.exe, 00000000.00000002.2794848571.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2766117669.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0$j
Source: lw2HMxuVuf.exe, 00000000.00000002.2794848571.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2766117669.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=02e
Source: lw2HMxuVuf.exe, 00000000.00000002.2794848571.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2766117669.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0Bj
Source: lw2HMxuVuf.exe, 00000000.00000003.2764150916.0000000003DDB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2795310869.0000000003DDC000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2580060589.0000000003DDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0net4
Source: lw2HMxuVuf.exe, 00000000.00000003.2765911965.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2795396615.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2764150916.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2501336799.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2580060589.0000000003DDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0ts
Source: lw2HMxuVuf.exe, 00000000.00000003.2764150916.0000000003DB2000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2795133723.0000000003DB2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0x
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://www.ccleaner.com/inapp/notificationsContent-Type:
Source: lw2HMxuVuf.exe, 00000000.00000002.2792248940.000000000092D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.comopen
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270251081.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288416809.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2275697474.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2294225394.000000000773A000.00000004.00000800.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288318115.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270427153.0000000005FFB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270319331.0000000005FFB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288480612.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293252543.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270401010.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293376550.0000000006003000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293393367.0000000005FFD000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2275697474.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288480612.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0~
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://www.gimp.org/xmp/
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://www.winimage.com/zLibDll
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://www.winimage.com/zLibDllNUL
Source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.zkysky.com.ar/This
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270300318.0000000006001000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270401010.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2284247616.000000000772B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaotak
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2284247616.000000000772B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingrms
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aefd.nelreports.net/api/report?cat=wsb
Source: lw2HMxuVuf.exe, 00000000.00000003.2769284851.000000000549B000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2798101974.000000000549C000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2798976484.0000000005F25000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000002.2561649308.00000197BD9D6000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 0000000E.00000003.2754172633.0000014794623000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/
Source: CCleaner64.exe, 0000000E.00000003.2754172633.0000014794623000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/(
Source: CCleaner64.exe, 00000005.00000002.2562103985.00000197BE520000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/S
Source: CCleaner64.exe, 0000000E.00000003.2754172633.0000014794623000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/ash
Source: CCleaner64.exe, 00000005.00000002.2562103985.00000197BE450000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/dll
Source: lw2HMxuVuf.exe, 00000000.00000002.2798976484.0000000005F25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/om
Source: CCleaner64.exe, 00000005.00000002.2561649308.00000197BD9D6000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000002.2562103985.00000197BE45C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/receive3
Source: lw2HMxuVuf.exe, 00000000.00000002.2798020466.0000000005470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/receive3H
Source: lw2HMxuVuf.exe, 00000000.00000002.2798976484.0000000005F25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/receive3r
Source: CCleaner64.exe, 00000005.00000002.2562103985.00000197BE450000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000002.2562103985.00000197BE4BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net:443/receive3
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.000000000772B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: lw2HMxuVuf.exe, lw2HMxuVuf.exe, 00000000.00000002.2823648359.000000006B7E5000.00000002.00000001.01000000.0000000A.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bits.avcdn.net/productfamily_ANTIVIRUS/insttype_FREE/platform_WIN/installertype_ONLINE/build
Source: lw2HMxuVuf.exe	String found in binary or memory: https://bits.avcdn.net/productfamily_ANTIVIRUS/insttype_FREE/platform_WIN_AVG/installertype_ONLINE/b
Source: CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://bits.avcdn.net/productfamily_ANTIVIRUS/insttype_ONE_FREE/platform_WIN/installertype_ONLINE/b
Source: CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://bits.avcdn.net/productfamily_ANTIVIRUS/insttype_ONE_PRO/platform_WIN/installertype_ONLINE/bu
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://brain.jumpshot.com/avast/ss/jumpshot_silentscanresults2://https://brain.jumpshot.com/avast/s
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp	String found in binary or memory: https://brain.jumpshot.com/avast/ss/reportjumpshot_silentscanresults://https://brain.jumpshot.com/av
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://ccleaner.com/go/app_cc_acknowledgements
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://ccleaner.com/go/app_cc_license_agreement
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://ccleaner.com/go/app_cc_privacy_data_factsheet
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://ccleaner.com/go/app_cc_privacy_policy
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://ccleaner.com/go/app_cc_privacy_product_policy
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleanerBugReport.exe, 0000000B.00000002.2666069416.00007FF66186A000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleanerBugReport.exe, 0000000B.00000002.2666069416.00007FF66186A000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://curl.se/docs/hsts.html
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleanerBugReport.exe, 0000000B.00000002.2666069416.00007FF66186A000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.000000000772B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fp-vp.azureedge.net/apc/trans.gif?7e9591e308dbda599df1fc08720a72a3
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fp-vp.azureedge.net/apc/trans.gif?c6a2869c584d2ea23c67c44abe1ec326
Source: CCleanerBugReport.exe, 0000000B.00000002.2666069416.00007FF66186A000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://hns.sb.avast.com
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avast-atrk/release/avast_antitrack_online_setup.exeASWSig2A532CCF5ABF
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avast-bg/beta/avast_breach_guard_online_setup.exeASWSig2A6DF674D10553
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avast-bg/release/avast_breach_guard_online_setup.exeASWSig2A2457920CE
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avast-bs/beta/avast_battery_saver_online_setup.exeASWSig2A3A3BE3789E6
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avast-bs/release/avast_battery_saver_online_setup.exeASWSig2A072492C0
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avast-du/beta/avast_driver_updater_online_setup.exeASWSig2A3CBDA28891
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avast-du/release/avast_driver_updater_online_setup.exeASWSig2A021F36B
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exeASWSig2A06FCDABA5742BE662
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avg-atrk/release/avg_antitrack_online_setup.exeASWSig2A2B99C8EA31CB6D
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avg-bg/beta/avg_breach_guard_online_setup.exeASWSig2A56213C511B9A9241
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avg-bg/release/avg_breach_guard_online_setup.exeASWSig2A14AA13983E189
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avg-du/beta/avg_driver_updater_online_setup.exeASWSig2A667B4A5D8ECDBD
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avg-du/release/avg_driver_updater_online_setup.exeASWSig2A24A39E8D727
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avg-vpn/release/avg_vpn_online_setup.exeASWSig2A27B1BBBA8E4138C4EDCFD
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://httphttpsasw.pancake.proto.Identityasw.pancake.proto.Productasw.pancake.proto.Settingsasw.pa
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://install.avcdn.net/avg/beta9x/avg_internet_security_setup.exeASWSig2A7D77EF27F362060AF957E761
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://install.avcdn.net/avg/iavs9x/avg_internet_security_setup.exeASWSig2A123D026AE3BEAC0AC7D4DC35
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://install.avcdn.net/avg/iavs9x/avg_internet_security_setup.exeASWSig2A357ACEF8FE55D8ED7E2EA469
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://install.avcdn.net/beta9x/avast_pro_antivirus_setup_online.exeASWSig2A579D90FED0C6441EE7B258F
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://install.avcdn.net/iavs9x/avast_free_antivirus_setup_online.exeASWSig2A2EC0971AB07DE15C30023C
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://install.avcdn.net/iavs9x/avast_pro_antivirus_setup_online.exeASWSig2A03A4D7B0044FDD707267F64
Source: CCUpdate.exe, CCUpdate.exe, 00000007.00000003.2534004735.0000000000D17000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000003.2533875197.0000000000D15000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ip-info.ff.avast.com/v2/info
Source: CCUpdate.exe, 00000007.00000000.2510072602.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000007.00000002.2687185247.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000008.00000002.2527898318.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000008.00000000.2524315754.0000000000A34000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: https://ip-info.ff.avast.com/v2/infocountry
Source: lw2HMxuVuf.exe, 00000000.00000003.2242932198.0000000003DB5000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2764150916.0000000003DB2000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2795133723.0000000003DB2000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2371999463.0000000003DB2000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2336816159.0000000003DB2000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2354021661.0000000003DB2000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2242833936.0000000003DB2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipm-provider.ff.avast.com/?p_elm=76&action=1&p_age=0&p_bau=0&p_bsls=0&p_chcc=2&p_chr=0&p_dvt
Source: lw2HMxuVuf.exe, 00000000.00000003.2242833936.0000000003DB2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipm-static.avcdn.net/content-assets-prod/
Source: lw2HMxuVuf.exe, 00000000.00000003.2242833936.0000000003DB2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipmcdn.avast.com/images/
Source: lw2HMxuVuf.exe, 00000000.00000003.2242932198.0000000003DB5000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2242833936.0000000003DB2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipmcdn.avast.com/images/Persistent-AuthWWW-AuthenticateVaryClientId=6cf3d2ac-bf28-4f57-80cd-
Source: lw2HMxuVuf.exe, 00000000.00000002.2795133723.0000000003DA9000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2764150916.0000000003D9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://license.piriform.com//
Source: lw2HMxuVuf.exe, 00000000.00000002.2795133723.0000000003DA9000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2764150916.0000000003D9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://license.piriform.com/0
Source: lw2HMxuVuf.exe, lw2HMxuVuf.exe, 00000000.00000002.2795450593.0000000003DF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2765729980.0000000003DF5000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2423261870.0000000005F1F000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2440494807.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2764150916.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2501336799.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2580060589.0000000003DDB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2423373462.0000000003DFA000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2423145055.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://license.piriform.com/product/v1/installcheck?p=1&v=6.30.11385&vx=&l=1033&b=1&o=10W6&g=0&i=1&
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://license.piriform.com/updateMozilla/4.0The
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp	String found in binary or memory: https://openid-stage.avast.comhttps://openid-stage.avg.comalpha-iqs-stage.ff.avast.comalpha-crap-sta
Source: CCleaner64.exe, 00000005.00000002.2561649308.00000197BD988000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://openid.avast.com
Source: CCleaner64.exe, 00000005.00000002.2561649308.00000197BD988000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://openid.avast.comp
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp	String found in binary or memory: https://openid.avg.commy-devices.avast.comalpha-rollout-service.ff.avast.comhttps://openid.avast.com
Source: CCleanerBugReport.exe, 0000000B.00000002.2666069416.00007FF66186A000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://packet-responder.ff.avast.com:8443Vaar-VersionVaar-Header-Content-Type0application/jsonnetwo
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://piriform.zendesk.com/hc/en-us/articles/204043884-Using-CCleaner-s-Drive-Wiper
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://piriform.zendesk.com/hc/en-us/articles/218109957-How-do-I-manage-browser-plugins-
Source: CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://s-trackoff.avcdn.net/avg/trackoff/7854df286ff1c4e1f4d81d466f4a1b0243b39837ac99c5b98817907f76
Source: CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://s-trackoff.avcdn.net/trackoff/8ad1526a87b9617cf6dd677cdf9f87a0e3fd1555b6a8828d87ec2bef2850fa
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://sciter.com/docs/content/script/Array.htm
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://sciter.com/forums/topic/plus-custom-output-formatter-wont-work-if-they-are-written-in-htm/#p
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://secure.ccleaner.com/502/uurl-90zu4qtn5p?x-source=833
Source: lw2HMxuVuf.exe, 00000000.00000002.2795133723.0000000003DA9000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2764150916.0000000003D9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://service.piriform.com/
Source: lw2HMxuVuf.exe, 00000000.00000002.2795133723.0000000003DA9000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2764150916.0000000003D9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://service.piriform.com/a
Source: lw2HMxuVuf.exe, 00000000.00000002.2792248940.000000000092D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://service.piriform.com/installcheck.aspx5.70.7909PrefsPrivacyShareData1stParty
Source: lw2HMxuVuf.exe, 00000000.00000003.2501336799.0000000003DDC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://service.piriform.com/installcheck.aspx?p=1&v=6.30.11385&vx=&l=1033&b=1&o=10W6&g=0&i=1&a=0&e=
Source: lw2HMxuVuf.exe, lw2HMxuVuf.exe, 00000000.00000003.2440442999.0000000005F43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shepherd.ff.avast.com/
Source: lw2HMxuVuf.exe, 00000000.00000003.2353823942.0000000003E08000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2440494807.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2764150916.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2501336799.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2580060589.0000000003DDB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2423373462.0000000003DFA000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2440494807.0000000003DDB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2423145055.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shepherd.ff.avast.com/?p_vep=6&p_ves=30&p_vbd=11385&p_lit=0&p_midex=1F2CCAD3812656C493060833
Source: lw2HMxuVuf.exe, 00000000.00000003.2371948448.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2336816159.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2765911965.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2795396615.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2440494807.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2764150916.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2501336799.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2580060589.0000000003DDB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2354021661.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2423145055.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shepherd.ff.avast.com/F?(e5
Source: lw2HMxuVuf.exe, 00000000.00000002.2792248940.000000000092D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shepherd.ff.avast.com/Mozilla/4.0
Source: lw2HMxuVuf.exe, 00000000.00000003.2371948448.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2336816159.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2765911965.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2795396615.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2440494807.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2764150916.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2501336799.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2580060589.0000000003DDB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2354021661.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2423145055.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shepherd.ff.avast.com/Y?
Source: lw2HMxuVuf.exe, 00000000.00000003.2440442999.0000000005F43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shepherd.ff.avast.com/cO
Source: CCleanerBugReport.exe, 0000000B.00000002.2666069416.00007FF66186A000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://submit.sb.avast.com
Source: CCleanerBugReport.exe, 0000000B.00000002.2666069416.00007FF66186A000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://viruslab-samples.sb.avast.com
Source: CCleanerBugReport.exe, 0000000B.00000002.2666069416.00007FF66186A000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://viruslab-samples.sb.avast.comhttps://submit.sb.avast.comhttps://hns.sb.avast.comhttps://winq
Source: CCleanerBugReport.exe, 0000000B.00000002.2666069416.00007FF66186A000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://winqual.sb.avast.com
Source: CCleanerBugReport.exe, 0000000B.00000003.2637778411.000001D24E877000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000003.2634530104.000001D24E877000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000002.2650423766.000001D24E877000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000003.2619892102.000001D24E877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://winqual.sb.avast.com/.MD
Source: CCleanerBugReport.exe, 0000000B.00000003.2637778411.000001D24E877000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000003.2623729160.000001D24E8D8000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000003.2634530104.000001D24E877000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000002.2650423766.000001D24E877000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000003.2637114350.000001D24E8E7000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000003.2619892102.000001D24E877000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000002.2661948121.000001D2503F0000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000003.2612294281.000001D24E8D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://winqual.sb.avast.com/V1/MD
Source: CCleanerBugReport.exe, 0000000B.00000003.2637778411.000001D24E877000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000003.2634530104.000001D24E877000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000002.2650423766.000001D24E877000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000003.2619892102.000001D24E877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://winqual.sb.avast.com/p_
Source: CCleanerBugReport.exe, 0000000B.00000003.2612294281.000001D24E8D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://winqual.sb.avast.com:443/V1/MD
Source: CCleanerBugReport.exe, 0000000B.00000003.2637778411.000001D24E877000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000003.2634530104.000001D24E877000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000002.2650423766.000001D24E877000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000003.2619892102.000001D24E877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://winqual.sb.avast.com:443/V1/MDMicrosoft
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.avast.com/lp-ppc-nbu-fav-cc
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/business
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/business/ccleaner-business-edition
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/ccleaner
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/ccleaner/browser
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/docs/ccleaner/ccleaner-settings/choosing-which-cookies-to-keep
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/docs/ccleaner/using-ccleaner/browser-cleaning
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/docs/ccleaner/using-ccleaner/managing-auto-starting-programs
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/docs/ccleaner/using-ccleaner/uninstalling-programs
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_cc_activation_error
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_cc_driver_update_failed
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_cc_failedtoupdate0x6
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_cc_get_updatehttps://license.piriform.com/updateMozilla/4.0cvtvolkmk
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_cc_help_performance_optimizer
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_cc_help_preloading
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_cc_help_schedule_setup?utm_source=ccleaner&utm_medium=application&ut
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_deactivated_help
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_du_support
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_du_survey
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_du_systemprotection
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_du_systemrestoreinfo
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_no_license_error
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_po_surveyContinueDemoViewSleepingProgramsPopup/PerformanceOptimizer/
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_uninstall_surveyinfnan(ind)nannan(snan)infnan(ind)nannan(snan)infnan
Source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.gendigital.com/
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ssllabs.com/ssltest/viewMyClient.htmlEnter

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50738
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50748
Source: unknown	Network traffic detected: HTTP traffic on port 50417 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50508
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50740
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50741
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 50738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50515
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50519
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50518
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50750
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50269 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 50714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 50280 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50527
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50520
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 50622 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50701
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 50656 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 50748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50717
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50534 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50728
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50573
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50572
Source: unknown	Network traffic detected: HTTP traffic on port 50632 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50343
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50345
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50587
Source: unknown	Network traffic detected: HTTP traffic on port 50289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50592
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50597
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50596
Source: unknown	Network traffic detected: HTTP traffic on port 50374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50598
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 50442 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50371
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 50736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50534
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50444 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50569
Source: unknown	Network traffic detected: HTTP traffic on port 50372 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50565
Source: unknown	Network traffic detected: HTTP traffic on port 50746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50295
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 50286 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50343 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 50652 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 50515 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50572 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 50527 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50266
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50269
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 50677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50468 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50596 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50280
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50446 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50285
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50287
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50286
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50289
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50288
Source: unknown	Network traffic detected: HTTP traffic on port 50375 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50650 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50290
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50292
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50291
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50293
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50598 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50649 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50345 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 50229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 50625 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 50751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 50519 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50520 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 50692 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 50508 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50622
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50625
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50624
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50626
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845

Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.24.1:443 -> 192.168.2.5:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.175.102:443 -> 192.168.2.5:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.209.22:443 -> 192.168.2.5:49803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.209.22:443 -> 192.168.2.5:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.175.102:443 -> 192.168.2.5:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49825 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49840 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49839 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49849 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49851 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49862 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49872 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49876 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49894 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49895 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49895 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49909 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49918 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49919 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49935 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49936 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49951 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49953 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49965 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49981 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.175.102:443 -> 192.168.2.5:49986 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.5:49996 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.24.1:443 -> 192.168.2.5:49993 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.24.1:443 -> 192.168.2.5:49994 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.175.102:443 -> 192.168.2.5:49995 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49998 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50013 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50014 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.5:50017 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.175.102:443 -> 192.168.2.5:50016 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50023 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50024 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50026 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50033 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50042 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.202.126:443 -> 192.168.2.5:50044 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50045 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50052 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50060 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50062 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50064 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50079 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50110 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.202.126:443 -> 192.168.2.5:50126 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50141 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50182 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50226 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.24.1:443 -> 192.168.2.5:50229 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50230 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50231 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50269 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50345 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50352 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50416 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50477 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50508 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50527 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50592 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50698 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

Reads the Security eventlog

Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\PowerShell
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\PowerShell
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\PowerShell
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security

Reads the System eventlog

Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PowerShell
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PowerShell
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System

System Summary

Contains functionality to call native functions

Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009CE1E7 __EH_prolog3_catch_GS,GetSystemTime,GetCurrentProcessId,CreateFileW,GetLastError,Sleep,GetLastError,WriteFile,WriteFile,WriteFile,WriteFile,GetFileSizeEx,NtSetInformationFile,OutputDebugStringW,CloseHandle,		7_2_009CE1E7
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: 9_2_00007FF669F3B4C0 GetModuleHandleW,GetProcAddress,NtQueryInformationProcess,GetCurrentProcess,NtQueryInformationProcess,		9_2_00007FF669F3B4C0

Contains functionality to communicate with device drivers

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

Code function: 0_2_6B74CFD0: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle,

0_2_6B74CFD0

Contains functionality to launch a process as a different user

Source: C:\Program Files\CCleaner\CCUpdate.exe

Code function: 7_2_009D1DEA __EH_prolog3,CreateProcessW,CreateEnvironmentBlock,CreateProcessAsUserW,GetLastError,WaitForSingleObject,GetExitCodeProcess,DestroyEnvironmentBlock,CloseHandle,CloseHandle,CloseHandle,

7_2_009D1DEA

Creates files inside the system directory

Source: C:\Program Files\CCleaner\CCleaner64.exe	File created: C:\Windows\Tasks\CCleanerCrashReporting.job			Jump to behavior
Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Detected potential crypto function

Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009F11B0	7_2_009F11B0
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009EC220	7_2_009EC220
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009F34D0	7_2_009F34D0
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009E9410	7_2_009E9410
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009E4904	7_2_009E4904
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009B3080	7_2_009B3080
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009F00DD	7_2_009F00DD
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A0E0F2	7_2_00A0E0F2
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009FA070	7_2_009FA070
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009C0283	7_2_009C0283
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A20222	7_2_00A20222
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A27264	7_2_00A27264
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009F9270	7_2_009F9270
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009C43B7	7_2_009C43B7
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009B73A0	7_2_009B73A0
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009FC330	7_2_009FC330
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009C1487	7_2_009C1487
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009FA4B0	7_2_009FA4B0
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A214DA	7_2_00A214DA
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A0E457	7_2_00A0E457
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009C257B	7_2_009C257B
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009FE8B0	7_2_009FE8B0
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009FD810	7_2_009FD810
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009ED9A0	7_2_009ED9A0
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009FE9A0	7_2_009FE9A0
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009BF91B	7_2_009BF91B
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009DD93E	7_2_009DD93E
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009F9AA0	7_2_009F9AA0
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009BDBDD	7_2_009BDBDD
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A0DDAA	7_2_00A0DDAA
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A18D28	7_2_00A18D28
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A1AD10	7_2_00A1AD10
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009F9D20	7_2_009F9D20
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009EEE10	7_2_009EEE10
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009EFFC0	7_2_009EFFC0
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009C0F36	7_2_009C0F36
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: 9_2_00007FF669F0C400	9_2_00007FF669F0C400
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: 9_2_00007FF66A0AD458	9_2_00007FF66A0AD458
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: 9_2_00007FF669F089B0	9_2_00007FF669F089B0
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: 9_2_00007FF669F0B1E0	9_2_00007FF669F0B1E0
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: 9_2_00007FF66A0AC1E0	9_2_00007FF66A0AC1E0
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: 9_2_00007FF669EF1F20	9_2_00007FF669EF1F20
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: 9_2_00007FF66A0AF7BC	9_2_00007FF66A0AF7BC
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: 9_2_00007FF669EF20AB	9_2_00007FF669EF20AB

Found potential string decryption / allocating functions

Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: String function: 00007FF669F14AB0 appears 58 times
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: String function: 00A06B60 appears 58 times
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: String function: 00A1C919 appears 37 times
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: String function: 009CE1D8 appears 199 times
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: String function: 009CE6CC appears 96 times
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: String function: 00A06992 appears 135 times
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: String function: 00A0F9D3 appears 81 times
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: String function: 00A069C5 appears 43 times

PE file contains executable resources (Code or Archives)

Source: lang-1032.dll.0.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: lang-1032.dll.0.dr	Static PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable
Source: lang-1032.dll.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 demand-paged pure executable not stripped
Source: lang-1034.dll.0.dr	Static PE information: Resource name: RT_STRING type: 0420 Alliant virtual executable not stripped
Source: lang-1036.dll.0.dr	Static PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-III ECOFF executable not stripped - version 0.109
Source: lang-1036.dll.0.dr	Static PE information: Resource name: RT_STRING type: 0421 Alliant compact executable not stripped
Source: lang-1038.dll.0.dr	Static PE information: Resource name: RT_STRING type: basic-16 executable not stripped
Source: lang-1043.dll.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 pure executable not stripped
Source: lang-1043.dll.0.dr	Static PE information: Resource name: RT_STRING type: 0421 Alliant compact executable not stripped
Source: lang-1045.dll.0.dr	Static PE information: Resource name: RT_STRING type: 370 XA sysV executable not stripped
Source: lang-1046.dll.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 executable not stripped
Source: lang-1048.dll.0.dr	Static PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable
Source: lang-1048.dll.0.dr	Static PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable
Source: lang-1050.dll.0.dr	Static PE information: Resource name: RT_STRING type: iAPX 286 executable large model (COFF) not stripped
Source: lang-1051.dll.0.dr	Static PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable
Source: lang-1053.dll.0.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: lang-1026.dll.0.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM)
Source: lang-1026.dll.0.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: lang-1029.dll.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 demand-paged pure executable not stripped
Source: lang-1032.dll0.0.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: lang-1032.dll0.0.dr	Static PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable
Source: lang-1032.dll0.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 demand-paged pure executable not stripped
Source: lang-1034.dll0.0.dr	Static PE information: Resource name: RT_STRING type: 0420 Alliant virtual executable not stripped
Source: lang-1055.dll.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 demand-paged pure executable not stripped
Source: lang-1056.dll.0.dr	Static PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable
Source: lang-1057.dll.0.dr	Static PE information: Resource name: RT_STRING type: 370 sysV pure executable not stripped
Source: lang-1057.dll.0.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM)
Source: lang-1057.dll.0.dr	Static PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable
Source: lang-1058.dll.0.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM)
Source: lang-1058.dll.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 executable not stripped - version 4
Source: lang-1060.dll.0.dr	Static PE information: Resource name: RT_STRING type: iAPX 286 executable small model (COFF) not stripped
Source: lang-1060.dll.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 separate I&D executable not stripped
Source: lang-1060.dll.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 pure executable not stripped
Source: lang-1063.dll.0.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: lang-1063.dll.0.dr	Static PE information: Resource name: RT_STRING type: x86 executable (TV) not stripped
Source: lang-1063.dll.0.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: lang-1065.dll.0.dr	Static PE information: Resource name: RT_STRING type: x86 executable (TV) not stripped
Source: lang-1065.dll.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 demand-paged pure executable not stripped
Source: lang-1036.dll0.0.dr	Static PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-III ECOFF executable not stripped - version 0.109
Source: lang-1036.dll0.0.dr	Static PE information: Resource name: RT_STRING type: 0421 Alliant compact executable not stripped
Source: lang-1038.dll0.0.dr	Static PE information: Resource name: RT_STRING type: basic-16 executable not stripped
Source: lang-1043.dll0.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 pure executable not stripped
Source: lang-1043.dll0.0.dr	Static PE information: Resource name: RT_STRING type: 0421 Alliant compact executable not stripped
Source: lang-1045.dll0.0.dr	Static PE information: Resource name: RT_STRING type: 370 XA sysV executable not stripped
Source: lang-1066.dll.0.dr	Static PE information: Resource name: RT_STRING type: 0421 Alliant compact executable not stripped
Source: lang-1081.dll.0.dr	Static PE information: Resource name: RT_STRING type: x86 executable not stripped
Source: lang-1081.dll.0.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM)
Source: lang-1086.dll.0.dr	Static PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-II ECOFF executable not stripped - version 0.108
Source: lang-1046.dll0.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 executable not stripped
Source: lang-1048.dll0.0.dr	Static PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable
Source: lang-1048.dll0.0.dr	Static PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable
Source: lang-1050.dll0.0.dr	Static PE information: Resource name: RT_STRING type: iAPX 286 executable large model (COFF) not stripped
Source: lang-1051.dll0.0.dr	Static PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable
Source: lang-1053.dll0.0.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: lang-1055.dll0.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 demand-paged pure executable not stripped
Source: lang-1056.dll0.0.dr	Static PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable

PE file does not import any functions

Source: lang-1054.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1050.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1041.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1056.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1035.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1038.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1053.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1044.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1026.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1050.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1081.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1090.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1032.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1042.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1087.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1063.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1092.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1034.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1049.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1040.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1036.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1028.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1034.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1086.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1040.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1053.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1057.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1046.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1062.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1045.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1056.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1051.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1043.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1068.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1027.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1079.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1037.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1041.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1052.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1067.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1058.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1055.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1052.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1044.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1043.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1046.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1049.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1061.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1055.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1060.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1031.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1037.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1066.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1054.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1025.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1048.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1038.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1029.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1045.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1032.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1036.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1051.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1071.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1030.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1065.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1042.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1035.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1059.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1048.dll0.0.dr	Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameButtonEvent.dllR vs lw2HMxuVuf.exe
Source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepfUI.dll* vs lw2HMxuVuf.exe
Source: lw2HMxuVuf.exe, 00000000.00000002.2860356752.000000006C63B000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamepfBL.dll* vs lw2HMxuVuf.exe
Source: lw2HMxuVuf.exe, 00000000.00000002.2827457833.000000006B823000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: OriginalFilenameAvastAdSDK_Release Static.dll@ vs lw2HMxuVuf.exe
Source: lw2HMxuVuf.exe, 00000000.00000002.2798976484.0000000005F15000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameccleaner.exe2 vs lw2HMxuVuf.exe
Source: lw2HMxuVuf.exe, 00000000.00000003.2764951451.0000000005F37000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameccleaner.exe2 vs lw2HMxuVuf.exe
Source: lw2HMxuVuf.exe, 00000000.00000002.2799288435.0000000005F37000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameccleaner.exe2 vs lw2HMxuVuf.exe
Source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameAvastAdSDK_Release Static.dll@ vs lw2HMxuVuf.exe
Source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameButtonEvent.dllR vs lw2HMxuVuf.exe
Source: lw2HMxuVuf.exe, 00000000.00000002.2803313882.000000006B5CD000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: OriginalFilenamepfUI.dll* vs lw2HMxuVuf.exe
Source: lw2HMxuVuf.exe, 00000000.00000002.2800303822.000000006A168000.00000002.00000001.01000000.00000014.sdmp	Binary or memory string: OriginalFilenameServiceUninstaller.dllF vs lw2HMxuVuf.exe

Uses 32bit PE files

Source: lw2HMxuVuf.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal42.spyw.evad.winEXE@75/464@185/41

Source: C:\Program Files\CCleaner\CCUpdate.exe

Code function: 7_2_009D1D1B GetCurrentThread,OpenThreadToken,OpenThreadToken,GetLastError,GetLastError,ImpersonateSelf,GetLastError,OpenThreadToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,

7_2_009D1D1B

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

Code function: 0_2_6B749230 GetDiskFreeSpaceExW,

0_2_6B749230

Source: C:\Program Files\CCleaner\CCUpdate.exe

Code function: 7_2_009D4221 __EH_prolog3_align,VariantInit,CoCreateInstance,VariantClear,VariantClear,CoCreateInstance,

7_2_009D4221

Source: C:\Program Files\CCleaner\CCUpdate.exe

Code function: 7_2_009B9C9A LoadResource,LockResource,SizeofResource,

7_2_009B9C9A

Source: C:\Program Files\CCleaner\CCUpdate.exe

Code function: 7_2_009D206A OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,QueryServiceStatus,QueryServiceStatusEx,ControlService,ControlService,Sleep,QueryServiceStatus,OpenProcess,TerminateProcess,CloseHandle,Sleep,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,

7_2_009D206A

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

File created: C:\Program Files\CCleaner

Jump to behavior

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\RX3GZ0SR.txt

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Program Files\CCleaner\CCleaner64.exe	Mutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_SystemTraySingleIcon
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1524:120:WilError_03
Source: C:\Program Files\CCleaner\CCleaner64.exe	Mutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_Monitoring
Source: C:\Program Files\CCleaner\CCleaner64.exe	Mutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_MainInstance
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6444:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3424:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4308:120:WilError_03
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\AvastBugReport-F44FD5F2-ED43-485f-8A66-041B81E21AC2
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7068:120:WilError_03
Source: C:\Program Files\CCleaner\CCleaner64.exe	Mutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_PreventSecondInstance
Source: C:\Program Files\CCleaner\CCleaner64.exe	Mutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_SystemTrayMonitorIconActive
Source: C:\Program Files\CCleaner\CCUpdate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\CCleanerSetupMutex
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1380:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1052:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5708:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5796:120:WilError_03
Source: C:\Program Files\CCleaner\CCleaner64.exe	Mutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_SystemTrayIconActive

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

File created: C:\Users\user\AppData\Local\Temp\nsq31DE.tmp

Jump to behavior

Source: lw2HMxuVuf.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select name,processid,commandline,executablepath from win32_process
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecNotificationQuery - root\cimv2 : SELECT ProcessID FROM Win32_ProcessTrace WHERE __CLASS = 'Win32_ProcessStartTrace' OR __CLASS = 'Win32_ProcessStopTrace'
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: lw2HMxuVuf.exe, 00000000.00000002.2802761039.000000006B239000.00000008.00000001.01000000.0000000B.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: lw2HMxuVuf.exe, 00000000.00000002.2802761039.000000006B239000.00000008.00000001.01000000.0000000B.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);

Source: lw2HMxuVuf.exe	String found in binary or memory: Config-NameCCleaner_cc-ui-launch-in-the-background_cloud-cleaning-tools_distribution---driver-updater_distribution---google-drive-debug_distribution---hc-add-results-flow_hcv2-rollout_distribution---notification-centre_distribution---opswatsoftwareupdater_dist
Source: lw2HMxuVuf.exe	String found in binary or memory: Config-NameCCleaner_cc-ui-launch-in-the-background_cloud-cleaning-tools_distribution---driver-updater_distribution---google-drive-debug_distribution---hc-add-results-flow_hcv2-rollout_distribution---notification-centre_distribution---opswatsoftwareupdater_dist
Source: lw2HMxuVuf.exe	String found in binary or memory: ttps://service.piriform.com/installcheck.aspx?p=1&v=6.30.11385&vx=&l=1033&b=1&o=10W6&g=0&i=1&a=0&e=0&n=lw2HMxuVuf.exe&id=003&mk=PH
Source: lw2HMxuVuf.exe	String found in binary or memory: OptimizationTargetPrediction,OptimizationHints --start-maximized --load-extension=C:\Windows\crx --single-argument http://www.ccle
Source: lw2HMxuVuf.exe	String found in binary or memory: https://license.piriform.com/product/v1/installcheck?p=1&v=6.30.11385&vx=&l=1033&b=1&o=10W6&g=0&i=1&a=0&e=0&n=lw2HMxuVuf.exe&id=00
Source: lw2HMxuVuf.exe	String found in binary or memory: expressvpn-browser-helper.exe
Source: lw2HMxuVuf.exe	String found in binary or memory: productfamily_HMA/insttype_PRO/platform_WIN/installertype_ONLINE/build_RELEASE
Source: lw2HMxuVuf.exe	String found in binary or memory: productfamily_BATTERY_SAVER/insttype_PRO/platform_WIN/installertype_ONLINE/build_RELEASE/trialid_mmm_ccl_prm_005_814_m
Source: lw2HMxuVuf.exe	String found in binary or memory: productfamily_KAMO/insttype_PRO/platform_WIN/installertype_ONLINE/build_RELEASE
Source: lw2HMxuVuf.exe	String found in binary or memory: https://bits.avcdn.net/productfamily_ANTIVIRUS/insttype_FREE/platform_WIN_AVG/installertype_ONLINE/build_RELEASE
Source: lw2HMxuVuf.exe	String found in binary or memory: https://bits.avcdn.net/productfamily_ANTIVIRUS/insttype_FREE/platform_WIN/installertype_ONLINE/build_RELEASE
Source: lw2HMxuVuf.exe	String found in binary or memory: https://bits.avcdn.net/productfamily_ANTIVIRUS/insttype_ONE_FREE/platform_WIN/installertype_ONLINE/build_RELEASE
Source: CCUpdate.exe	String found in binary or memory: /installer

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

File read: C:\Users\user\Desktop\lw2HMxuVuf.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\lw2HMxuVuf.exe "C:\Users\user\Desktop\lw2HMxuVuf.exe"
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe" /createSkipUAC
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process created: C:\Program Files\CCleaner\CCUpdate.exe "C:\Program Files\CCleaner\CCUpdate.exe" /reg
Source: unknown	Process created: C:\Program Files\CCleaner\CCUpdate.exe "C:\Program Files\CCleaner\CCUpdate.exe"
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\CCleanerCrashDump.exe "C:\Program Files\CCleaner\CCleanerCrashDump.exe" --pid 1272 --exception_ptr 0000007E054FD2C0 --thread_id 5744 --dump_level 21 --dump_file "C:\Program Files\CCleaner\LOG\unp31145570364458760i-unhandled.mdmp" --comment "" --min_interval 60
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Program Files\CCleaner\CCleanerBugReport.exe "C:\Program Files\CCleaner\CCleanerBugReport.exe" --product 90 --send dumps\|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "aa2c86aa-7fc5-4c8e-a69d-19a7dbc0b72a" --version "6.30.11385" --silent
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Program Files\CCleaner\CCleaner.exe "C:\Program Files\CCleaner\CCleaner.exe" 0
Source: C:\Program Files\CCleaner\CCleaner.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner.exe" 0
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2004,i,4752939339511443600,2295827606538063107,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\CCleaner\CCUpdate.exe	Process created: C:\Program Files\CCleaner\CCUpdate.exe CCUpdate.exe /emupdater /applydll "C:\Program Files\CCleaner\Setup\92a778af-76d6-4186-8535-ae66d08f623f.dll"
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe" /monitor
Source: unknown	Process created: C:\Windows\System32\wbem\unsecapp.exe C:\Windows\system32\wbem\unsecapp.exe -Embedding
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe --pid=3276
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe "C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe"
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe --pid=2992
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe --pid=3276
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Source: unknown	Process created: C:\Program Files\CCleaner\CCleaner.exe "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
Source: C:\Program Files\CCleaner\CCleaner.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /S /C ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -ExecutionPolicy Bypass "(Get-ItemProperty 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe').VersionInfo.FileDescription" > "C:\Users\user\AppData\Local\Temp\OPSBBCA.tmp" 2> "C:\Users\user\AppData\Local\Temp\OPSBBCB.tmp""
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -ExecutionPolicy Bypass "(Get-ItemProperty 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe').VersionInfo.FileDescription"
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe --pid=2992
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /S /C ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -ExecutionPolicy Bypass "(Get-ItemProperty 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe').VersionInfo.FileDescription" > "C:\Users\user\AppData\Local\Temp\OPSD146.tmp" 2> "C:\Users\user\AppData\Local\Temp\OPSD147.tmp""
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -ExecutionPolicy Bypass "(Get-ItemProperty 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe').VersionInfo.FileDescription"
Source: unknown	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Source: unknown	Process created: C:\Program Files\CCleaner\CCleaner.exe "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
Source: C:\Program Files\CCleaner\CCleaner.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\CCleanerCrashDump.exe "C:\Program Files\CCleaner\CCleanerCrashDump.exe" --pid 7236 --exception_ptr 0000005CCC9FD640 --thread_id 8100 --dump_level 21 --dump_file "C:\Program Files\CCleaner\LOG\unp31145570997760611i-unhandled.mdmp" --comment "" --min_interval 60
Source: C:\Program Files\CCleaner\CCleaner.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe" /createSkipUAC	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process created: C:\Program Files\CCleaner\CCUpdate.exe "C:\Program Files\CCleaner\CCUpdate.exe" /reg	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe"	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\CCleanerCrashDump.exe "C:\Program Files\CCleaner\CCleanerCrashDump.exe" --pid 1272 --exception_ptr 0000007E054FD2C0 --thread_id 5744 --dump_level 21 --dump_file "C:\Program Files\CCleaner\LOG\unp31145570364458760i-unhandled.mdmp" --comment "" --min_interval 60	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Process created: C:\Program Files\CCleaner\CCUpdate.exe CCUpdate.exe /emupdater /applydll "C:\Program Files\CCleaner\Setup\92a778af-76d6-4186-8535-ae66d08f623f.dll"	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner.exe" 0
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe" /monitor
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe --pid=3276
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe --pid=3276
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2004,i,4752939339511443600,2295827606538063107,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe --pid=2992
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe --pid=2992
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /S /C ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -ExecutionPolicy Bypass "(Get-ItemProperty 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe').VersionInfo.FileDescription" > "C:\Users\user\AppData\Local\Temp\OPSBBCA.tmp" 2> "C:\Users\user\AppData\Local\Temp\OPSBBCB.tmp""
Source: C:\Program Files\CCleaner\CCleaner.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -ExecutionPolicy Bypass "(Get-ItemProperty 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe').VersionInfo.FileDescription"
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /S /C ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -ExecutionPolicy Bypass "(Get-ItemProperty 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe').VersionInfo.FileDescription" > "C:\Users\user\AppData\Local\Temp\OPSD146.tmp" 2> "C:\Users\user\AppData\Local\Temp\OPSD147.tmp""
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -ExecutionPolicy Bypass "(Get-ItemProperty 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe').VersionInfo.FileDescription"
Source: C:\Program Files\CCleaner\CCleaner.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\CCleanerCrashDump.exe "C:\Program Files\CCleaner\CCleanerCrashDump.exe" --pid 7236 --exception_ptr 0000005CCC9FD640 --thread_id 8100 --dump_level 21 --dump_file "C:\Program Files\CCleaner\LOG\unp31145570997760611i-unhandled.mdmp" --comment "" --min_interval 60

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: wscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: esent.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: powrprof.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: winhttp.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: version.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: umpdc.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: dbghelp.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: dbgcore.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: wldp.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: profapi.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: webio.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: mswsock.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: winnsi.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: sspicli.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: schannel.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: ntasn1.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: ncrypt.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: msasn1.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: gpapi.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: dpapi.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: winhttp.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: userenv.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: powrprof.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: dxgi.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: dbghelp.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: winmm.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: secur32.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: urlmon.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: oleacc.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: usp10.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: iertutil.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: srvcli.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: netutils.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: sspicli.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: umpdc.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: dbgcore.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: userenv.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: powrprof.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dxgi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dbghelp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: winmm.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: secur32.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: urlmon.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: oleacc.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: usp10.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: winhttp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: iertutil.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: srvcli.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: netutils.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: sspicli.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: umpdc.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dbgcore.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: windowscodecs.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: taskschd.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: wldp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: profapi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: mstask.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: mpr.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: version.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: webio.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: mswsock.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: winnsi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: atlthunk.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: winsta.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: d2d1.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dwrite.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dwmapi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dataexchange.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: d3d11.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dcomp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: twinapi.appcore.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: textshaping.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: wscapi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: netprofm.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: npmproxy.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: msasn1.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: newdev.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: devobj.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: devrtl.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: d3d10warp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dxcore.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dpapi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: ntmarta.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: amsi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: xmllite.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: schannel.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: textinputframework.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: coremessaging.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: coremessaging.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: wintypes.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: wintypes.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: wintypes.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: appresolver.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: bcp47langs.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: slc.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: sppc.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: propsys.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: linkinfo.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: ntshrui.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: cscapi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: policymanager.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: taskflowdataengine.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: cdp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dsreg.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: rstrtmgr.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: ncrypt.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: ntasn1.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: msasn1.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: gpapi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: esent.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: msimg32.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: libwaheap.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: libwautils.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: msi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: msi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: mpr.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: authz.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: netapi32.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: logoncli.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: samcli.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: edputil.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dsparse.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: apphelp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: explorerframe.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: wininet.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: drvstore.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: spinf.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: rstrtmgr.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: rstrtmgr.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: ieframe.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: wkscli.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: sxs.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: msiso.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: mshtml.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: srpapi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: msimtf.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: msls31.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: mlang.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: jscript9.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: imgutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: userenv.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: powrprof.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dxgi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dbghelp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: winmm.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: secur32.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: urlmon.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: oleacc.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: usp10.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: winhttp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: iertutil.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: srvcli.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: netutils.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: sspicli.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: umpdc.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dbgcore.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: windowscodecs.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: taskschd.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: wldp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: profapi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: mstask.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: mpr.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: version.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: cryptsp.dll

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Program Files\CCleaner\CCUpdate.exe

File written: C:\Program Files\CCleaner\Setup\02cb0e58-d7f9-4650-aaa3-c382df995438.ini

Jump to behavior

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Automated click: OK
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Automated click: Install
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Automated click: OK
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Automated click: Install

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\CCleaner\CCleaner64.exe	Window detected: Number of UI elements: 12
Source: C:\Program Files\CCleaner\CCleaner64.exe	Window detected: Number of UI elements: 12

Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleaner.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleaner64.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCUpdate.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1025.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1026.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1027.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1028.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1029.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1030.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1031.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1032.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1034.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1035.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1036.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1037.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1038.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1040.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1041.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1042.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1043.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1044.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1045.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1046.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1048.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1049.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1050.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1051.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1052.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1053.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1054.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1055.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1056.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1057.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1058.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1059.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1060.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1061.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1062.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1063.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1065.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1066.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1067.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1068.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1079.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1071.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1081.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1086.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1087.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1090.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1092.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1093.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1102.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1104.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1109.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1110.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1155.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-2052.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-2070.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-2074.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-3098.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-5146.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-9999.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleanerDU.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleanerPerformanceOptimizer.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleanerReactivator.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\libwaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\libwaheap.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\libwalocal.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\libwaresource.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\libwautils.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\libwavmodapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleanerBugReport.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleanerReactivator.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\uninst.exe	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Setup\config.def	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Directory created: C:\Program Files\CCleaner\Setup\	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Directory created: C:\Program Files\CCleaner\Setup\02cb0e58-d7f9-4650-aaa3-c382df995438.ini	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Directory created: C:\Program Files\CCleaner\Setup\92a778af-76d6-4186-8535-ae66d08f623f.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Directory created: C:\Program Files\CCleaner\Setup\9c909bc2-cad9-48a5-8b4a-a855a60d0635.xml	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Directory created: C:\Program Files\CCleaner\log\DumpProcess.log.tmp.f53516a7-b1d4-4e35-9f9f-5bf19acd8d46	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Directory created: C:\Program Files\CCleaner\LOG\unp31145570364458760i-unhandled.mdmp	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Directory created: C:\Program Files\CCleaner\LOG\last.dump	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Directory created: C:\Program Files\CCleaner\log\BugReport.log.tmp.dae51f4d-55cc-41f8-b071-6a014d36c644
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Directory created: C:\Program Files\CCleaner\log\BugReport.status
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\gcapi_dll.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\DriverUpdaterLib.log.tmp.accacbd3-aee6-455d-9f5d-9609fdf807c7
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\DriverUpdEng.log.tmp.62d78b02-53aa-4397-82ba-6f79541c1b50
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\DriverUpdEngTask.log.tmp.25e35e65-8152-4023-ad23-4ef6ff68a13b
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\journal
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\log
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\report
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\chest
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\moved
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\fw
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\event_manager.log.tmp.57b5a0f5-3c1f-4a68-8856-fdecb876f055
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\burger_client
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\burger_client\825E3DD4-926B-4EB9-A66E-9F88AAD28A0F
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\usercfg.ini
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\44ED97C8-2D40-4A50-913D-673F6858B9AF
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\BackupStorage
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\203abf8c-03ea-4cb7-b490-fe04ea1c26bb
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\su_controller.log.tmp.528f08fa-e71c-4268-add3-1b0450e8eb1a
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\su_telemetry.log.tmp.3dbb3c72-b585-4e54-aa6e-48787f35bd13
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\burger_client
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\burger_client\825E3DD4-926B-4EB9-A66E-9F88AAD28A0F
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\44ED97C8-2D40-4A50-913D-673F6858B9AF
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\2bab7519-4020-4dae-a822-3e7f39e8fa82
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\su_adapter.log.tmp.5669dd20-a121-429d-bc95-a17865357101
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\DUState.dat
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\StateHistory
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\StateHistory\DUState 2024-11-24 11-16-32-817.dat
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\StateHistory\InitialDUState V24_2.dat
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\gcapi_dll.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\StateHistory\DUState 2024-11-24 11-17-08-263.dat
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\gcapi_dll.dll
Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe	Directory created: C:\Program Files\CCleaner\LOG\pd.log.tmp.ecbf8d94-bb5d-46ed-abbb-da465ab5d3b8

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner

Jump to behavior

Source: lw2HMxuVuf.exe

Static PE information: certificate valid

Source: lw2HMxuVuf.exe

Static file information: File size 86349752 > 1048576

Source: lw2HMxuVuf.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: UxTheme.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: CLBCatQ.pdbr; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rsaenh.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winnsi.pdb`; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bcrypt.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wbemcomn.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: taskschd.pdbw; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\c1dae475bef2edc0\bin_x86\v143\Release Static\neutral\pfUI_link.pdb# source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2802095777.000000006B047000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: cryptsp.pdbo; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mskeyprotect.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcrt.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winnsi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: cryptsp.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: advapi32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\67d9289f94964a81\BUILDS\Release\x86\CCUpdate.pdb source: CCUpdate.exe, 00000007.00000000.2510072602.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000007.00000002.2687185247.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000008.00000002.2527898318.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000008.00000000.2524315754.0000000000A34000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: CLBCatQ.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: urlmon.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: schannel.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: shlwapi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: taskschd.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\work\848d668bab18d6e2\bin_x86\v142\Release Static\neutral\ServiceUninstaller_link.pdb source: lw2HMxuVuf.exe, 00000000.00000002.2800041545.000000006A14B000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: kernel32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2557982481.000001A4341F0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: usp10.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: oleacc.pdb.A source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: win32u.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: urlmon.pdb)A source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: srvcli.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: imm32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gcapi_dll.dll.pdb\| source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: comdlg32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ws2_32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winspool.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mswsock.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: iphlpapi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nsi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: webio.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winmm.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: cfgmgr32.pdb~; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gpapi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: powrprof.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ole32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gcapi_dll.dll.pdb source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: iertutil.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: imm32.pdb$A source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msasn1.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\_av\BUILDS\Release\x86\emupdate.pdb source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\c1dae475bef2edc0\bin_x86\v143\Release Static\neutral\pfBL_link.pdb source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: C:\BUILD\work\8889074bed3874b9\bin\CCleaner\Release Static\x64\CCleaner64.pdb source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: cfgmgr32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: combase.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Windows.Storage.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\7f23b0fca235e2b8\BUILDS\Release\x64\AvBugReport.pdb source: CCleanerBugReport.exe, 0000000B.00000002.2666069416.00007FF66186A000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: ncrypt.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: secur32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dpapi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: apphelp.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rasadhlp.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: UMPDC.pdbc; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: kernelbase.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: netutils.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\c1dae475bef2edc0\bin_x86\v143\Release Static\neutral\pfUI_link.pdb source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2802095777.000000006B047000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: UMPDC.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dhcpcsvc.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rpcrt4.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: netutils.pdby; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: fastprox.pdbe; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: schannel.pdbt; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: shcore.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: oleacc.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: shell32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sspicli.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp_win.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dnsapi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\7f23b0fca235e2b8\BUILDS\Release\x64\avDump.pdb source: CCleanerCrashDump.exe, 00000009.00000002.2559469510.00007FF66A0F9000.00000002.00000001.01000000.00000019.sdmp, CCleanerCrashDump.exe, 00000009.00000000.2543417283.00007FF66A0F9000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: userenv.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\7f23b0fca235e2b8\BUILDS\Release\x64\avDump.pdbG source: CCleanerCrashDump.exe, 00000009.00000002.2559469510.00007FF66A0F9000.00000002.00000001.01000000.00000019.sdmp, CCleanerCrashDump.exe, 00000009.00000000.2543417283.00007FF66A0F9000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: winhttp.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntasn1.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gdi32full.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gdiplus.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dbghelp.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gdi32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: profapi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dhcpcsvc6.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WindowsCodecs.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dnsapi.pdbQ; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WLDP.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sechost.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dpapi.pdb;1 source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: propsys.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winhttp.pdbl; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: fastprox.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wbemsvc.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mstask.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ncryptsslp.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\3ec84b7238d5b18a\BUILDS\Release\x86\AvastAdSDK_Release Static.pdb source: lw2HMxuVuf.exe, 00000000.00000002.2823648359.000000006B7E5000.00000002.00000001.01000000.0000000A.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msctf.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: version.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dbgcore.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: user32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winmm.pdb'A source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Kernel.Appcore.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: fwpuclnt.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: cryptbase.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bcryptprimitives.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\c1dae475bef2edc0\bin_x86\v143\Release Static\neutral\pfBL_link.pdb#@ source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: ntdll.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2557982481.000001A4341F0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Amsi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msctf.pdbj; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: oleaut32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dxgi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: apphelp.pdb.1 source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: comctl32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wbemprox.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: crypt32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Contains functionality to dynamically determine API calls

Source: C:\Program Files\CCleaner\CCUpdate.exe

Code function: 7_2_009CBC3B __EH_prolog3_GS,GetCommandLineW,GetSystemTime,GetDateFormatW,GetTimeFormatW,GetVersionExW,GetLastError,GetNativeSystemInfo,CallNtPowerInformation,GlobalMemoryStatusEx,GetCurrentProcess,GetSystemDirectoryW,GetLastError,LoadLibraryW,GetProcAddress,FreeLibrary,GetSystemWow64DirectoryW,GetModuleFileNameW,GetFileAttributesExW,GetPrivateProfileStringW,GetPrivateProfileSectionW,CreateDirectoryW,GetTempPathW,GetCurrentDirectoryW,

7_2_009CBC3B

Uses code obfuscation techniques (call, push, ret)

Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A2C09B push ecx; ret	7_2_00A2C0B0
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A06960 push ecx; ret	7_2_00A06973
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: 9_2_00007FF669EFC8A1 push rbp; iretd	9_2_00007FF669EFC8A2

Persistence and Installation Behavior

Contains functionality to infect the boot sector

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Code function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive	0_2_6B74CFD0
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Code function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,CloseHandle, \\.\PhysicalDrive	0_2_6B74D340
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Code function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,CloseHandle, \\.\PhysicalDrive	0_2_6B74D740
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u	7_2_009F2870
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u	7_2_009F2AF0
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u	7_2_009F2E10

Drops PE files

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-3098.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1030.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\CCleaner64.exe	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\pfUI.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1065.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1081.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1055.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1065.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1030.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\libwaheap.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1049.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1057.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\uninst.exe	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\p\pfBL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-5146.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1040.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-5146.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1059.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1032.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1049.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\CCleanerPerformanceOptimizer.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\UserInfo.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1063.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1045.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1093.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1053.dll	Jump to dropped file
Source: C:\Program Files\CCleaner\CCleaner64.exe	File created: C:\Program Files\CCleaner\gcapi_dll.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1040.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1050.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1071.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1037.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1034.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1081.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1067.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1029.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ButtonEvent.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1042.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1043.dll	Jump to dropped file
Source: C:\Program Files\CCleaner\CCleaner64.exe	File created: C:\Program Files\CCleaner\gcapi_17324469042992.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1086.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1035.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1060.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1052.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1026.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1025.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1068.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1035.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\p\ServiceUninstaller.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-2052.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-2070.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1052.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\libwalocal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1031.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1037.dll	Jump to dropped file
Source: C:\Program Files\CCleaner\CCleaner64.exe	File created: C:\Program Files\CCleaner\gcapi_1732446922760.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1061.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1155.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1087.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1057.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1044.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1071.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\CCleanerBugReport.exe	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1041.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1027.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\a\asdk.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1067.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1054.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1029.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1059.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-3098.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1046.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\libwaapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1063.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1050.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1090.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1093.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\CCUpdate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1048.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\CCleanerReactivator.exe	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1102.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1038.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1110.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1056.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\libwavmodapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\libwaresource.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1066.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1031.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1090.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1155.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1102.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1048.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-2074.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1110.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1056.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1066.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1092.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1079.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1062.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1036.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-2074.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1058.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1028.dll	Jump to dropped file
Source: C:\Program Files\CCleaner\CCUpdate.exe	File created: C:\Program Files\CCleaner\Setup\92a778af-76d6-4186-8535-ae66d08f623f.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\libwautils.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-9999.dll	Jump to dropped file
Source: C:\Program Files\CCleaner\CCleaner64.exe	File created: C:\Program Files\CCleaner\gcapi_17324469293276.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1046.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1051.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1104.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1041.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1054.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1109.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1034.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1051.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-2052.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1036.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1061.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1079.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1086.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1087.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1060.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1026.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1027.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\g\gcapi_dll.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1044.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1053.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1043.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-2070.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1104.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1092.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-9999.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\nsProcess.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1109.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1042.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1025.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\CCleanerReactivator.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1062.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\CCleanerDU.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\CCleaner.exe	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1032.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1038.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1045.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1058.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1068.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\INetC.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1055.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1028.dll	Jump to dropped file

Source: C:\Program Files\CCleaner\CCUpdate.exe

7_2_009CBC3B

Boot Survival

Contains functionality to infect the boot sector

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Code function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive	0_2_6B74CFD0
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Code function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,CloseHandle, \\.\PhysicalDrive	0_2_6B74D340
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Code function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,CloseHandle, \\.\PhysicalDrive	0_2_6B74D740
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u	7_2_009F2870
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u	7_2_009F2AF0
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u	7_2_009F2E10

Creates job files (autostart)

Source: C:\Program Files\CCleaner\CCleaner64.exe

File created: C:\Windows\Tasks\CCleanerCrashReporting.job

Jump to behavior

Creates or modifies windows services

Source: C:\Program Files\CCleaner\CCleaner64.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Program Files\CCleaner\CCUpdate.exe

7_2_009D206A

Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CCleaner Smart Cleaning
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CCleaner Smart Cleaning

Hooking and other Techniques for Hiding and Protection

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key monitored for changes: HKEY_CURRENT_USER\SOFTWARE
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key monitored for changes: HKEY_CURRENT_USER\SOFTWARE
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: 0000000E.00000003.2795690252.000001479DB6B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.2789770376.000001479CAF6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Found stalling execution ending in API Sleep call

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

Stalling execution: Execution stalls by calling Sleep

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCUpdate.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCUpdate.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Memory allocated: 4710000 memory reserve \| memory write watch
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Memory allocated: 4C60000 memory reserve \| memory write watch
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Memory allocated: 4A80000 memory reserve \| memory write watch
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Memory allocated: 4CC0000 memory reserve \| memory write watch
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Memory allocated: 5000000 memory reserve \| memory write watch
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Memory allocated: 4E50000 memory reserve \| memory write watch
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Memory allocated: 244784C0000 memory reserve \| memory write watch
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Memory allocated: 24478640000 memory reserve \| memory write watch
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Memory allocated: 1F905F00000 memory reserve \| memory write watch
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Memory allocated: 1F91E0D0000 memory reserve \| memory write watch

Contains capabilities to detect virtual machines

Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened / queried: C:\Program Files\VMware\VMware Horizon View Client
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened / queried: C:\Program Files (x86)\VMware\VMware Player
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened / queried: C:\Program Files\VMware\VMware Workstation
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened / queried: C:\Program Files\Hyper-V\
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened / queried: C:\Program Files\VMware\VMware Player
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened / queried: C:\Program Files (x86)\VMware\VMware Horizon View Client
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened / queried: C:\Program Files (x86)\VMware\VMware Workstation

Contains long sleeps (>= 3 min)

Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 900000
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899775
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899617
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899495
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899109
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 898952
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 898532
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 898034
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 897385
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 900000
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899853
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899725
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899622
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899139
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 900000
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899764
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899569
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899419
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899297
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899056
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898814
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898126
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 897860
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 897652
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 897442
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 897298
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 897165
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 896999
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 896798
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 896610
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 896454
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 896266
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 895735
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 895553
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 895405
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 895275
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 895058
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894934
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894823
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894703
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894587
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894406
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894291
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894172
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894054
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 900000
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899836
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899620
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899495
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899385
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899265
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899149
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898968
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898852
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898748
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898639
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898529
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898420
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898310
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898172
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898027
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Program Files\CCleaner\CCleaner64.exe	Window / User API: threadDelayed 624
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Window / User API: threadDelayed 1034
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Window / User API: threadDelayed 481
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Window / User API: threadDelayed 1873
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 801
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Window / User API: threadDelayed 1764
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2610

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-3098.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1030.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\pfUI.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1065.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1081.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1055.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1065.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1030.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1049.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1057.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\uninst.exe	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\p\pfBL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-5146.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1040.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-5146.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1059.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1032.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1049.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\UserInfo.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1063.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1045.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1093.dll	Jump to dropped file
Source: C:\Program Files\CCleaner\CCleaner64.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\gcapi_dll.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1053.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1040.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1050.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1071.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1037.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1034.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1081.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1067.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1029.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ButtonEvent.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1042.dll	Jump to dropped file
Source: C:\Program Files\CCleaner\CCleaner64.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\gcapi_17324469042992.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1043.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1086.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1035.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1060.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1052.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1026.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1025.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1068.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1035.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\p\ServiceUninstaller.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-2052.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-2070.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\libwalocal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1052.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1031.dll	Jump to dropped file
Source: C:\Program Files\CCleaner\CCleaner64.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\gcapi_1732446922760.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1037.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1061.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1155.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1087.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1057.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1044.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1071.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1041.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1027.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1067.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\a\asdk.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1029.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1054.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1059.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-3098.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\libwaapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1046.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1063.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1050.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1090.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1093.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1048.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\CCleanerReactivator.exe	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1102.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1038.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1110.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1056.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\libwavmodapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\libwaresource.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1066.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1031.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1090.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1155.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1102.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1048.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-2074.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1110.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1056.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1092.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1066.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1079.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1062.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1036.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-2074.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1058.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1028.dll	Jump to dropped file
Source: C:\Program Files\CCleaner\CCUpdate.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Setup\92a778af-76d6-4186-8535-ae66d08f623f.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-9999.dll	Jump to dropped file
Source: C:\Program Files\CCleaner\CCleaner64.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\gcapi_17324469293276.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1046.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1051.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1104.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1041.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1054.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1109.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1034.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1051.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-2052.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1036.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1061.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1079.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1086.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1087.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1060.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1026.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1027.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\g\gcapi_dll.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1044.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1053.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1043.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1104.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-2070.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-9999.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1092.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\nsProcess.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1109.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1042.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1025.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\CCleanerReactivator.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1062.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\CCleanerDU.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1038.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1032.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1045.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1068.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\INetC.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1058.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1055.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1028.dll	Jump to dropped file

Found evasive API chain (may stop execution after accessing registry keys)

Source: C:\Program Files\CCleaner\CCUpdate.exe

Evasive API call chain: RegQueryValue,DecisionNodes,Sleep

Found evasive API chain (may stop execution after checking a module file name)

Source: C:\Program Files\CCleaner\CCUpdate.exe

Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep

Found evasive API chain checking for process token information

Source: C:\Program Files\CCleaner\CCUpdate.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

Found large amount of non-executed APIs

Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe

API coverage: 7.0 %

Is looking for software installed on the system

Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe TID: 5624	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe TID: 6448	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe TID: 6448	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe TID: 5500	Thread sleep time: -60000s >= -30000s
Source: C:\Program Files\CCleaner\CCleaner64.exe TID: 6152	Thread sleep time: -60000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 5492	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\CCleaner\CCleaner64.exe TID: 7752	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\CCleaner\CCleaner64.exe TID: 6112	Thread sleep count: 105 > 30
Source: C:\Program Files\CCleaner\CCleaner64.exe TID: 3536	Thread sleep count: 59 > 30
Source: C:\Program Files\CCleaner\CCleaner64.exe TID: 6112	Thread sleep count: 180 > 30
Source: C:\Program Files\CCleaner\CCUpdate.exe TID: 7176	Thread sleep time: -90000s >= -30000s
Source: C:\Program Files\CCleaner\CCUpdate.exe TID: 7176	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\CCleaner\CCleaner64.exe TID: 616	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 2132	Thread sleep count: 1034 > 30
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 7964	Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 7964	Thread sleep time: -900000s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 7964	Thread sleep time: -899775s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 7964	Thread sleep time: -899617s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 7964	Thread sleep time: -899495s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 7964	Thread sleep time: -899109s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 7964	Thread sleep time: -898952s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 7964	Thread sleep time: -898532s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 7964	Thread sleep time: -898034s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 7964	Thread sleep time: -897385s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 6484	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 6468	Thread sleep count: 481 > 30
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 3920	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 3920	Thread sleep time: -900000s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 3920	Thread sleep time: -899853s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 3920	Thread sleep time: -899725s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 3920	Thread sleep time: -899622s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 3920	Thread sleep time: -899139s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 6084	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 6500	Thread sleep count: 1873 > 30
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -3689348814741908s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -900000s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -899764s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -899569s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -899419s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -899297s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -899056s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -898814s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -898126s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -897860s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -897652s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -897442s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -897298s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -897165s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -896999s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -896798s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -896610s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -896454s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -896266s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -895735s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -895553s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -895405s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -895275s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -895058s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -894934s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -894823s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -894703s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -894587s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -894406s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -894291s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -894172s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -894054s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 6368	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\CCleaner\CCleaner64.exe TID: 7532	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7072	Thread sleep count: 801 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7248	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6416	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7988	Thread sleep count: 1764 > 30
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -5534023222112862s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -900000s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -899836s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -899620s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -899495s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -899385s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -899265s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -899149s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -898968s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -898852s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -898748s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -898639s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -898529s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -898420s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -898310s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -898172s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -898027s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 3352	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6760	Thread sleep count: 2610 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6392	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2072	Thread sleep time: -1844674407370954s >= -30000s

Queries disk information (often used to detect virtual machines)

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

File opened: PhysicalDrive0

Jump to behavior

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select UUID from win32_computersystemproduct
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PCSystemType,Domain from win32_computersystem

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Program Files\CCleaner\CCleaner64.exe	Last function: Thread delayed
Source: C:\Program Files\CCleaner\CCleaner64.exe	Last function: Thread delayed

Uses the system / local time for branch decision (may execute only at specific dates)

Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009C7F44 GetSystemTime followed by cmp: cmp esi, 06h and CTI: je 009C80A4h	7_2_009C7F44
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009C7F44 GetSystemTime followed by cmp: cmp esi, 05h and CTI: je 009C80A4h	7_2_009C7F44
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009C7F44 GetSystemTime followed by cmp: cmp esi, 04h and CTI: je 009C80A4h	7_2_009C7F44
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009C7F44 GetSystemTime followed by cmp: cmp esi, 03h and CTI: je 009C80A4h	7_2_009C7F44
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009C7F44 GetSystemTime followed by cmp: cmp esi, 02h and CTI: je 009C80A4h	7_2_009C7F44

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009CF00C __EH_prolog3_GS,FindFirstFileW,SetFileAttributesW,DeleteFileW,GetLastError,Sleep,FindNextFileW,SetFileAttributesW,RemoveDirectoryW,GetLastError,FindClose,	7_2_009CF00C
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A25B9E FindFirstFileExW,	7_2_00A25B9E
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009E0B37 __EH_prolog3_GS,FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,	7_2_009E0B37

Source: C:\Program Files\CCleaner\CCUpdate.exe

Code function: 7_2_009EF2A0 GetSystemInfo,GetVersionExW,GetVersionExW,RtlGetVersion,GetModuleHandleW,GetProcAddress,RtlGetVersion,

7_2_009EF2A0

Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 900000
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899775
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899617
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899495
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899109
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 898952
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 898532
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 898034
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 897385
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 900000
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899853
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899725
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899622
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899139
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 900000
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899764
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899569
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899419
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899297
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899056
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898814
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898126
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 897860
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 897652
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 897442
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 897298
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 897165
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 896999
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 896798
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 896610
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 896454
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 896266
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 895735
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 895553
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 895405
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 895275
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 895058
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894934
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894823
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894703
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894587
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894406
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894291
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894172
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894054
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 900000
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899836
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899620
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899495
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899385
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899265
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899149
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898968
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898852
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898748
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898639
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898529
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898420
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898310
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898172
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898027
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: onLicenseKeyisPreviousAvailablegetKeyboardLanguageonManageSubscriptiononActivateNewKeyonAlphaUserInfoonBackToCCleaneronPasteKeyonUserNameactivateconfirmrequestCompanyNameEmailCOptionsLicenseSciterCtrl::onPasteKeyCOptionsLicenseSciterCtrl: the license key couldn't be pasted - no key on the clipboardSetUserNamesetManageLicenseContextEnablePasteSetLicenseKeyfile://LicenseUserInfo.htmfile://LicenseAlphaUserInfo.htmStopWaitingfile://LicenseKeyActivation.htmtracknameStartWaitingSurnamemessageautoExtensionsubscriptionManagementdaysLeftexpiryDatelicenseKeylicenseTypefile://LicenseRegistered.htmfile://ManageLicense.htmdataUpdatedLicenseKey_ManageSubscriptionSoftware\Microsoft\Internet Explorer\SettingsAnchor ColorAnchor Color Visitedtooltips_class32static<A></A>TahomaREQUEST_EVENTS_WINDOW_MESSAGE1COMBOBOXShowOffers3rdPartyHelp improve CCleaneruntickOptions/PrivacyShowOffers1stPartytick/MONITORenable automatic updatesOptions/Updatesenable new version notificationCCleaner Smart CleaningVMware Horizon ClientSoftware\Piriform\CCleanerTaskbarSetProgressStateTaskbarSetProgressValueconfig.def()ACTIVATION_EVENTS_WINDOW_MESSAGEignoreprogramIDcommandError: [Named Pipes] CCleaner::DbgLogger::LogDebug: Trace: Info: Warning: ProgramFolderDataFolderDumpReportingCCleanerCrashDump.exetemp.defSetup[common]Exception installing Crash HandlerCrash Handler installed with result: Exception while creating new directoryCreate LOG subfolderInitialize Crash Handler[CrashSupport] Piriform::CrashSupport::InitializeCrashHandlerException occured when writing to a config file
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: FileKey4=%LocalAppData%\VMware\|*.log
Source: CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: %sApple Mobile Device Serviceoutlook.exeShowEdgePreloadingWarningShowNoxplayerCleanSuspendedWarningvideopad.exeNoxVMSVC.exeNoxVMHandle.exeShowActionCleanSuspendedWarningShowVideoPadVideoEditorCleanSuspendedWarningActionLauncher.exepostbox.exeShowPostboxCleanSuspendedWarningTeraBox.exeShowTeraBoxCleanSuspendedWarningNox.exeMultiPlayerManager.exeOpenVPNConnect.exeShowOpenVPNConnectCleanSuspendedWarningGoTo.exeShowGoToMeetingCleanSuspendedWarningrecorder.exeShowIcecreamScreenRecorderCleanSuspendedWarningiTopPDF.exeShowiTopPDFCleanSuspendedWarningui32.exeShowWallpaperEngineCleanSuspendedWarningShowBlueJeansCleanSuspendedWarningBox.exeShowBitCometCleanSuspendedWarningBlueJeans.exeBox Local Com Service.exeShowBoxEditCleanSuspendedWarningShowBoxDriveCleanSuspendedWarningBox Edit.exevmware-view.exevmwetlm.exeShowVNCViewerCleanSuspendedWarninghorizon_client_service.exeShowCalibreCleanSuspendedWarningBitComet.exeShowVMwareHorizonClientCleanSuspendedWarningcalibre-parallel.exeShowCyberLinkYouCam10CleanSuspendedWarningnextcloud.exeYouCam10.exeYouCamService10.exeShowPlexHTPCCleanSuspendedWarningvncviewer.exeShowNextcloudDesktopClientCleanSuspendedWarningPlex HTPC.exeShowCutePDFCleanSuspendedWarningXmind.exeShowGoodSyncCleanSuspendedWarningCutePDFE.exePlexScriptHost.exeShowPlexMediaServerCleanSuspendedWarningShowXmindCleanSuspendedWarningPlex Media Server.exeShowZoomCleanSuspendedWarningccsa.exeShoWYoutuPlayCleanSuspendedWarningZoom.exeShowCorelPaintShopProCleanSuspendedWarningGoodSync.exeShowCodeCompareCleanSuspendedWarningCorel PaintShop Pro.exeShowMessengerCleanSuspendedWarningCiscoCollabHost.exeShowWPSOfficeCleanSuspendedWarningMessenger.exeShowDouyinCleanSuspendedWarningYouTubePlayer.UWP.exeShowWebexCleanSuspendedWarningDouyin.exeDb.App.exeShowDrawboardPDFCleanSuspendedWarningLINE.exeShowLineCleanSuspendedWarningShowCapCutCleanSuspendedWarningwps.exeCapCut.exeparfait_crash_handler.exerealplay.exeShowRealPlayerCleanSuspendedWarningShowOneDriveCleanSuspendedWarningShowSkypeCleanSuspendedWarningClipchamp.exeShowClipchampCleanSuspendedWarningresso.exeShowRessoCleanSuspendedWarningAppleMobileDeviceProcess.exeiCloud.exesecd.exeAppleFirefoxHost.exeShowTeamsCleanSuspendedWarningShowiCloudCleanSuspendedWarningTeams.exeiCloudPhotos.exeiCloudDrive.exeiCloudServices.exeiCloudIE.exeAppleIEDAV.exeAPSDaemon.exeiCloudFirefox.exeApplePhotoStreams.exeMicrosoft.Photos.exeShowMicrosoftPhotosCleanSuspendedWarningDiscord.exeShowDiscordCleanSuspendedWarningiCloudPrefs.exeiCloudCKKS.exeMicrosoft.Notes.exeShowMicrosoftStickyNotesCleanSuspendedWarningDolbyAccess.exeShowDolbyAccessCleanSuspendedWarningShowMicrosoftToDoCleanSuspendedWarningAcrobat.exeShowAdobeAcrobatReaderCleanSuspendedWarningTelegram.exeShowTelegramCleanSuspendedWarningShowAmazonPrimeCleanSuspendedWarningShowSlackCleanSuspendedWarningShowItunesCleanSuspendedWarningShowWhatsAppCleanSuspendedWarningShowAmazonMusicCleanSuspendedWarningShowNortonBrowserCleanSuspendedWarningShowAviraBrowserCleanSuspendedWarningShowAvas
Source: lw2HMxuVuf.exe, 00000000.00000002.2802095777.000000006B047000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: CCREMOVESELFRECURSEActionLauncher.exevideopad.exeNoxVMHandle.exeNoxVMSVC.exeMultiPlayerManager.exeNox.exeOpenVPNConnect.exepostbox.exeTeraBox.exeiTopPDF.exeui32.exeGoTo.exerecorder.exeBox Local Com Service.exeBox Edit.exeBox.exeBlueJeans.exeBitComet.execalibre-parallel.exevmwetlm.exevmware-view.exehorizon_client_service.exevncviewer.exePlex HTPC.exenextcloud.exeYouCamService10.exeYouCam10.exePlexScriptHost.exePlex Media Server.exeXmind.exeCutePDFE.exeGoodSync.exeCorel PaintShop Pro.execcsa.exeZoom.exeYouTubePlayer.UWP.exeDouyin.exeCiscoCollabHost.exeMessenger.exewps.exeparfait_crash_handler.exeCapCut.exeDb.App.exeLINE.exeClipchamp.exeresso.exerealplay.exeSkype.exeFileCoAuth.exeOneDrive.exeTeams.exeiCloud.exeAppleMobileDeviceProcess.exeAppleFirefoxHost.exesecd.exeAPSDaemon.exeAppleIEDAV.exeApplePhotoStreams.exeiCloudFirefox.exeiCloudDrive.exeiCloudPhotos.exeiCloudIE.exeiCloudServices.exeiCloudCKKS.exeiCloudPrefs.exeMicrosoft.Notes.exeMicrosoft.Photos.exeDiscord.exeAcrobat.exeTelegram.exeprimevideo.exeDolbyAccess.exeTodo.exeWhatsApp.exeAppleMobileDeviceService.exeiTunes.exeAmazon Music Helper.exeAmazon Music.exeslack.exe:a3yn
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: FileKey6=%LocalAppData%\Temp\|VMware_Horizon_Client*.log
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: [VMware Horizon Client]
Source: lw2HMxuVuf.exe, 00000000.00000002.2794685834.0000000003D10000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2213470711.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2222945307.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2794848571.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2766117669.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000002.2560641566.00000197BBF72000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000002.2562103985.00000197BE4BD000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000003.2534004735.0000000000D17000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000003.2571029060.0000000000D15000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000003.2533875197.0000000000D15000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: Username: CCleaner CApplication::EnableLogging/monitoring/options/registry/tools/cleaner/log/cleanie/updatefailed/register/createskipuac/scanreg/ccupdate/ccinfo/export/scheduling/advanced /[l\|L][i\|I][s\|S][t\|T] +"?{[^"]+})(/[s\|S][y\|Y][s\|S][r\|R][e\|E][s\|S][t\|T][o\|O][r\|R][e\|E] +{[0-9]+})/sysrestoreMonitor ApplicationCApplication::ParseCommandlineArguments/unregister( [k\|K][e\|E][y\|Y]=+?"{[^"]+})( [n\|N][a\|A][m\|M][e\|E]=+?"{[^"]+})NumOfIssueDetectedDriversNumOfUpToDateDriversPiriformRegistration/manualupdatefromtoaster/issues/du/restoreccb/restoreccbSmartClean:BrowserAlertsSmartClean:JunkAlertsSmartCleanAutoUpdatesUpdateNotificationsActivationoffonLikelyVirtualMachinecc6 research - Detectioncc6 researchDetectionwebview2 :: IsElevatedIsAdminSkipUAC/CLEANER/AUTOJLGamerScoreVersionGamerScoreStartupgui openmonitoringccleaner startup eventCCInfo.txt3.18.17083.19.ShowTrialDiscountOfferUninstall.lnkuninst.exe/OPTIONS/TOOLSTLS1.2TLS1.1OS={}
Source: CCUpdate.exe, 00000007.00000003.2534004735.0000000000D17000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000003.2571029060.0000000000D15000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000003.2533875197.0000000000D15000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000003.2571262365.0000000000D17000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000D15000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-GBn
Source: CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: hardware accelerated execution managerputtypostgrespgadminoraclevagrantxmingsdknetbeansgithubsourcetreeslackiis * expressiis express application compatibility databasemicrosoft sql server management studiovmwareapache tomcatglassfishsublime text*tortoisesvnszProductVerszInstallDateTime.txt_32settingsextended_expiry_dtnum_licensesSOFTWARE\McAfee\DesktopProtection
Source: lw2HMxuVuf.exe, 00000000.00000002.2798020466.0000000005470000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: @wgencounter.inf,%GenCounter.SVCDESC%;Microsoft Hyper-V Generation Counter
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: DetectFile1=%ProgramFiles%\VMware\VMware Horizon View Client
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: FileKey6=%ProgramFiles%\VMware\VMware Workstation\ico\|*.ico
Source: lw2HMxuVuf.exe, 00000000.00000002.2798020466.0000000005470000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: @virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: FileKey3=%ProgramData%\VMware\VDM\logs\|.
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: FileKey2=%ProgramData%\VMware\VDM\logs\|.
Source: CCleaner64.exe, 00000005.00000002.2560641566.00000197BBF3B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Horizon Client$
Source: CCUpdate.exe, 00000007.00000003.2533875197.0000000000CED000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000CEF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8T
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: [VMware Player]
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: DetectFile1=%ProgramFiles%\VMware\VMware Player
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: DetectFile1=%ProgramFiles%\VMware\VMware Workstation
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: [VMware Workstation]
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: FileKey4=%LocalAppData%\VMware\VDM\logs\|.
Source: CCleaner64.exe, 00000005.00000002.2560641566.00000197BBF3B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Horizon Client^
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: FileKey4=%LocalAppData%\Temp\vmware-\|.*
Source: lw2HMxuVuf.exe, 00000000.00000003.2258418784.0000000006140000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ZeqHGFSQN=HME31
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: FileKey5=%LocalAppData%\Temp\vmware-\|.*
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: FileKey5=%ProgramFiles%\Common Files\VMware\InstallerCache\|.
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: [pythonjava se development kitxamarinwinscpmicrosoft azuremicrosoft r clientbkchemcronosvisual c++ for mobile developmentmysql connector c++microsoft visual c++ build toolsdev-c++cmaketrafico de faunamm7270gnu privacy guarde-readerkokoriginga.arlabcamforcepadkhi3maximamicrosoft emulatorgapminderavidemuxscilabversion imagensongsmithmodellusfusioninventorypilas-enginealice applicationeqtablajetbrainsgit versionmysqlprerequisites for ssdtnode.jsandroid studiowinpcapunityxamppatomblenderarduinonetbeansgithubsourcetreeslackoraclevagrantxmingsdkapache tomcatglassfishsublime texttortoisesvn*iis expressiis express application compatibility databasemicrosoft sql server management studiovmwaremicrosoft system clr types for sql server*microsoft .net framework multi-targeting pack*microsoft sql server management objectswindows software development kitnotepad++*microsoft sql server transact-sql scriptdom*microsoft sql server express localdb*microsoft visual studio shell**intel
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: DetectFile2=%ProgramFiles%\VMware\VMware Workstation
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: FileKey3=%LocalAppData%\Temp\vmware-\|.*
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: LikelyVirtualMachine
Source: CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: Update config.def file under Piriform::CrashSupport::UpdateConfigFileException occured when creating config.def file with [common] values from ShepherdCreate config.def file under Piriform::CrashSupport::CreateConfigFile --guid " --programpath " --path " --send dumps\|report--product 90Exception while checking if config folder existsGet crash config from config.def filePiriform::CrashSupport::ReadConfigFiledisabledenabledCrash Reporting scheduled task Piriform::CrashSupport::UpdateCrashReportingTaskStatus\CCleanerBugReport.exe Piriform::CrashSupport::CrashReportParameters --silent --version "Add crash reporting scheduled task which runs daily crash reporting scheduled task - error when loading crash reporting scheduled task - error when saving: disabled enabledFailed to 4141FCD7-B506-4916-8EC4-D38E4373F47AF9FD4EDF-1129-4DBC-9A8C-9EE7271FBE7Etrial-source-none17191109A435FAA9-2311-4E23-B944-096D54E9DB317F4CCD0B-B3BE-4FD2-9A26-A0299FDE418B78E68749-DE5B-404A-9B44-7A5AEDED1CFCF16A9578-E0E4-4EA7-8FD7-E91C0061A9FD103134healthcheckNF-trial-offer17931017softwareupdater-trial-offer17101108198050performanceOptimizer-trial-offer165286436driverupdater-trial-offer952accountmanager-start-trial-offer1121accountmanager-trial-offer199437options-trial-offer1993optionsabout-trial-offer44schedulervalidation-trial-offer171540schedulerhomescreen-trial-offer171410503920customclean-trial-offer1927106145clouddrivecleaner-trial-offer20291131healthcheck-direct-30d-trial-offer2012onboarding-trial-offer1937108147upgradebutton-trial-offer1940109148healthcheck-interstitial-60d-trial-offer2013healthcheck-interstitial-30d-trial-offer2011healthcheck-direct-60d-trial-offer2014toaster-offer1929107146healthcheck-banner-offer1943Application EndedCApplication::~CApplicationhttp_proxy_loader.dllSendMessageToMainApp: Sending message, action: SendMessageToMainApp: Opened main application window, waiting for it to openSendMessageToMainApp: Cannot send message, invalid data or from wrong flowCApplication::SendMessageToMainApplication /debug %dPrevious CountBroken CountError type/autojl()Scripting/autojlRun CCleaner/autorb/monitorSendMessageToMainApp: Could not find main application window/auto/shutdown/shutdown/auto/autosc/autosc/autos/autos/update/method/delete/method %d/method/delete/restart/restartSYSTEM\CurrentControlSet\Control\SystemInformationOpen CCleaner/frb/analyze/analyze/clean/clean/updateParallels ARM Virtual MachineGoogleGoogle Compute EngineCloud PC EnterpriseMicrosoft CorporationVirtual Machineinnotek GmbHVirtualBoxCOOLHOUSING s.r.o.Virtual serverQEMUQEMU Virtual MachineParallelsParallels Software International Inc.Parallels Virtual PlatformParallels International GmbH.UpCloudTencent CloudVMware, Inc.Amazon EC2Baidu CloudBaidu Cloud BCCAlibaba CloudAlibaba Cloud ECSVirtual ServerVirtual PlatformSystemProductNameSystemManufacturerVultrVirtuozzoQuanta Cloud Technology Inc.ThinCloud/updatesuccess/uac/debugApplication Started
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: VMware Horizon Client
Source: lw2HMxuVuf.exe, 00000000.00000002.2802095777.000000006B047000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: %s%slang\lang-.dlllang-%s\%s%d%siexploreshell32SHQueryRecycleBinWSHUpdateRecycleBinIcon.exe(null)VMware Horizon ClientSELECT FROM __InstanceDeletionEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'" - %lldBad optional accessCCleanerSkipUACCCleaner"*64.exe64.Software\Microsoft\Windows\CurrentVersion\RunEVENTS_WINDOW_MESSAGEUnmatched '}' in format string.winsyswinappwinregFILEPATHREGFIREFOXCHROMETHUNDERBIRDOPERACCLEANERVIVALDIBRAVEOPERAGXSPOTIFYAVASTSECUREBROWSERARCIncludeExcludeCustomLocationFinderIncludeFinderExcludeinfnan(ind)nannan(snan)Invalid format string.Unknown format specifier.Missing '}' in format string.Can not switch from manual to automatic indexingFormat specifier requires numeric argument.Can not switch from automatic to manual indexingInvalid type specification.Invalid presentation type specifierInvalid presentation type for boolInvalid presentation type for charInvalid presentation type for integerInvalid presentation type for floating-pointInvalid presentation type for stringInvalid presentation type for pointerModifier requires an integer presentation type for bool0e+00Number is too biginvalid fill character '{'Missing precision specifier.Invalid fill (too long).Precision not allowed for this argument type.Argument not found.String pointer is null.integral cannot be stored in char0b0B0x0X0\t\t\n\n\r\r\\\\\u{\u{\x{\x{Number is too big.Width is not an integer.Negative width.Precision is not an integer.Negative precision.
Source: lw2HMxuVuf.exe, 00000000.00000002.2798020466.0000000005470000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: @wvpci.inf,%vpci.SVCDESC%;Microsoft Hyper-V Virtual PCI Bus0
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: FileKey1=%ProgramData%\VMware\logs\|.
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: VMware Player
Source: lw2HMxuVuf.exe, 00000000.00000002.2798020466.0000000005470000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: @wvmgid.inf,%VmGid.SVCDESC%;Microsoft Hyper-V Guest Infrastructure Driverice
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: FileKey3=%ProgramData%\VMware\vmwetlm\logs\|.
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: VMware Workstation
Source: lw2HMxuVuf.exe, 00000000.00000002.2798020466.0000000005470000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: @wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator
Source: CCleanerBugReport.exe, 0000000B.00000003.2555480964.000001D24E891000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:g
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: FileKey2=%Program Files%\VMware\VMware Player\ico\|.
Source: CCleaner64.exe, 00000005.00000002.2562103985.00000197BE4BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWYcr

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Checks if the current process is being debugged

Source: C:\Program Files\CCleaner\CCleaner64.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Process queried: DebugPort
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process queried: DebugPort
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process queried: DebugPort
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process queried: DebugPort
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process queried: DebugPort
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process queried: DebugPort
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process queried: DebugPort
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process queried: DebugPort

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe

Code function: 9_2_00007FF66A061C20 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,LdrUnlockLoaderLock,

9_2_00007FF66A061C20

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Program Files\CCleaner\CCUpdate.exe

Code function: 7_2_00A0661F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

7_2_00A0661F

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Source: C:\Program Files\CCleaner\CCUpdate.exe

Code function: 7_2_009CE1E7 __EH_prolog3_catch_GS,GetSystemTime,GetCurrentProcessId,CreateFileW,GetLastError,Sleep,GetLastError,WriteFile,WriteFile,WriteFile,WriteFile,GetFileSizeEx,NtSetInformationFile,OutputDebugStringW,CloseHandle,

7_2_009CE1E7

Contains functionality to dynamically determine API calls

Source: C:\Program Files\CCleaner\CCUpdate.exe

7_2_009CBC3B

Contains functionality to read the PEB

Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A1F22C mov ecx, dword ptr fs:[00000030h]	7_2_00A1F22C
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A24602 mov eax, dword ptr fs:[00000030h]	7_2_00A24602
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A24646 mov eax, dword ptr fs:[00000030h]	7_2_00A24646

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Program Files\CCleaner\CCUpdate.exe

Code function: 7_2_009BA9D6 __EH_prolog3,GetProcessHeap,

7_2_009BA9D6

Enables debug privileges

Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug

Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A0600E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_00A0600E
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A0661F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_00A0661F
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A067AC SetUnhandledExceptionFilter,	7_2_00A067AC
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A0AA73 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_00A0AA73
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: 9_2_00007FF66A09ECE0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	9_2_00007FF66A09ECE0
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: 9_2_00007FF66A090684 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	9_2_00007FF66A090684

Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

Bypasses PowerShell execution policy

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -ExecutionPolicy Bypass "(Get-ItemProperty 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe').VersionInfo.FileDescription"

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe" /createSkipUAC	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process created: C:\Program Files\CCleaner\CCUpdate.exe "C:\Program Files\CCleaner\CCUpdate.exe" /reg	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe"	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe" /monitor
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /S /C ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -ExecutionPolicy Bypass "(Get-ItemProperty 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe').VersionInfo.FileDescription" > "C:\Users\user\AppData\Local\Temp\OPSBBCA.tmp" 2> "C:\Users\user\AppData\Local\Temp\OPSBBCB.tmp""
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -ExecutionPolicy Bypass "(Get-ItemProperty 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe').VersionInfo.FileDescription"
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /S /C ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -ExecutionPolicy Bypass "(Get-ItemProperty 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe').VersionInfo.FileDescription" > "C:\Users\user\AppData\Local\Temp\OPSD146.tmp" 2> "C:\Users\user\AppData\Local\Temp\OPSD147.tmp""
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -ExecutionPolicy Bypass "(Get-ItemProperty 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe').VersionInfo.FileDescription"

Source: C:\Program Files\CCleaner\CCUpdate.exe

Code function: 7_2_009CE871 __EH_prolog3,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,

7_2_009CE871

Source: C:\Program Files\CCleaner\CCUpdate.exe

Code function: 7_2_009D0058 GetCurrentProcess,OpenProcessToken,AllocateAndInitializeSid,GetTokenInformation,EqualSid,FreeSid,CloseHandle,

7_2_009D0058

Language, Device and Operating System Detection

Contains functionality to query CPU information (cpuid)

Source: C:\Program Files\CCleaner\CCUpdate.exe

Code function: 7_2_00A0643E cpuid

7_2_00A0643E

Contains functionality to query locales information (e.g. system language)

Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: EnumSystemLocalesW,	9_2_00007FF66A0BAC38
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: EnumSystemLocalesW,	9_2_00007FF66A0BAD08
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	9_2_00007FF66A0BB148
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: EnumSystemLocalesW,	9_2_00007FF66A0B2A44
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: GetLocaleInfoEx,FormatMessageA,	9_2_00007FF66A08FA80
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	9_2_00007FF66A0BB324
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	9_2_00007FF66A0BA8E8
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: GetLocaleInfoW,	9_2_00007FF66A0B2EDC

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\CC_logo_72x66.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\CC_Logo_40x96.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\PF_computer.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\event_manager.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\event_manager.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\DriverUpdEng.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\DriverUpdEngTask.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\su_telemetry.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\su_telemetry.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\su_controller.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\DriverUpdaterLib.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\DriverUpdEng.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\DriverUpdEngTask.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\event_manager.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\event_manager.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\event_manager.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\DriverUpdEng.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\DriverUpdEngTask.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\su_controller.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\su_telemetry.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\su_telemetry.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\su_telemetry.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\su_controller.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\su_adapter.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V0100006.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V0100006.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe	Queries volume information: C:\Program Files\CCleaner\LOG\event_manager.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe	Queries volume information: C:\Program Files\CCleaner\LOG\event_manager.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe	Queries volume information: C:\Program Files\CCleaner\LOG\event_manager.log VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Queries volume information: C:\Program Files\CCleaner\LOG\DumpProcess.log VolumeInformation

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

Code function: 0_2_6B794210 GetSystemTimes,

0_2_6B794210

Source: C:\Program Files\CCleaner\CCUpdate.exe

Code function: 7_2_00A25092 GetTimeZoneInformation,

7_2_00A25092

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

Code function: 0_2_6B74CFD0 GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle,

0_2_6B74CFD0

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Disables Windows system restore

Source: C:\Program Files\CCleaner\CCleaner64.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore SystemRestorePointCreationFrequency

AV process strings found (often used to terminate AV products)

Source: lw2HMxuVuf.exe	Binary or memory string: guardxkickoff.exe
Source: lw2HMxuVuf.exe, 00000000.00000003.2775079657.0000000003E37000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2771923430.0000000003E1E000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2783345897.0000000003E3A000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2772165852.0000000003E2F000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2781580724.0000000003E3A000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2795911206.0000000003E3A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AVKService.exe
Source: lw2HMxuVuf.exe, lw2HMxuVuf.exe, 00000000.00000002.2796059986.0000000003E54000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2769327001.0000000003E3F000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2776195650.0000000003E53000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avcenter.exe
Source: lw2HMxuVuf.exe	Binary or memory string: vsserv.exe
Source: lw2HMxuVuf.exe, 00000000.00000003.2769125944.0000000003F01000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2782233568.0000000003F01000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2796600283.0000000003F01000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: cfp.exe
Source: lw2HMxuVuf.exe, 00000000.00000002.2803313882.000000006B485000.00000002.00000001.01000000.0000000B.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000002.2566152433.00007FF7D8088000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: DetectFile1=%ProgramFiles%\Malwarebytes' Anti-Malware\mbam.exe
Source: lw2HMxuVuf.exe	Binary or memory string: dwengine.exe
Source: lw2HMxuVuf.exe	Binary or memory string: mcshield.exe
Source: lw2HMxuVuf.exe, 00000000.00000003.2769125944.0000000003F01000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2782233568.0000000003F01000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2796600283.0000000003F01000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vsmon.exe
Source: lw2HMxuVuf.exe	Binary or memory string: mcupdate.exe
Source: lw2HMxuVuf.exe	Binary or memory string: a2service.exe
Source: lw2HMxuVuf.exe, lw2HMxuVuf.exe, 00000000.00000002.2796004323.0000000003E40000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2781695830.0000000003E40000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2769327001.0000000003E3F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: guardxservice.exe
Source: lw2HMxuVuf.exe, lw2HMxuVuf.exe, 00000000.00000002.2796059986.0000000003E54000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2769327001.0000000003E3F000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2776195650.0000000003E53000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: bdagent.exe
Source: lw2HMxuVuf.exe, lw2HMxuVuf.exe, 00000000.00000003.2781540563.0000000003E63000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2796157960.0000000003E6A000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2769327001.0000000003E3F000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2776195650.0000000003E53000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: acs.exe
Source: lw2HMxuVuf.exe	Binary or memory string: cmdagent.exe
Source: lw2HMxuVuf.exe, 00000000.00000003.2769125944.0000000003F01000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2782233568.0000000003F01000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2796600283.0000000003F01000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: MSASCui.exe
Source: lw2HMxuVuf.exe	Binary or memory string: avguard.exe
Source: lw2HMxuVuf.exe, lw2HMxuVuf.exe, 00000000.00000002.2796059986.0000000003E54000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2769327001.0000000003E3F000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2776195650.0000000003E53000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: BullGuard.exe
Source: lw2HMxuVuf.exe	Binary or memory string: dwservice.exe
Source: lw2HMxuVuf.exe, 00000000.00000003.2769125944.0000000003F01000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2782233568.0000000003F01000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2796600283.0000000003F01000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avp.exe
Source: lw2HMxuVuf.exe, lw2HMxuVuf.exe, 00000000.00000002.2796059986.0000000003E54000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2769327001.0000000003E3F000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2776195650.0000000003E53000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avgcsrvx.exe
Source: lw2HMxuVuf.exe, lw2HMxuVuf.exe, 00000000.00000002.2796059986.0000000003E54000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2769327001.0000000003E3F000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2776195650.0000000003E53000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ClamTray.exe
Source: lw2HMxuVuf.exe	Binary or memory string: avgnsx.exe
Source: lw2HMxuVuf.exe	Binary or memory string: a2start.exe
Source: lw2HMxuVuf.exe	Binary or memory string: avgnt.exe
Source: lw2HMxuVuf.exe	Binary or memory string: a2guard.exe
Source: lw2HMxuVuf.exe, 00000000.00000003.2772473215.0000000003E27000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2771923430.0000000003E1E000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2781630779.0000000003E2A000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2795747992.0000000003E2C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 360Tray.exe
Source: lw2HMxuVuf.exe, 00000000.00000002.2803313882.000000006B485000.00000002.00000001.01000000.0000000B.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000002.2566152433.00007FF7D8088000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: DetectFile2=%ProgramFiles%\Malwarebytes Anti-Malware\mbam.exe
Source: lw2HMxuVuf.exe, 00000000.00000003.2771923430.0000000003E1E000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2795803575.0000000003E31000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2772165852.0000000003E2F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: FPAVServer.exe
Source: lw2HMxuVuf.exe	Binary or memory string: mbam.exe
Source: lw2HMxuVuf.exe, 00000000.00000003.2769125944.0000000003F01000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2782233568.0000000003F01000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2796600283.0000000003F01000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: QUHLPSVC.EXE
Source: lw2HMxuVuf.exe, lw2HMxuVuf.exe, 00000000.00000002.2796059986.0000000003E54000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2769327001.0000000003E3F000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2776195650.0000000003E53000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ClamWin.exe

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\webappsstore.sqlite-shm
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\compatibility.ini
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\webappsstore.sqlite-wal
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-wal
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\webappsstore.sqlite
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\permissions.sqlite
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
34.111.24.1	ipm-gcp-prod.ff.avast.com	United States	15169	GOOGLEUS	false
35.244.154.8	idsync.rlcdn.com	United States	15169	GOOGLEUS	false
66.102.1.155	stats.g.doubleclick.net	United States	15169	GOOGLEUS	false
104.18.32.137	unknown	United States	13335	CLOUDFLARENETUS	false
66.235.152.221	adobetarget.data.adobedc.net	United States	15224	OMNITUREUS	false
52.209.8.105	peso-1422535133.eu-west-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
162.159.140.229	unknown	United States	13335	CLOUDFLARENETUS	false
104.18.87.42	cdn.cookielaw.org	United States	13335	CLOUDFLARENETUS	false
34.149.202.126	driver-updater-gcp.ff.avast.com	United States	2686	ATGS-MMD-ASUS	false
63.140.62.17	unknown	United States	15224	OMNITUREUS	false
172.64.155.119	geolocation.onetrust.com	United States	13335	CLOUDFLARENETUS	false
34.253.40.242	unknown	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
52.50.80.142	unknown	United States	16509	AMAZON-02US	false
63.34.142.90	unknown	United States	16509	AMAZON-02US	false
146.75.120.157	platform.twitter.map.fastly.net	Sweden	30051	SCCGOVUS	false
54.246.144.89	spdc-global.pbp.gysm.yahoodns.net	United States	16509	AMAZON-02US	false
157.240.196.35	star-mini.c10r.facebook.com	United States	32934	FACEBOOKUS	false
20.50.2.53	mstatic.ccleaner.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
18.66.102.106	static-cdn.hotjar.com	United States	3	MIT-GATEWAYSUS	false
63.140.62.27	2w99epxhne.data.adobedc.net	United States	15224	OMNITUREUS	false
172.179.182.7	wndc1.outbrain.org	United States	7018	ATT-INTERNET4US	false
142.250.181.68	www.google.com	United States	15169	GOOGLEUS	false
34.96.102.137	dev.visualwebsiteoptimizer.com	United States	15169	GOOGLEUS	false
34.111.175.102	ip-info-gcp.ff.avast.com	United States	15169	GOOGLEUS	false
216.239.36.181	analytics-alv.google.com	United States	15169	GOOGLEUS	false
35.190.209.22	streamback-cl1.ns1.ff.avast.com	United States	15169	GOOGLEUS	false
54.229.91.192	dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
172.217.19.2	td.doubleclick.net	United States	15169	GOOGLEUS	false
108.158.75.13	dcjdc5qmbbux7.cloudfront.net	United States	16509	AMAZON-02US	false
104.244.42.3	unknown	United States	13414	TWITTERUS	false
104.244.42.195	s.twitter.com	United States	13414	TWITTERUS	false
34.160.176.28	shepherd-gcp.ff.avast.com	United States	2686	ATGS-MMD-ASUS	false
150.171.27.10	ax-0001.ax-msedge.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
34.117.223.223	analytics-prod-gcp.ff.avast.com	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
87.248.114.12	edge.gycpi.b.yahoodns.net	United Kingdom	43428	YAHOO-ULSGB	false
13.33.187.74	script.hotjar.com	United States	16509	AMAZON-02US	false
157.240.196.15	scontent.xx.fbcdn.net	United States	32934	FACEBOOKUS	false
172.66.0.227	t.co	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.5
127.0.0.1

Contacted Domains

Name	IP	Active
ip-info-gcp.ff.avast.com	34.111.175.102	true
dev.visualwebsiteoptimizer.com	34.96.102.137	true
platform.twitter.map.fastly.net	146.75.120.157	true
spdc-global.pbp.gysm.yahoodns.net	54.246.144.89	true
stats.g.doubleclick.net	66.102.1.155	true
adobetarget.data.adobedc.net	66.235.152.221	true
scontent.xx.fbcdn.net	157.240.196.15	true
idsync.rlcdn.com	35.244.154.8	true
t.co	172.66.0.227	true
script.hotjar.com	13.33.187.74	true
peso-1422535133.eu-west-1.elb.amazonaws.com	52.209.8.105	true
www.google.com	142.250.181.68	true
dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com	54.229.91.192	true
2w99epxhne.data.adobedc.net	63.140.62.27	true
mstatic.ccleaner.com	20.50.2.53	true
static-cdn.hotjar.com	18.66.102.106	true
star-mini.c10r.facebook.com	157.240.196.35	true
ipm-gcp-prod.ff.avast.com	34.111.24.1	true
s.twitter.com	104.244.42.195	true
wndc1.outbrain.org	172.179.182.7	true
analytics-prod-gcp.ff.avast.com	34.117.223.223	true
ax-0001.ax-msedge.net	150.171.27.10	true
streamback-cl1.ns1.ff.avast.com	35.190.209.22	true
analytics-alv.google.com	216.239.36.181	true
shepherd-gcp.ff.avast.com	34.160.176.28	true
dcjdc5qmbbux7.cloudfront.net	108.158.75.13	true
td.doubleclick.net	172.217.19.2	true
driver-updater-gcp.ff.avast.com	34.149.202.126	true
cdn.cookielaw.org	104.18.87.42	true
geolocation.onetrust.com	172.64.155.119	true
edge.gycpi.b.yahoodns.net	87.248.114.12	true
static.ads-twitter.com	unknown	unknown
amplify.outbrain.com	unknown	unknown
license.piriform.com	unknown	unknown
emupdate.avcdn.net	unknown	unknown
siteintercept.qualtrics.com	unknown	unknown
cm.everesttech.net	unknown	unknown
ipm-provider.ff.avast.com	unknown	unknown
driver-updater.ff.avast.com	unknown	unknown
oms.ccleaner.com	unknown	unknown
wave.outbrain.com	unknown	unknown
static.hotjar.com	unknown	unknown
trial-eum-clientnsv4-s.akamaihd.net	unknown	unknown
c5.adalyser.com	unknown	unknown
8-46-123-75_s-2-20-68-230_ts-1732446949-clienttons-s.akamaihd.net	unknown	unknown
assets.adobedtm.com	unknown	unknown
trial-eum-clienttons-s.akamaihd.net	unknown	unknown
winqual.sb.avast.com	unknown	unknown
connect.facebook.net	unknown	unknown
px.ads.linkedin.com	unknown	unknown
ipmcdn.avast.com	unknown	unknown
symantec.demdex.net	unknown	unknown
684d0d45.akstat.io	unknown	unknown
s.yimg.com	unknown	unknown
service.piriform.com	unknown	unknown
download.avira.com	unknown	unknown
www.mczbf.com	unknown	unknown
sp.analytics.yahoo.com	unknown	unknown
s.go-mpulse.net	unknown	unknown
symantec.tt.omtrdc.net	unknown	unknown
shepherd.ff.avast.com	unknown	unknown
cdn-production.ccleaner.com	unknown	unknown
www.nortonlifelock.com	unknown	unknown
analytics.avcdn.net	unknown	unknown
dpm.demdex.net	unknown	unknown
s1.pir.fm	unknown	unknown
analytics.ff.avast.com	unknown	unknown
www.facebook.com	unknown	unknown
www.linkedin.com	unknown	unknown
baxhwsyxgzi4uz2dblsq-p08v2f-49ff2084c-clientnsv4-s.akamaihd.net	unknown	unknown
ncc.avast.com	unknown	unknown
zn4i1jhjmxub1nc6y-gendigital.siteintercept.qualtrics.com	unknown	unknown
cdn-uat.ccleaner.com	unknown	unknown
analytics.twitter.com	unknown	unknown
snap.licdn.com	unknown	unknown
ccleaner.tools.avcdn.net	unknown	unknown
www.ccleaner.com	unknown	unknown
analytics.google.com	unknown	unknown
ip-info.ff.avast.com	unknown	unknown
c.go-mpulse.net	unknown	unknown
tr.outbrain.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://connect.facebook.net/signals/config/2679475345708101?v=2.9.176&r=stable&domain=www.ccleaner.com&hme=872f04a0547459b3285cb03b0d7a47bfde40628f4b386809918a621e2688602f&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C195%2C194%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113	false
https://ipm-provider.ff.avast.com/?action=1&p_elm=229&p_lng=en&p_lid=en-us&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=1F2CCAD3812656C4930608337C4FB4A5DA9202DE17AF565647702A83E3FCF3B0&p_hid=aa2c86aa-7fc5-4c8e-a69d-19a7dbc0b72a&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_012_999_a8k_m&p_dols=0&p_sols=0&p_pts=0&p_ftc=0&p_btc=0&p_pro=90&p_vep=6&p_ves=30&p_vbd=11385&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=172544&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_wvv=117.0.2045.47&p_age=0&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20241124	false
https://sp.analytics.yahoo.com/sp.pl?a=10000&d=Sun%2C%2024%20Nov%202024%2011%3A15%3A25%20GMT&n=5&b=CCleaner%20v6.30.11385&.yp=10180940&f=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&enc=UTF-8&yv=1.16.5&tagmgr=gtm%2Cadobe	false
https://analytics.twitter.com/i/adsct?bci=3&dv=America%2FNew_York%26en-US%2Cen%26Google%20Inc.%26Win32%26255%261280%261024%264%2624%261280%26984%260%26na&eci=2&event_id=f0466fac-a653-4a79-868b-04f8676bc357&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=1bd174fb-a78f-4078-9437-448582031ffa&tw_document_href=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4ls7&type=javascript&version=2.3.31	false
https://cdn.cookielaw.org/scripttemplates/6.36.0/assets/v2/otPcCenter.json	false
https://ipm-provider.ff.avast.com/?action=1&p_elm=0&p_lng=en&p_lid=en-us&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=1F2CCAD3812656C4930608337C4FB4A5DA9202DE17AF565647702A83E3FCF3B0&p_hid=aa2c86aa-7fc5-4c8e-a69d-19a7dbc0b72a&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_012_999_a8k_m&p_dols=0&p_sols=0&p_pts=0&p_ftc=0&p_btc=0&p_pro=90&p_vep=6&p_ves=30&p_vbd=11385&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=172544&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_wvv=117.0.2045.47&p_age=0&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20241124	false
https://winqual.sb.avast.com/V1/MD	false
https://oms.ccleaner.com/b/ss/symanteccom/1/JS-2.22.0-LDQM/s18539589585813?AQB=1&ndh=1&pf=1&t=24%2F10%2F2024%206%3A15%3A21%200%20300&sdid=4523341CF3BE0AEE-41D4D261AA724F9B&mid=86915098161613896303235469939112226982&aamlh=6&ce=UTF-8&pageName=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-30-11385&g=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&cc=USD&server=norton&events=event69&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=us&c3=en&c8=D%3Dv163&c14=D%3Dv16&v18=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-30-11385&v21=D%3Dc21&v27=D%3Dc2&v28=D%3Dc3&c35=D%3DpageName&c41=ccleaner&v41=D%3Dc41&c46=html&c47=page&v47=s_code_norton%202024-10-07&c48=CCleaner%20v6.30.11385&v48=D%3Dc49&c49=knowledge&v49=D%3Dc48&v57=86915098161613896303235469939112226982&c59=ccleaner%3Aknowledge%3Accleaner-v6-30-11385&v59=D%3Dc59&v72=ccleaner&c75=D%3Dv57&v96=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385&v164=ccleaner%3A999_a&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1034&bh=870&mcorgid=67C716D751E567F70A490D4C%40AdobeOrg&AQE=1	false
https://c5.adalyser.com/adalyser.js?cid=ccleaner	false
https://www.facebook.com/tr/?id=2679475345708101&ev=PageView&dl=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&rl=&if=false&ts=1732446936663&sw=1280&sh=1024&v=2.9.176&r=stable&ec=0&o=4126&fbp=fb.1.1732446936660.65224446665965545&cs_est=true&ler=empty&cdl=API_unavailable&it=1732446935268&coo=false&dpo=&tm=1&rqm=GET	false
https://tr.outbrain.com/cachedClickId?marketerId=001ac0827d67b7b38319c9517e7fa2f4cc	false
https://driver-updater.ff.avast.com/api/v1/scanDrivers/	false
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Z0MKzAAAAHGmGQO-	false
https://static.hotjar.com/c/hotjar-857043.js?sv=6	false
https://cdn.cookielaw.org/scripttemplates/6.36.0/assets/otCommonStyles.css	false
https://shepherd.ff.avast.com/?p_lng=en&p_lid=en-us&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=1F2CCAD3812656C4930608337C4FB4A5DA9202DE17AF565647702A83E3FCF3B0&p_hid=aa2c86aa-7fc5-4c8e-a69d-19a7dbc0b72a&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_012_999_a8k_m&p_dols=0&p_sols=0&p_pts=0&p_ftc=0&p_btc=0&p_pro=90&p_vep=6&p_ves=30&p_vbd=11385&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=172544&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_wvv=117.0.2045.47&p_age=0&p_tcy=0&p_pct=0&p_jct=0	false
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js	false
https://ip-info.ff.avast.com/v2/info	false
https://s.yimg.com/wi/ytc.js	false
https://analytics.avcdn.net/receive3	false
https://c5.adalyser.com/tracking/track/v3/p?stm=1732446933112&e=lce1&url=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&cid=ccleaner&p=%7B%22et%22%3A1732446933109%2C%22nr%22%3A%22New%22%2C%22cg%22%3A%22Direct%22%2C%22dt%22%3A%22desktop%22%2C%22so%22%3A%22direct%22%2C%22me%22%3A%22none%22%2C%22ca%22%3A%22direct%22%2C%22co%22%3A%22(not%20set)%22%2C%22ke%22%3A%22(not%20set)%22%2C%22vid%22%3A%221%22%2C%22sid%22%3A%221b678712-0cc8-486d-89d0-05e165f88b18%22%2C%22duid%22%3A%226a43d717-b772-42a5-badd-e897920af092%22%2C%22cw%22%3A1732446933109%7D&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F117.0.0.0%20Safari%2F537.36&domain=www.ccleaner.com	false
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=2679475345708101&ev=PageView&dl=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&rl=&if=false&ts=1732446936663&sw=1280&sh=1024&v=2.9.176&r=stable&ec=0&o=4126&fbp=fb.1.1732446936660.65224446665965545&cs_est=true&ler=empty&cdl=API_unavailable&it=1732446935268&coo=false&dpo=&tm=1&rqm=FGET	false
https://ipm-provider.ff.avast.com/?p_elm=76&action=1&p_age=0&p_bau=0&p_bsls=0&p_chcc=2&p_chr=0&p_dvt=3&p_fds=172544&p_gis=0&p_hid=aa2c86aa-7fc5-4c8e-a69d-19a7dbc0b72a&p_lid=en-CH&p_lng=en&p_midex=1F2CCAD3812656C4930608337C4FB4A5DA9202DE17AF565647702A83E3FCF3B0&p_osv=10.0&p_pro=90&p_sbi=0&p_scbu=0&p_tos=0&p_vbd=11385&p_vep=6&p_ves=30&p_wid=1675281926	false
https://ip-info.ff.avast.com/v1/info	false

Cryptography

Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_ed7bcb60-1

Phishing

HTML page contains hidden javascript code

Source: https://www.ccleaner.com/knowledge/ccleaner-v6-30-11385?cv=v6-30-11385

Source: https://www.ccleaner.com/knowledge/ccleaner-v6-30-11385?cv=v6-30-11385	HTTP Parser: Iframe src: https://symantec.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fwww.ccleaner.com
Source: https://www.ccleaner.com/knowledge/ccleaner-v6-30-11385?cv=v6-30-11385	HTTP Parser: Iframe src: https://td.doubleclick.net/td/ga/rul?tid=G-YG64G9XX0R&gacid=246986528.1732446933&gtm=45je4bk0v872524127za200zb9132702579&dma=0&gcs=G111&gcd=13t3t3t3t5l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102077855~102081485&z=492160558
Source: https://www.ccleaner.com/knowledge/ccleaner-v6-30-11385?cv=v6-30-11385	HTTP Parser: Iframe src: https://symantec.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fwww.ccleaner.com
Source: https://www.ccleaner.com/knowledge/ccleaner-v6-30-11385?cv=v6-30-11385	HTTP Parser: Iframe src: https://td.doubleclick.net/td/ga/rul?tid=G-YG64G9XX0R&gacid=246986528.1732446933&gtm=45je4bk0v872524127za200zb9132702579&dma=0&gcs=G111&gcd=13t3t3t3t5l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102077855~102081485&z=492160558

Source: https://www.ccleaner.com/knowledge/ccleaner-v6-30-11385?cv=v6-30-11385	HTTP Parser: No favicon
Source: https://www.ccleaner.com/knowledge/ccleaner-v6-30-11385?cv=v6-30-11385	HTTP Parser: No favicon

Source: https://www.ccleaner.com/knowledge/ccleaner-v6-30-11385?cv=v6-30-11385	HTTP Parser: No <meta name="author".. found
Source: https://www.ccleaner.com/knowledge/ccleaner-v6-30-11385?cv=v6-30-11385	HTTP Parser: No <meta name="author".. found
Source: https://www.ccleaner.com/knowledge/ccleaner-v6-30-11385?cv=v6-30-11385	HTTP Parser: No <meta name="author".. found

Source: https://www.ccleaner.com/knowledge/ccleaner-v6-30-11385?cv=v6-30-11385	HTTP Parser: No <meta name="copyright".. found
Source: https://www.ccleaner.com/knowledge/ccleaner-v6-30-11385?cv=v6-30-11385	HTTP Parser: No <meta name="copyright".. found
Source: https://www.ccleaner.com/knowledge/ccleaner-v6-30-11385?cv=v6-30-11385	HTTP Parser: No <meta name="copyright".. found

Compliance

Uses 32bit PE files

Source: lw2HMxuVuf.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49801 version: TLS 1.0

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleaner.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleaner64.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCUpdate.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1025.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1026.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1027.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1028.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1029.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1030.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1031.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1032.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1034.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1035.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1036.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1037.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1038.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1040.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1041.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1042.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1043.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1044.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1045.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1046.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1048.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1049.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1050.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1051.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1052.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1053.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1054.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1055.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1056.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1057.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1058.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1059.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1060.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1061.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1062.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1063.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1065.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1066.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1067.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1068.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1079.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1071.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1081.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1086.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1087.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1090.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1092.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1093.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1102.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1104.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1109.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1110.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1155.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-2052.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-2070.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-2074.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-3098.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-5146.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-9999.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleanerDU.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleanerPerformanceOptimizer.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleanerReactivator.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\libwaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\libwaheap.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\libwalocal.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\libwaresource.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\libwautils.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\libwavmodapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleanerBugReport.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleanerReactivator.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\uninst.exe	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Setup\config.def	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Directory created: C:\Program Files\CCleaner\Setup\	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Directory created: C:\Program Files\CCleaner\Setup\02cb0e58-d7f9-4650-aaa3-c382df995438.ini	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Directory created: C:\Program Files\CCleaner\Setup\92a778af-76d6-4186-8535-ae66d08f623f.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Directory created: C:\Program Files\CCleaner\Setup\9c909bc2-cad9-48a5-8b4a-a855a60d0635.xml	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Directory created: C:\Program Files\CCleaner\log\DumpProcess.log.tmp.f53516a7-b1d4-4e35-9f9f-5bf19acd8d46	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Directory created: C:\Program Files\CCleaner\LOG\unp31145570364458760i-unhandled.mdmp	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Directory created: C:\Program Files\CCleaner\LOG\last.dump	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Directory created: C:\Program Files\CCleaner\log\BugReport.log.tmp.dae51f4d-55cc-41f8-b071-6a014d36c644
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Directory created: C:\Program Files\CCleaner\log\BugReport.status
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\gcapi_dll.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\DriverUpdaterLib.log.tmp.accacbd3-aee6-455d-9f5d-9609fdf807c7
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\DriverUpdEng.log.tmp.62d78b02-53aa-4397-82ba-6f79541c1b50
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\DriverUpdEngTask.log.tmp.25e35e65-8152-4023-ad23-4ef6ff68a13b
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\journal
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\log
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\report
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\chest
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\moved
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\fw
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\event_manager.log.tmp.57b5a0f5-3c1f-4a68-8856-fdecb876f055
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\burger_client
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\burger_client\825E3DD4-926B-4EB9-A66E-9F88AAD28A0F
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\usercfg.ini
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\44ED97C8-2D40-4A50-913D-673F6858B9AF
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\BackupStorage
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\203abf8c-03ea-4cb7-b490-fe04ea1c26bb
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\su_controller.log.tmp.528f08fa-e71c-4268-add3-1b0450e8eb1a
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\su_telemetry.log.tmp.3dbb3c72-b585-4e54-aa6e-48787f35bd13
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\burger_client
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\burger_client\825E3DD4-926B-4EB9-A66E-9F88AAD28A0F
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\44ED97C8-2D40-4A50-913D-673F6858B9AF
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\2bab7519-4020-4dae-a822-3e7f39e8fa82
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\su_adapter.log.tmp.5669dd20-a121-429d-bc95-a17865357101
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\DUState.dat
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\StateHistory
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\StateHistory\DUState 2024-11-24 11-16-32-817.dat
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\StateHistory\InitialDUState V24_2.dat
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\gcapi_dll.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\StateHistory\DUState 2024-11-24 11-17-08-263.dat
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\gcapi_dll.dll
Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe	Directory created: C:\Program Files\CCleaner\LOG\pd.log.tmp.ecbf8d94-bb5d-46ed-abbb-da465ab5d3b8

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner

Jump to behavior

Source: lw2HMxuVuf.exe

Static PE information: certificate valid

Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.24.1:443 -> 192.168.2.5:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.175.102:443 -> 192.168.2.5:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.209.22:443 -> 192.168.2.5:49803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.209.22:443 -> 192.168.2.5:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.175.102:443 -> 192.168.2.5:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49825 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49840 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49839 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49849 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49851 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49862 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49872 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49876 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49894 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49895 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49895 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49909 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49918 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49919 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49935 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49936 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49951 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49953 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49965 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49981 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.175.102:443 -> 192.168.2.5:49986 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.5:49996 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.24.1:443 -> 192.168.2.5:49993 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.24.1:443 -> 192.168.2.5:49994 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.175.102:443 -> 192.168.2.5:49995 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49998 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50013 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50014 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.5:50017 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.175.102:443 -> 192.168.2.5:50016 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50023 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50024 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50026 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50033 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50042 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.202.126:443 -> 192.168.2.5:50044 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50045 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50052 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50060 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50062 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50064 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50079 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50110 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.202.126:443 -> 192.168.2.5:50126 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50141 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50182 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50226 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.24.1:443 -> 192.168.2.5:50229 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50230 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50231 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50269 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50345 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50352 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50416 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50477 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50508 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50527 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50592 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50698 version: TLS 1.2

Source: lw2HMxuVuf.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: UxTheme.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: CLBCatQ.pdbr; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rsaenh.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winnsi.pdb`; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bcrypt.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wbemcomn.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: taskschd.pdbw; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\c1dae475bef2edc0\bin_x86\v143\Release Static\neutral\pfUI_link.pdb# source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2802095777.000000006B047000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: cryptsp.pdbo; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mskeyprotect.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcrt.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winnsi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: cryptsp.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: advapi32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\67d9289f94964a81\BUILDS\Release\x86\CCUpdate.pdb source: CCUpdate.exe, 00000007.00000000.2510072602.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000007.00000002.2687185247.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000008.00000002.2527898318.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000008.00000000.2524315754.0000000000A34000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: CLBCatQ.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: urlmon.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: schannel.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: shlwapi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: taskschd.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\work\848d668bab18d6e2\bin_x86\v142\Release Static\neutral\ServiceUninstaller_link.pdb source: lw2HMxuVuf.exe, 00000000.00000002.2800041545.000000006A14B000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: kernel32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2557982481.000001A4341F0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: usp10.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: oleacc.pdb.A source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: win32u.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: urlmon.pdb)A source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: srvcli.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: imm32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gcapi_dll.dll.pdb\| source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: comdlg32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ws2_32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winspool.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mswsock.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: iphlpapi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nsi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: webio.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winmm.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: cfgmgr32.pdb~; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gpapi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: powrprof.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ole32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gcapi_dll.dll.pdb source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: iertutil.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: imm32.pdb$A source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msasn1.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\_av\BUILDS\Release\x86\emupdate.pdb source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\c1dae475bef2edc0\bin_x86\v143\Release Static\neutral\pfBL_link.pdb source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: C:\BUILD\work\8889074bed3874b9\bin\CCleaner\Release Static\x64\CCleaner64.pdb source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: cfgmgr32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: combase.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Windows.Storage.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\7f23b0fca235e2b8\BUILDS\Release\x64\AvBugReport.pdb source: CCleanerBugReport.exe, 0000000B.00000002.2666069416.00007FF66186A000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: ncrypt.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: secur32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dpapi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: apphelp.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rasadhlp.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: UMPDC.pdbc; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: kernelbase.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: netutils.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\c1dae475bef2edc0\bin_x86\v143\Release Static\neutral\pfUI_link.pdb source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2802095777.000000006B047000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: UMPDC.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dhcpcsvc.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rpcrt4.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: netutils.pdby; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: fastprox.pdbe; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: schannel.pdbt; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: shcore.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: oleacc.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: shell32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sspicli.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp_win.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dnsapi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\7f23b0fca235e2b8\BUILDS\Release\x64\avDump.pdb source: CCleanerCrashDump.exe, 00000009.00000002.2559469510.00007FF66A0F9000.00000002.00000001.01000000.00000019.sdmp, CCleanerCrashDump.exe, 00000009.00000000.2543417283.00007FF66A0F9000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: userenv.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\7f23b0fca235e2b8\BUILDS\Release\x64\avDump.pdbG source: CCleanerCrashDump.exe, 00000009.00000002.2559469510.00007FF66A0F9000.00000002.00000001.01000000.00000019.sdmp, CCleanerCrashDump.exe, 00000009.00000000.2543417283.00007FF66A0F9000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: winhttp.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntasn1.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gdi32full.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gdiplus.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dbghelp.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gdi32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: profapi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dhcpcsvc6.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WindowsCodecs.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dnsapi.pdbQ; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WLDP.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sechost.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dpapi.pdb;1 source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: propsys.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winhttp.pdbl; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: fastprox.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wbemsvc.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mstask.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ncryptsslp.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\3ec84b7238d5b18a\BUILDS\Release\x86\AvastAdSDK_Release Static.pdb source: lw2HMxuVuf.exe, 00000000.00000002.2823648359.000000006B7E5000.00000002.00000001.01000000.0000000A.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msctf.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: version.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dbgcore.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: user32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winmm.pdb'A source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Kernel.Appcore.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: fwpuclnt.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: cryptbase.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bcryptprimitives.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\c1dae475bef2edc0\bin_x86\v143\Release Static\neutral\pfBL_link.pdb#@ source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: ntdll.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2557982481.000001A4341F0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Amsi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msctf.pdbj; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: oleaut32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dxgi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: apphelp.pdb.1 source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: comctl32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wbemprox.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: crypt32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp

Spreading

Creates COM task schedule object (often to register a task for autostart)

Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files\CCleaner\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs

Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009CF00C __EH_prolog3_GS,FindFirstFileW,SetFileAttributesW,DeleteFileW,GetLastError,Sleep,FindNextFileW,SetFileAttributesW,RemoveDirectoryW,GetLastError,FindClose,	7_2_009CF00C
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A25B9E FindFirstFileExW,	7_2_00A25B9E
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009E0B37 __EH_prolog3_GS,FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,	7_2_009E0B37

Networking

Connects to many different domains

Source: unknown

Network traffic detected: DNS query count 60

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49712 -> 34.111.24.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49708 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49783 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49790 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49784 -> 34.111.175.102:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49792 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49803 -> 35.190.209.22:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49825 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49810 -> 35.190.209.22:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49798 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49743 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49816 -> 34.111.175.102:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49840 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49851 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49863 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49849 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49862 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49747 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49872 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49876 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49894 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49895 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49909 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49935 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49919 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49936 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49951 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49965 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49953 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49981 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50013 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49918 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49998 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50014 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50024 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50023 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50026 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50033 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50042 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50044 -> 34.149.202.126:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50052 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50062 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50045 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50060 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50079 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50110 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50064 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50126 -> 34.149.202.126:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50141 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50182 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50231 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50226 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50230 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50269 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50345 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50352 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50416 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50477 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50527 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50592 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:50697 -> 34.117.223.223:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49737 -> 34.160.176.28:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49765 -> 34.160.176.28:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49986 -> 34.111.175.102:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49996 -> 34.160.176.28:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49993 -> 34.111.24.1:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49995 -> 34.111.175.102:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49994 -> 34.111.24.1:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50017 -> 34.160.176.28:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50016 -> 34.111.175.102:443
Source: Network traffic	Suricata IDS: 2022112 - Severity 1 - ET EXPLOIT_KIT Possible Nuclear EK Landing Nov 17 2015 : 192.168.2.5:50029 -> 172.66.0.227:443
Source: Network traffic	Suricata IDS: 2022112 - Severity 1 - ET EXPLOIT_KIT Possible Nuclear EK Landing Nov 17 2015 : 192.168.2.5:50032 -> 104.244.42.195:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:50698 -> 34.117.223.223:443

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49801 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63

Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /?p_elm=76&action=1&p_age=0&p_bau=0&p_bsls=0&p_chcc=2&p_chr=0&p_dvt=3&p_fds=172544&p_gis=0&p_hid=aa2c86aa-7fc5-4c8e-a69d-19a7dbc0b72a&p_lid=en-CH&p_lng=en&p_midex=1F2CCAD3812656C4930608337C4FB4A5DA9202DE17AF565647702A83E3FCF3B0&p_osv=10.0&p_pro=90&p_sbi=0&p_scbu=0&p_tos=0&p_vbd=11385&p_vep=6&p_ves=30&p_wid=1675281926 HTTP/1.1Connection: Keep-AliveUser-Agent: Avast AntivirusHost: ipm-provider.ff.avast.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=GRl3eG9fkn88GgF&MD=UgZxxMnN HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /?p_vep=6&p_ves=30&p_vbd=11385&p_lit=0&p_midex=1F2CCAD3812656C4930608337C4FB4A5DA9202DE17AF565647702A83E3FCF3B0&p_hid=aa2c86aa-7fc5-4c8e-a69d-19a7dbc0b72a&p_pro=90&p_osv=10.0&p_gksw=0&p_lng=en&p_lid=en-us HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.30.11385)Host: shepherd.ff.avast.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /?p_vep=6&p_ves=30&p_vbd=11385&p_lit=0&p_midex=1F2CCAD3812656C4930608337C4FB4A5DA9202DE17AF565647702A83E3FCF3B0&p_hid=aa2c86aa-7fc5-4c8e-a69d-19a7dbc0b72a&p_pro=90&p_osv=10.0&p_gksw=0&p_lng=en&p_lid=en-us HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.30.11385)Host: shepherd.ff.avast.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v2/info HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: CCleaner Update AgentHost: ip-info.ff.avast.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v2/info HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: CCleaner Update AgentHost: ip-info.ff.avast.com
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=GRl3eG9fkn88GgF&MD=UgZxxMnN HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /consent/831b8ee0-e952-49a5-af6b-01382c722774/OtAutoBlock.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/otSDKStub.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /scripttemplates/otSDKStub.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /consent/831b8ee0-e952-49a5-af6b-01382c722774/OtAutoBlock.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /consent/831b8ee0-e952-49a5-af6b-01382c722774/831b8ee0-e952-49a5-af6b-01382c722774.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.ccleaner.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /consent/831b8ee0-e952-49a5-af6b-01382c722774/831b8ee0-e952-49a5-af6b-01382c722774.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cookieconsentpub/v1/geo/location HTTP/1.1Host: geolocation.onetrust.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"accept: application/jsonsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://www.ccleaner.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1732446913141 HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: /Origin: https://www.ccleaner.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /cookieconsentpub/v1/geo/location HTTP/1.1Host: geolocation.onetrust.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /m2/symantec/mbox/json?mbox=sym_global_mbox&mboxSession=e429fa507a58432fa5e510cf4405a010&mboxPC=&mboxPage=022aa431307845d2a0697896603780bd&mboxRid=4ef1b8fbaa2444e8aafbdfba074c45d0&mboxVersion=1.8.3&mboxCount=1&mboxTime=1732428913249&mboxHost=www.ccleaner.com&mboxURL=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&mboxReferrer=&browserHeight=870&browserWidth=1017&browserTimeOffset=-300&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&webGLRenderer=ANGLE%20(Google%2C%20Vulkan%201.3.0%20(SwiftShader%20Device%20(Subzero)%20(0x0000C0DE))%2C%20SwiftShader%20driver)&country=us&language=en&pagename=ccleaner-v6-30-11385&at_property=74efb873-ee28-a71f-a807-f416259640d3&site_section=ccleaner&site_subsection=knowledge&mboxMCSDID=4523341CF3BE0AEE-41D4D261AA724F9B HTTP/1.1Host: symantec.tt.omtrdc.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.ccleaner.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1732446913141 HTTP/1.1Host: dpm.demdex.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=87069833943671932313219418043970534423
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /dest5.html?d_nsid=0 HTTP/1.1Host: symantec.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=87069833943671932313219418043970534423
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.36.0/otBannerSdk.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /m2/symantec/mbox/json?mbox=sym_global_mbox&mboxSession=e429fa507a58432fa5e510cf4405a010&mboxPC=&mboxPage=022aa431307845d2a0697896603780bd&mboxRid=4ef1b8fbaa2444e8aafbdfba074c45d0&mboxVersion=1.8.3&mboxCount=1&mboxTime=1732428913249&mboxHost=www.ccleaner.com&mboxURL=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&mboxReferrer=&browserHeight=870&browserWidth=1017&browserTimeOffset=-300&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&webGLRenderer=ANGLE%20(Google%2C%20Vulkan%201.3.0%20(SwiftShader%20Device%20(Subzero)%20(0x0000C0DE))%2C%20SwiftShader%20driver)&country=us&language=en&pagename=ccleaner-v6-30-11385&at_property=74efb873-ee28-a71f-a807-f416259640d3&site_section=ccleaner&site_subsection=knowledge&mboxMCSDID=4523341CF3BE0AEE-41D4D261AA724F9B HTTP/1.1Host: symantec.tt.omtrdc.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /consent/831b8ee0-e952-49a5-af6b-01382c722774/01912753-8c21-7a17-883f-0a91a4e5ae8b/en.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.ccleaner.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /wi/ytc.js HTTP/1.1Host: s.yimg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /uwt.js HTTP/1.1Host: static.ads-twitter.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.36.0/assets/otCenterRounded.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.ccleaner.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.36.0/assets/v2/otPcCenter.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.ccleaner.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.36.0/assets/otCommonStyles.css HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.ccleaner.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tags/563151391133/tag.js HTTP/1.1Host: www.mczbf.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/mhubc.js HTTP/1.1Host: mstatic.ccleaner.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: at_check=true; AMCVS_67C716D751E567F70A490D4C%40AdobeOrg=1; AMCV_67C716D751E567F70A490D4C%40AdobeOrg=179643557%7CMCIDTS%7C20052%7CMCMID%7C86915098161613896303235469939112226982%7CMCAAMLH-1733051715%7C6%7CMCAAMB-1733051715%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1732454115s%7CNONE%7CvVersion%7C5.5.0; mbox=session#e429fa507a58432fa5e510cf4405a010#1732448778\|PC#e429fa507a58432fa5e510cf4405a010.37_0#1795691718; avstperm=C0001%3A0%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0%2CC0005%3A0; sourceCodeCookie=999_a8k\|\|source=direct\|medium=(none)\|campaign=(not set)\|segmentCode=a; __trSrc=999_a8k; sdl_cid=1094632226.1732446919; _gcl_au=1.1.225519617.1732446920; __srcCookie=007_z8k\|\|source=(Other)\|medium=(none)\|campaign=(not set)\|segmentCode=z; pglpid=undefined
Source: global traffic	HTTP traffic detected: GET /b/ss/symanteccom/1/JS-2.22.0-LDQM/s18539589585813?AQB=1&ndh=1&pf=1&t=24%2F10%2F2024%206%3A15%3A21%200%20300&sdid=4523341CF3BE0AEE-41D4D261AA724F9B&mid=86915098161613896303235469939112226982&aamlh=6&ce=UTF-8&pageName=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-30-11385&g=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&cc=USD&server=norton&events=event69&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=us&c3=en&c8=D%3Dv163&c14=D%3Dv16&v18=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-30-11385&v21=D%3Dc21&v27=D%3Dc2&v28=D%3Dc3&c35=D%3DpageName&c41=ccleaner&v41=D%3Dc41&c46=html&c47=page&v47=s_code_norton%202024-10-07&c48=CCleaner%20v6.30.11385&v48=D%3Dc49&c49=knowledge&v49=D%3Dc48&v57=86915098161613896303235469939112226982&c59=ccleaner%3Aknowledge%3Accleaner-v6-30-11385&v59=D%3Dc59&v72=ccleaner&c75=D%3Dv57&v96=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385&v164=ccleaner%3A999_a&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1034&bh=870&mcorgid=67C716D751E567F70A490D4C%40AdobeOrg&AQE=1 HTTP/1.1Host: oms.ccleaner.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: at_check=true; AMCVS_67C716D751E567F70A490D4C%40AdobeOrg=1; AMCV_67C716D751E567F70A490D4C%40AdobeOrg=179643557%7CMCIDTS%7C20052%7CMCMID%7C86915098161613896303235469939112226982%7CMCAAMLH-1733051715%7C6%7CMCAAMB-1733051715%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1732454115s%7CNONE%7CvVersion%7C5.5.0; mbox=session#e429fa507a58432fa5e510cf4405a010#1732448778\|PC#e429fa507a58432fa5e510cf4405a010.37_0#1795691718; avstperm=C0001%3A0%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0%2CC0005%3A0; sourceCodeCookie=999_a8k\|\|source=direct\|medium=(none)\|campaign=(not set)\|segmentCode=a; __trSrc=999_a8k; sdl_cid=1094632226.1732446919; _gcl_au=1.1.225519617.1732446920; __srcCookie=007_z8k\|\|source=(Other)\|medium=(none)\|campaign=(not set)\|segmentCode=z; pglpid=undefined; s_nr=1732446921978-New; event69=event69; channelStack=s_eVar72~ccleaner; s_tbm=true; s_gpv=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-30-11385; s_gpv_custom=ccleaner%3Aknowledge%3Accleaner-v6-30-11385; s_cc=true
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /ibs:dpid=411&dpuuid=Z0MKzAAAAHGmGQO- HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=87069833943671932313219418043970534423
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.36.0/otBannerSdk.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /unifiedPixel?au=false&bust=09954157885839694&referrer=&cht=ot&marketerId=001ac0827d67b7b38319c9517e7fa2f4cc&name=PAGE_VIEW&dl=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&g=1&zone=all&obApiVersion=1.1&obtpVersion=2.0.5 HTTP/1.1Host: tr.outbrain.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligible: trigger=navigation-sourceReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wi/config/10180940.json HTTP/1.1Host: s.yimg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.ccleaner.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v1/info HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.30.11385)Host: ip-info.ff.avast.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /consent/831b8ee0-e952-49a5-af6b-01382c722774/01912753-8c21-7a17-883f-0a91a4e5ae8b/en.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.36.0/assets/otCenterRounded.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.36.0/assets/otCommonStyles.css HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripttemplates/6.36.0/assets/v2/otPcCenter.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?p_lng=en&p_lid=en-us&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=1F2CCAD3812656C4930608337C4FB4A5DA9202DE17AF565647702A83E3FCF3B0&p_hid=aa2c86aa-7fc5-4c8e-a69d-19a7dbc0b72a&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_012_999_a8k_m&p_dols=0&p_sols=0&p_pts=0&p_ftc=0&p_btc=0&p_pro=90&p_vep=6&p_ves=30&p_vbd=11385&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=172544&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_wvv=117.0.2045.47&p_age=0&p_tcy=0&p_pct=0&p_jct=0 HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.30.11385)Host: shepherd.ff.avast.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /?action=1&p_elm=0&p_lng=en&p_lid=en-us&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=1F2CCAD3812656C4930608337C4FB4A5DA9202DE17AF565647702A83E3FCF3B0&p_hid=aa2c86aa-7fc5-4c8e-a69d-19a7dbc0b72a&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_012_999_a8k_m&p_dols=0&p_sols=0&p_pts=0&p_ftc=0&p_btc=0&p_pro=90&p_vep=6&p_ves=30&p_vbd=11385&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=172544&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_wvv=117.0.2045.47&p_age=0&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20241124 HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.30.11385)Host: ipm-provider.ff.avast.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /?action=1&p_elm=229&p_lng=en&p_lid=en-us&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=1F2CCAD3812656C4930608337C4FB4A5DA9202DE17AF565647702A83E3FCF3B0&p_hid=aa2c86aa-7fc5-4c8e-a69d-19a7dbc0b72a&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_012_999_a8k_m&p_dols=0&p_sols=0&p_pts=0&p_ftc=0&p_btc=0&p_pro=90&p_vep=6&p_ves=30&p_vbd=11385&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=172544&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_wvv=117.0.2045.47&p_age=0&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20241124 HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.30.11385)Host: ipm-provider.ff.avast.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /v1/info HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.30.11385)Host: ip-info.ff.avast.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /uwt.js HTTP/1.1Host: static.ads-twitter.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /b/ss/symanteccom/1/JS-2.22.0-LDQM/s18539589585813?AQB=1&ndh=1&pf=1&t=24%2F10%2F2024%206%3A15%3A21%200%20300&sdid=4523341CF3BE0AEE-41D4D261AA724F9B&mid=86915098161613896303235469939112226982&aamlh=6&ce=UTF-8&pageName=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-30-11385&g=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&cc=USD&server=norton&events=event69&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=us&c3=en&c8=D%3Dv163&c14=D%3Dv16&v18=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-30-11385&v21=D%3Dc21&v27=D%3Dc2&v28=D%3Dc3&c35=D%3DpageName&c41=ccleaner&v41=D%3Dc41&c46=html&c47=page&v47=s_code_norton%202024-10-07&c48=CCleaner%20v6.30.11385&v48=D%3Dc49&c49=knowledge&v49=D%3Dc48&v57=86915098161613896303235469939112226982&c59=ccleaner%3Aknowledge%3Accleaner-v6-30-11385&v59=D%3Dc59&v72=ccleaner&c75=D%3Dv57&v96=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385&v164=ccleaner%3A999_a&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1034&bh=870&mcorgid=67C716D751E567F70A490D4C%40AdobeOrg&AQE=1 HTTP/1.1Host: oms.ccleaner.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: at_check=true; AMCVS_67C716D751E567F70A490D4C%40AdobeOrg=1; AMCV_67C716D751E567F70A490D4C%40AdobeOrg=179643557%7CMCIDTS%7C20052%7CMCMID%7C86915098161613896303235469939112226982%7CMCAAMLH-1733051715%7C6%7CMCAAMB-1733051715%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1732454115s%7CNONE%7CvVersion%7C5.5.0; mbox=session#e429fa507a58432fa5e510cf4405a010#1732448778\|PC#e429fa507a58432fa5e510cf4405a010.37_0#1795691718; sourceCodeCookie=999_a8k\|\|source=direct\|medium=(none)\|campaign=(not set)\|segmentCode=a; __trSrc=999_a8k; sdl_cid=1094632226.1732446919; _gcl_au=1.1.225519617.1732446920; __srcCookie=007_z8k\|\|source=(Other)\|medium=(none)\|campaign=(not set)\|segmentCode=z; pglpid=undefined; s_nr=1732446921978-New; event69=event69; channelStack=s_eVar72~ccleaner; s_tbm=true; s_gpv=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-30-11385; s_gpv_custom=ccleaner%3Aknowledge%3Accleaner-v6-30-11385; s_cc=true; avstperm=C0001%3A1%2CC0002%3A1%2CC0003%3A1%2CC0004%3A1%2CC0005%3A1; OptanonConsent=isIABGlobal=false&datestamp=Sun+Nov+24+2024+06%3A15%3A24+GMT-0500+(Eastern+Standard+Time)&version=6.36.0&hosts=&consentId=7d48a426-7a11-45ab-8358-f0f1978a2c57&interactionCount=0&landingPath=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&groups=C0001%3A1%2CC0003%3A1%2CC0002%3A1%2CBG232%3A1%2CC0004%3A1%2CC0005%3A1
Source: global traffic	HTTP traffic detected: GET /wi/ytc.js HTTP/1.1Host: s.yimg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /?p_lng=en&p_lid=en-us&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=1F2CCAD3812656C4930608337C4FB4A5DA9202DE17AF565647702A83E3FCF3B0&p_hid=aa2c86aa-7fc5-4c8e-a69d-19a7dbc0b72a&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_012_999_a8k_m&p_dols=0&p_sols=0&p_pts=0&p_ftc=0&p_btc=0&p_pro=90&p_vep=6&p_ves=30&p_vbd=11385&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=172544&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_wvv=117.0.2045.47&p_age=0&p_tcy=0&p_pct=0&p_jct=0 HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.30.11385)Host: shepherd.ff.avast.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v1/info HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.30.11385)Host: ip-info.ff.avast.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /i/adsct?bci=3&dv=America%2FNew_York%26en-US%2Cen%26Google%20Inc.%26Win32%26255%261280%261024%264%2624%261280%26984%260%26na&eci=2&event_id=f0466fac-a653-4a79-868b-04f8676bc357&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=1bd174fb-a78f-4078-9437-448582031ffa&tw_document_href=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4ls7&type=javascript&version=2.3.31 HTTP/1.1Host: t.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/adsct?bci=3&dv=America%2FNew_York%26en-US%2Cen%26Google%20Inc.%26Win32%26255%261280%261024%264%2624%261280%26984%260%26na&eci=2&event_id=f0466fac-a653-4a79-868b-04f8676bc357&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=1bd174fb-a78f-4078-9437-448582031ffa&tw_document_href=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4ls7&type=javascript&version=2.3.31 HTTP/1.1Host: analytics.twitter.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cachedClickId?marketerId=001ac0827d67b7b38319c9517e7fa2f4cc HTTP/1.1Host: tr.outbrain.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /adalyser.js?cid=ccleaner HTTP/1.1Host: c5.adalyser.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /en_US/fbevents.js HTTP/1.1Host: connect.facebook.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bat.js HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /logos/static/powered_by_logo.svg HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /711037.gif?partner_uid=20038232-384c-4316-839d-646e1b28eccd HTTP/1.1Host: idsync.rlcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /td/ga/rul?tid=G-YG64G9XX0R&gacid=246986528.1732446933&gtm=45je4bk0v872524127za200zb9132702579&dma=0&gcs=G111&gcd=13t3t3t3t5l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102077855~102081485&z=492160558 HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c/hotjar-857043.js?sv=6 HTTP/1.1Host: static.hotjar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tracking/track/v3/p?stm=1732446933112&e=lce1&url=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&cid=ccleaner&p=%7B%22et%22%3A1732446933109%2C%22nr%22%3A%22New%22%2C%22cg%22%3A%22Direct%22%2C%22dt%22%3A%22desktop%22%2C%22so%22%3A%22direct%22%2C%22me%22%3A%22none%22%2C%22ca%22%3A%22direct%22%2C%22co%22%3A%22(not%20set)%22%2C%22ke%22%3A%22(not%20set)%22%2C%22vid%22%3A%221%22%2C%22sid%22%3A%221b678712-0cc8-486d-89d0-05e165f88b18%22%2C%22duid%22%3A%226a43d717-b772-42a5-badd-e897920af092%22%2C%22cw%22%3A1732446933109%7D&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F117.0.0.0%20Safari%2F537.36&domain=www.ccleaner.com HTTP/1.1Host: c5.adalyser.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /signals/config/2679475345708101?v=2.9.176&r=stable&domain=www.ccleaner.com&hme=872f04a0547459b3285cb03b0d7a47bfde40628f4b386809918a621e2688602f&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C195%2C194%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113 HTTP/1.1Host: connect.facebook.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /1000.gif?memo=CP2yKxIwCiwIARCl_gkaJDIwMDM4MjMyLTM4NGMtNDMxNi04MzlkLTY0NmUxYjI4ZWNjZBAAGg0I15WMugYSBQjoBxAAQgBKAA HTTP/1.1Host: idsync.rlcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: rlas3=4O3GqXr0wiwus41xdBVgeySaSv5OKJjsacwPv7nhkl4=; pxrc=CAA=
Source: global traffic	HTTP traffic detected: GET /sp.pl?a=10000&d=Sun%2C%2024%20Nov%202024%2011%3A15%3A25%20GMT&n=5&b=CCleaner%20v6.30.11385&.yp=10180940&f=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&enc=UTF-8&yv=1.16.5&tagmgr=gtm%2Cadobe HTTP/1.1Host: sp.analytics.yahoo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /modules.86621fa4aeada5bcf025.js HTTP/1.1Host: script.hotjar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tr/?id=2679475345708101&ev=PageView&dl=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&rl=&if=false&ts=1732446936663&sw=1280&sh=1024&v=2.9.176&r=stable&ec=0&o=4126&fbp=fb.1.1732446936660.65224446665965545&cs_est=true&ler=empty&cdl=API_unavailable&it=1732446935268&coo=false&dpo=&tm=1&rqm=GET HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /privacy_sandbox/pixel/register/trigger/?id=2679475345708101&ev=PageView&dl=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&rl=&if=false&ts=1732446936663&sw=1280&sh=1024&v=2.9.176&r=stable&ec=0&o=4126&fbp=fb.1.1732446936660.65224446665965545&cs_est=true&ler=empty&cdl=API_unavailable&it=1732446935268&coo=false&dpo=&tm=1&rqm=FGET HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAttribution-Reporting-Eligible: event-source, trigger, not-navigation-sourceReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /i/adsct?bci=3&dv=America%2FNew_York%26en-US%2Cen%26Google%20Inc.%26Win32%26255%261280%261024%264%2624%261280%26984%260%26na&eci=2&event_id=f0466fac-a653-4a79-868b-04f8676bc357&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=1bd174fb-a78f-4078-9437-448582031ffa&tw_document_href=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4ls7&type=javascript&version=2.3.31 HTTP/1.1Host: t.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: muc_ads=25f3b841-45cb-48a6-b59e-9071b88de6cb; __cf_bm=yLFGeSfoAWKrGQq18FlQttVx.yvgNuczc8oFxhEZlkU-1732446932-1.0.1.1-Da5R_X9JfmXgKB7loXsUHO0OG24QaBQgJQdp4xKWnweu5QLf.cUqD97wWrfxz7U.ICQyLRst1n00q6h7Z8LzbA
Source: global traffic	HTTP traffic detected: GET /ibs:dpid=411&dpuuid=Z0MKzAAAAHGmGQO- HTTP/1.1Host: dpm.demdex.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=87069833943671932313219418043970534423; dpm=87069833943671932313219418043970534423
Source: global traffic	HTTP traffic detected: GET /unifiedPixel?au=false&bust=09954157885839694&referrer=&cht=ot&marketerId=001ac0827d67b7b38319c9517e7fa2f4cc&name=PAGE_VIEW&dl=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&g=1&zone=all&obApiVersion=1.1&obtpVersion=2.0.5 HTTP/1.1Host: tr.outbrain.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/adsct?bci=3&dv=America%2FNew_York%26en-US%2Cen%26Google%20Inc.%26Win32%26255%261280%261024%264%2624%261280%26984%260%26na&eci=2&event_id=f0466fac-a653-4a79-868b-04f8676bc357&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=1bd174fb-a78f-4078-9437-448582031ffa&tw_document_href=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4ls7&type=javascript&version=2.3.31 HTTP/1.1Host: analytics.twitter.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: personalization_id="v1_N7fGwYhwKdk8ai2C9LmtZw=="
Source: global traffic	HTTP traffic detected: GET /cachedClickId?marketerId=001ac0827d67b7b38319c9517e7fa2f4cc HTTP/1.1Host: tr.outbrain.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /api/mhubc.js HTTP/1.1Host: mstatic.ccleaner.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: at_check=true; AMCVS_67C716D751E567F70A490D4C%40AdobeOrg=1; mbox=session#e429fa507a58432fa5e510cf4405a010#1732448778\|PC#e429fa507a58432fa5e510cf4405a010.37_0#1795691718; sourceCodeCookie=999_a8k\|\|source=direct\|medium=(none)\|campaign=(not set)\|segmentCode=a; __trSrc=999_a8k; sdl_cid=1094632226.1732446919; _gcl_au=1.1.225519617.1732446920; __srcCookie=007_z8k\|\|source=(Other)\|medium=(none)\|campaign=(not set)\|segmentCode=z; pglpid=undefined; s_nr=1732446921978-New; event69=event69; channelStack=s_eVar72~ccleaner; s_tbm=true; s_gpv=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-30-11385; s_gpv_custom=ccleaner%3Aknowledge%3Accleaner-v6-30-11385; s_cc=true; avstperm=C0001%3A1%2CC0002%3A1%2CC0003%3A1%2CC0004%3A1%2CC0005%3A1; OptanonConsent=isIABGlobal=false&datestamp=Sun+Nov+24+2024+06%3A15%3A24+GMT-0500+(Eastern+Standard+Time)&version=6.36.0&hosts=&consentId=7d48a426-7a11-45ab-8358-f0f1978a2c57&interactionCount=0&landingPath=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&groups=C0001%3A1%2CC0003%3A1%2CC0002%3A1%2CBG232%3A1%2CC0004%3A1%2CC0005%3A1; cjConsent=MHxOfDB8Tnww; cjUser=20038232-384c-4316-839d-646e1b28eccd; cjLiveRampLastCall=2024-11-24T11:15:25.327Z; AMCV_67C716D751E567F70A490D4C%40AdobeOrg=179643557%7CMCIDTS%7C20052%7CMCMID%7C86915098161613896303235469939112226982%7CMCAAMLH-1733051715%7C6%7CMCAAMB-1733051715%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1732454115s%7CNONE%7CMCSYNCSOP%7C411-20059%7CvVersion%7C5.5.0; _ga_YG64G9XX0R=GS1.1.1732446932.1.0.1732446932.60.0.0; _ga=GA1.1.246986528.1732446933; __adal_ses=*; __adal_id=6a43d717-b772-42a5-badd-e897920af092.1732446933.1.1732446933.1732446933.1b678712-0cc8-486d-89d0-05e165f88b18; __adal_ca=so%3Ddirect%26me%3Dnone%26ca%3Ddirect%26co%3D%28not%2520set%29%26ke%3D%28not%2520set%29%26cg%3DDirect; __adal_cw=1732446933109; _fbp=fb.1.1732446936660.65224446665965545
Source: global traffic	HTTP traffic detected: GET /tags/563151391133/tag.js HTTP/1.1Host: www.mczbf.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /563151391133/pageInfo HTTP/1.1Host: www.mczbf.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /logos/static/powered_by_logo.svg HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /1000.gif?memo=CP2yKxIwCiwIARCl_gkaJDIwMDM4MjMyLTM4NGMtNDMxNi04MzlkLTY0NmUxYjI4ZWNjZBAAGg0I15WMugYSBQjoBxAAQgBKAA HTTP/1.1Host: idsync.rlcdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: rlas3=X1eD2AyWGZUus41xdBVgeySaSv5OKJjsacwPv7nhkl4=; pxrc=CNmVjLoGEgUI6AcQAA==
Source: global traffic	HTTP traffic detected: GET /en_US/fbevents.js HTTP/1.1Host: connect.facebook.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /signals/config/2679475345708101?v=2.9.176&r=stable&domain=www.ccleaner.com&hme=872f04a0547459b3285cb03b0d7a47bfde40628f4b386809918a621e2688602f&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C195%2C194%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113 HTTP/1.1Host: connect.facebook.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bat.js HTTP/1.1Host: bat.bing.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /c/hotjar-857043.js?sv=6 HTTP/1.1Host: static.hotjar.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?action=1&p_elm=0&p_lng=en&p_lid=en-us&p_geo=US&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=1F2CCAD3812656C4930608337C4FB4A5DA9202DE17AF565647702A83E3FCF3B0&p_hid=aa2c86aa-7fc5-4c8e-a69d-19a7dbc0b72a&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_012_999_a8k_m&p_dols=0&p_sols=0&p_pts=0&p_ftc=0&p_btc=0&p_pro=90&p_vep=6&p_ves=30&p_vbd=11385&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=172544&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_wvv=117.0.2045.47&p_age=0&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20241124 HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.30.11385)Host: ipm-provider.ff.avast.comCache-Control: no-cacheCookie: ViewCounter_OTHER_CCLEANER=1732446927; ViewCounter_ipmb-12865=1732446927; ClientId=c1f2ec16-faa6-41ef-9c79-4d9f7f7d30b1; ViewCounter_ccleaner_en-ww_toaster-229-toaster-campaigns_ccleaner-cloud-cleaning-paid-free-90_default-20243001=1732446927
Source: global traffic	HTTP traffic detected: GET /adalyser.js?cid=ccleaner HTTP/1.1Host: c5.adalyser.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tracking/track/v3/p?stm=1732446933112&e=lce1&url=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&cid=ccleaner&p=%7B%22et%22%3A1732446933109%2C%22nr%22%3A%22New%22%2C%22cg%22%3A%22Direct%22%2C%22dt%22%3A%22desktop%22%2C%22so%22%3A%22direct%22%2C%22me%22%3A%22none%22%2C%22ca%22%3A%22direct%22%2C%22co%22%3A%22(not%20set)%22%2C%22ke%22%3A%22(not%20set)%22%2C%22vid%22%3A%221%22%2C%22sid%22%3A%221b678712-0cc8-486d-89d0-05e165f88b18%22%2C%22duid%22%3A%226a43d717-b772-42a5-badd-e897920af092%22%2C%22cw%22%3A1732446933109%7D&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F117.0.0.0%20Safari%2F537.36&domain=www.ccleaner.com HTTP/1.1Host: c5.adalyser.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v4/receive/get/json/10?data=%7B%22record%22%3A%5B%7B%22event%22%3A%7B%22type%22%3A10%2C%22subtype%22%3A2%2C%22request_id%22%3A%2299d2cdc0-81c8-45c9-b62b-632bd0fee553%22%7D%2C%22identity%22%3A%7B%22guid%22%3A%22aa2c86aa-7fc5-4c8e-a69d-19a7dbc0b72a%22%2C%22hwid%22%3A%221F2CCAD3812656C4930608337C4FB4A5DA9202DE17AF565647702A83E3FCF3B0%22%7D%2C%22product%22%3A%7B%22id%22%3A104%2C%22lang%22%3A%22en-us%22%2C%22version_app%22%3A%226.30.11385.mmm_ccl_012_999_a8k_m%22%2C%22build%22%3A11385%2C%22ipm_product%22%3A90%7D%2C%22platform%22%3A%7B%22version%22%3A%2210.0%22%2C%22lang%22%3A%22en-us%22%7D%2C%22license%22%3A%7B%22subscription_mode%22%3Afalse%2C%22stack%22%3A%22STACK_AVAST%22%2C%22gen_license%22%3A%7B%22state%22%3A%22EXPIRED%22%7D%7D%2C%22shepherd%22%3A%7B%7D%2C%22ab_test%22%3A%7B%7D%2C%22ipm%22%3A%7B%22common%22%3A%7B%22element%22%3A229%2C%22license_type%22%3A%22STANDARD%22%2C%22licensing_stage%22%3A%22LICENSED%22%2C%22installation_age%22%3A0%2C%22remaining_days_to_expiration%22%3A-1%2C%22flow_id%22%3A%2299d2cdc0-81c8-45c9-b62b-632bd0fee553%22%7D%2C%22content%22%3A%7B%22content_identifier%22%3A%22ccleaner%2Fen-ww%2Ftoaster-229-toaster-campaigns_ccleaner-cloud-cleaning-paid-free-90_default.html%22%2C%22content_type%22%3A%22SCREEN%22%2C%22screen_language%22%3A%22en%22%2C%22mamba_campaign%22%3A%22CCleanerCloudCleaningPaid%22%2C%22screen_name%22%3A%22toaster-229-toaster-campaigns_ccleaner-cloud-cleaning-paid-free-90_default%22%2C%22tracking%22%3A%5B%7B%22key%22%3A%22CampaignBusinessSource%22%2C%22value%22%3A%22Consumer%22%7D%2C%7B%22key%22%3A%22LicenseBusinessSource%22%2C%22value%22%3A%22NotSet%22%7D%5D%2C%22campaign_unique_key%22%3A%22ccleaner-cloud-cleaning-paid-90%22%2C%22brand%22%3A%22CCleaner%22%2C%22placement_type%22%3A%22toaster%22%2C%22message_name%22%3A%22free%22%7D%2C%22action%22%3A%7B%7D%7D%7D%5D%7D HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: analytics.ff.avast.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tr/?id=2679475345708101&ev=PageView&dl=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&rl=&if=false&ts=1732446936663&sw=1280&sh=1024&v=2.9.176&r=stable&ec=0&o=4126&fbp=fb.1.1732446936660.65224446665965545&cs_est=true&ler=empty&cdl=API_unavailable&it=1732446935268&coo=false&dpo=&tm=1&rqm=GET HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sp.pl?a=10000&d=Sun%2C%2024%20Nov%202024%2011%3A15%3A25%20GMT&n=5&b=CCleaner%20v6.30.11385&.yp=10180940&f=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&enc=UTF-8&yv=1.16.5&tagmgr=gtm%2Cadobe HTTP/1.1Host: sp.analytics.yahoo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: A3=d=AQABBNoKQ2cCEFAudPibrzlJujwabq63G0AFEgEBAQFcRGdMZ9xS0iMA_eMAAA&S=AQAAAjxU9K5ZYwqaB8_bY4aB9_s
Source: global traffic	HTTP traffic detected: GET /privacy_sandbox/pixel/register/trigger/?id=2679475345708101&ev=PageView&dl=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-30-11385%3Fcv%3Dv6-30-11385&rl=&if=false&ts=1732446936663&sw=1280&sh=1024&v=2.9.176&r=stable&ec=0&o=4126&fbp=fb.1.1732446936660.65224446665965545&cs_est=true&ler=empty&cdl=API_unavailable&it=1732446935268&coo=false&dpo=&tm=1&rqm=FGET HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v4/receive/get/json/10?data={"record":[{"event":{"type":10,"subtype":2,"request_id":"4cb4da2a-423f-480f-a7e4-1539d39c2718"},"identity":{"guid":"aa2c86aa-7fc5-4c8e-a69d-19a7dbc0b72a","hwid":"1F2CCAD3812656C4930608337C4FB4A5DA9202DE17AF565647702A83E3FCF3B0"},"product":{"id":104,"lang":"en-us","version_app":"6.30.11385.mmm_ccl_012_999_a8k_m","build":11385,"ipm_product":90},"platform":{"version":"10.0","lang":"en-us"},"license":{"subscription_mode":false,"stack":"STACK_AVAST","gen_license":{"state":"EXPIRED"}},"shepherd":{},"ab_test":{},"ipm":{"common":{"element":0,"license_type":"STANDARD","licensing_stage":"LICENSED","installation_age":0,"remaining_days_to_expiration":-1,"flow_id":"4cb4da2a-423f-480f-a7e4-1539d39c2718"},"content":{"content_identifier":"ccleaner/en-ww/banner-0-banner-campaigns_ccleaner-cloud-cleaning-paid-free-banner-90_default.html","content_type":"SCREEN","screen_language":"en","mamba_campaign":"CCleanerCloudCleaningPaid","screen_name":"banner-0-banner-campaigns_ccleaner-cloud-cleaning-paid-free-banner-90_default","tracking":[{"key":"CampaignBusinessSource","value":"Consumer"},{"key":"LicenseBusinessSource","value":"NotSet"}],"campaign_unique_key":"ccleaner-cloud-cleaning-paid-90","brand":"CCleaner","placement_type":"banner","message_name":"free-banner"},"action":{}}}]} HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.30.11385)Host: analytics.ff.avast.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net

Source: global traffic	DNS traffic detected: DNS query: analytics.avcdn.net
Source: global traffic	DNS traffic detected: DNS query: ipm-provider.ff.avast.com
Source: global traffic	DNS traffic detected: DNS query: shepherd.ff.avast.com
Source: global traffic	DNS traffic detected: DNS query: service.piriform.com
Source: global traffic	DNS traffic detected: DNS query: license.piriform.com
Source: global traffic	DNS traffic detected: DNS query: ip-info.ff.avast.com
Source: global traffic	DNS traffic detected: DNS query: ncc.avast.com
Source: global traffic	DNS traffic detected: DNS query: emupdate.avcdn.net
Source: global traffic	DNS traffic detected: DNS query: ccleaner.tools.avcdn.net
Source: global traffic	DNS traffic detected: DNS query: winqual.sb.avast.com
Source: global traffic	DNS traffic detected: DNS query: www.ccleaner.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cdn-production.ccleaner.com
Source: global traffic	DNS traffic detected: DNS query: cdn.cookielaw.org
Source: global traffic	DNS traffic detected: DNS query: dev.visualwebsiteoptimizer.com
Source: global traffic	DNS traffic detected: DNS query: s.go-mpulse.net
Source: global traffic	DNS traffic detected: DNS query: assets.adobedtm.com
Source: global traffic	DNS traffic detected: DNS query: geolocation.onetrust.com
Source: global traffic	DNS traffic detected: DNS query: dpm.demdex.net
Source: global traffic	DNS traffic detected: DNS query: symantec.tt.omtrdc.net
Source: global traffic	DNS traffic detected: DNS query: symantec.demdex.net
Source: global traffic	DNS traffic detected: DNS query: www.nortonlifelock.com
Source: global traffic	DNS traffic detected: DNS query: c.go-mpulse.net
Source: global traffic	DNS traffic detected: DNS query: cm.everesttech.net
Source: global traffic	DNS traffic detected: DNS query: static.ads-twitter.com
Source: global traffic	DNS traffic detected: DNS query: amplify.outbrain.com
Source: global traffic	DNS traffic detected: DNS query: s.yimg.com
Source: global traffic	DNS traffic detected: DNS query: mstatic.ccleaner.com
Source: global traffic	DNS traffic detected: DNS query: www.mczbf.com
Source: global traffic	DNS traffic detected: DNS query: oms.ccleaner.com
Source: global traffic	DNS traffic detected: DNS query: tr.outbrain.com
Source: global traffic	DNS traffic detected: DNS query: cdn-uat.ccleaner.com
Source: global traffic	DNS traffic detected: DNS query: download.avira.com
Source: global traffic	DNS traffic detected: DNS query: t.co
Source: global traffic	DNS traffic detected: DNS query: analytics.twitter.com
Source: global traffic	DNS traffic detected: DNS query: wave.outbrain.com
Source: global traffic	DNS traffic detected: DNS query: c5.adalyser.com
Source: global traffic	DNS traffic detected: DNS query: snap.licdn.com
Source: global traffic	DNS traffic detected: DNS query: driver-updater.ff.avast.com
Source: global traffic	DNS traffic detected: DNS query: connect.facebook.net
Source: global traffic	DNS traffic detected: DNS query: static.hotjar.com
Source: global traffic	DNS traffic detected: DNS query: analytics.google.com
Source: global traffic	DNS traffic detected: DNS query: idsync.rlcdn.com
Source: global traffic	DNS traffic detected: DNS query: td.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: px.ads.linkedin.com
Source: global traffic	DNS traffic detected: DNS query: sp.analytics.yahoo.com
Source: global traffic	DNS traffic detected: DNS query: stats.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: script.hotjar.com
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: www.linkedin.com
Source: global traffic	DNS traffic detected: DNS query: 684d0d45.akstat.io
Source: global traffic	DNS traffic detected: DNS query: zn4i1jhjmxub1nc6y-gendigital.siteintercept.qualtrics.com
Source: global traffic	DNS traffic detected: DNS query: s1.pir.fm
Source: global traffic	DNS traffic detected: DNS query: trial-eum-clientnsv4-s.akamaihd.net
Source: global traffic	DNS traffic detected: DNS query: trial-eum-clienttons-s.akamaihd.net
Source: global traffic	DNS traffic detected: DNS query: 8-46-123-75_s-2-20-68-230_ts-1732446949-clienttons-s.akamaihd.net
Source: global traffic	DNS traffic detected: DNS query: siteintercept.qualtrics.com
Source: global traffic	DNS traffic detected: DNS query: baxhwsyxgzi4uz2dblsq-p08v2f-49ff2084c-clientnsv4-s.akamaihd.net
Source: global traffic	DNS traffic detected: DNS query: ipmcdn.avast.com
Source: global traffic	DNS traffic detected: DNS query: analytics.ff.avast.com

Source: unknown

HTTP traffic detected: POST /receive3 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-enc-sbUser-Agent: Avast AntivirusContent-Length: 329Host: analytics.avcdn.net

Source: global traffic

Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://%s:%d;https=https://%s:%dHTTP/1.0%u.%u.%u.%u01234567890123456789abcdef0123456789ABCDEFCONOUT$
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://api.webrep.avast.com/avast_webrepapi://avast_domainreputation://avast_webrepipc://http://fra2
Source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: lw2HMxuVuf.exe, 00000000.00000003.2294225394.000000000773A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: lw2HMxuVuf.exe, 00000000.00000003.2270251081.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270300318.0000000006001000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2284247616.000000000772B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA-2.crt0
Source: lw2HMxuVuf.exe, 00000000.00000003.2270251081.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288416809.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2275697474.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2294225394.000000000773A000.00000004.00000800.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288318115.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270427153.0000000005FFB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270319331.0000000005FFB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288480612.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293252543.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270401010.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293376550.0000000006003000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293393367.0000000005FFD000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2275697474.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288480612.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt0
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: CCUpdate.exe, 00000007.00000003.2571029060.0000000000D31000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000D31000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000003.2571029060.0000000000D00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ccleaner.tools.avcdn.net/
Source: CCUpdate.exe, 00000007.00000002.2688383482.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ccleaner.tools.avcdn.net/tools/ccleaner/update
Source: CCUpdate.exe, 00000007.00000003.2570867815.0000000002FD0000.00000004.00000800.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000003.2571029060.0000000000D00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ccleaner.tools.avcdn.net/tools/ccleaner/update/20180205.dll
Source: CCUpdate.exe, 00000007.00000003.2571029060.0000000000D15000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000003.2571262365.0000000000D17000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000D15000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ccleaner.tools.avcdn.net/tools/ccleaner/update/20180205.dlli
Source: CCUpdate.exe, 00000007.00000002.2688383482.0000000000D75000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000D00000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000CEF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ccleaner.tools.avcdn.net/tools/ccleaner/update/ccupdate029.cab
Source: CCUpdate.exe, 00000007.00000002.2688383482.0000000000D75000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000D00000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000CEF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ccleaner.tools.avcdn.net/tools/ccleaner/update/ccupdate049.cab
Source: CCUpdate.exe, 00000007.00000002.2688383482.0000000000D75000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000D00000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000CEF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ccleaner.tools.avcdn.net/tools/ccleaner/update/ccupdate10.cab
Source: CCUpdate.exe, 00000007.00000003.2571262365.0000000000D17000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000D15000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000008.00000002.2527630454.000000000073F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ccleaner.tools.avcdn.net/tools/ccleaner/update/patches.ini
Source: CCUpdate.exe, 00000007.00000000.2510072602.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000007.00000002.2687185247.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000008.00000002.2527898318.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000008.00000000.2524315754.0000000000A34000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: http://ccleaner.tools.avcdn.net/tools/ccleaner/update/patches.inihttp://ccleaner.tools.avcdn.net/too
Source: CCUpdate.exe, 00000007.00000002.2688383482.0000000000D15000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000CEF000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000008.00000002.2527630454.000000000073F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ccleaner.tools.avcdn.net/tools/ccleaner/update/updates.xml
Source: CCUpdate.exe, 00000007.00000003.2533840644.0000000000D65000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000003.2533803649.0000000000D31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.m
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
Source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: lw2HMxuVuf.exe, 00000000.00000003.2294225394.000000000773A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: lw2HMxuVuf.exe, 00000000.00000003.2270251081.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270300318.0000000006001000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2284247616.000000000772B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: lw2HMxuVuf.exe, 00000000.00000003.2270251081.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288416809.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2275697474.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2294225394.000000000773A000.00000004.00000800.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288318115.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270427153.0000000005FFB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270319331.0000000005FFB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288480612.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293252543.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270401010.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293376550.0000000006003000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293393367.0000000005FFD000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2275697474.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288480612.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigicertSHA2SecureServerCA-1.crl0?
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
Source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: lw2HMxuVuf.exe, 00000000.00000003.2270251081.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270300318.0000000006001000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2284247616.000000000772B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: lw2HMxuVuf.exe, 00000000.00000003.2270251081.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288416809.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2275697474.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2294225394.000000000773A000.00000004.00000800.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288318115.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270427153.0000000005FFB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270319331.0000000005FFB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288480612.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293252543.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270401010.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293376550.0000000006003000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293393367.0000000005FFD000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2275697474.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288480612.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigicertSHA2SecureServerCA-1.crl0
Source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp	String found in binary or memory: http://domrep.ff.avast.com/http://api.webrep.avast.com/avast_webrepapi://http://ui.ff.avast.com/avas
Source: CCUpdate.exe, 00000007.00000003.2571029060.0000000000D00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://emupdate.avcdn.net/
Source: CCUpdate.exe	String found in binary or memory: http://emupdate.avcdn.net/files/emupdate/pong.txt
Source: CCUpdate.exe, 00000007.00000002.2688383482.0000000000CC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://emupdate.avcdn.net/files/emupdate/pong.txt32.dll
Source: CCUpdate.exe, 00000007.00000000.2510072602.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000007.00000002.2687185247.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000008.00000002.2527898318.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000008.00000000.2524315754.0000000000A34000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: http://emupdate.avcdn.net/files/emupdate/pong.txtAvEmUpdate
Source: CCUpdate.exe, 00000008.00000002.2527630454.0000000000728000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://emupdate.avcdn.net/files/emupdate/pong.txtUT32.dll
Source: CCUpdate.exe, 00000007.00000002.2688383482.0000000000D00000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000003.2571029060.0000000000D00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://emupdate.avcdn.net/files/emupdate/pong.txts
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://files.avast.com/beta9x/avast_free_antivirus_setup_online.exeASWSig2A5549FF2866EA44F68D28FB2B1
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://files.avast.com/iavs9x/avast_premier_antivirus_setup_online.exeASWSig2A5FB1A9FDC683FA551EB348
Source: CCUpdate.exe	String found in binary or memory: http://honzik.avcdn.net/diffs/
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://honzik.avcdn.net/setup/avast-tu/beta/avast_cleanup_online_setup.exeASWSig2A1E3DD1C1B204ED89FD
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://honzik.avcdn.net/setup/avast-tu/release/avast_cleanup_online_setup.exeASWSig2A4C1A1197A19B18F
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exeASWSig2A2D7E61EA63DA
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://honzik.avcdn.net/setup/avg-av/release/avg_internet_security_online_setup.exeASWSig2A40170EEB1
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://honzik.avcdn.net/setup/avg-bs/beta/avg_battery_saver_online_setup.exeASWSig2A4D178CA216002CE0
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://honzik.avcdn.net/setup/avg-bs/release/avg_battery_saver_online_setup.exeASWSig2A7E478FFFFFA84
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://honzik.avcdn.net/setup/avg-tu/beta/avg_tuneup_online_setup.exeASWSig2A51F05E8C170B452F21205C3
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://honzik.avcdn.net/setup/avg-tu/release/avg_tuneup_online_setup.exeASWSig2A19497FDBA8D930F12196
Source: CCUpdate.exe	String found in binary or memory: http://honzik.avcdn.net/universe/
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://keys.backup.norton.com
Source: CCleaner64.exe, 00000005.00000002.2560641566.00000197BC015000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ncc.avast.com/
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2560641566.00000197BBFAA000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://ncc.avast.com/ncc.txt
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://ncc.avast.com/ncc.txtavast_activationcodefull://C-type
Source: CCleaner64.exe, 00000005.00000002.2560641566.00000197BBFAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ncc.avast.com/ncc.txter
Source: CCleaner64.exe, 00000005.00000002.2562103985.00000197BE450000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ncc.avast.com:80/ncc.txtz
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000040A000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000000.2054490205.000000000040A000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270251081.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2294225394.000000000773A000.00000004.00000800.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270300318.0000000006001000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2284247616.000000000772B000.00000004.00000800.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0:
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp, CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: lw2HMxuVuf.exe, 00000000.00000003.2270251081.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288416809.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2275697474.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2294225394.000000000773A000.00000004.00000800.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288318115.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270427153.0000000005FFB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270319331.0000000005FFB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288480612.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293252543.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270401010.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293376550.0000000006003000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293393367.0000000005FFD000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2275697474.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288480612.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0N
Source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.msocsp.com0S
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://p%03d.sb.avast.com/V1/MD/Do
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp	String found in binary or memory: http://p%03d.sb.avast.com/V1/MD/avast_streambackraw_%03d://CommChannelAddr_StreambackGetBody
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp	String found in binary or memory: http://p%03d.sb.avast.com/V1/PD/Do
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://p%03d.sb.avast.com/V1/PD/avast_streambacksubmit_%03d://
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://p000.sb.avast.com/V1/PD/avast_streambackraw_000://https://auth-test.ff.avast.com/V1/REGavast_
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://program.avast.com/credit_monitor/avast_creditmonitor://avast_activationcodelegacy://https://a
Source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL
Source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLCopyright
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.avast.com0/
Source: lw2HMxuVuf.exe, 00000000.00000003.2501478642.0000000005F26000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2501048660.0000000006530000.00000004.00000800.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2792248940.000000000092D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.com/ccleaner
Source: lw2HMxuVuf.exe, 00000000.00000002.2792248940.000000000092D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.com/go/app_license?p=1&l=
Source: lw2HMxuVuf.exe, 00000000.00000002.2794848571.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2766117669.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.com/go/app_license?p=1&l=1033&a=0
Source: lw2HMxuVuf.exe, 00000000.00000002.2792248940.000000000092D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.com/go/app_privacy?p=1&l=
Source: lw2HMxuVuf.exe, 00000000.00000002.2794848571.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2766117669.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.com/go/app_privacy?p=1&l=1033&a=0
Source: lw2HMxuVuf.exe, 00000000.00000002.2792248940.000000000092D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.com/go/app_releasenotes?p=
Source: lw2HMxuVuf.exe, 00000000.00000003.2766117669.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0
Source: lw2HMxuVuf.exe, 00000000.00000002.2794848571.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2766117669.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0$j
Source: lw2HMxuVuf.exe, 00000000.00000002.2794848571.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2766117669.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=02e
Source: lw2HMxuVuf.exe, 00000000.00000002.2794848571.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2766117669.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0Bj
Source: lw2HMxuVuf.exe, 00000000.00000003.2764150916.0000000003DDB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2795310869.0000000003DDC000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2580060589.0000000003DDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0net4
Source: lw2HMxuVuf.exe, 00000000.00000003.2765911965.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2795396615.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2764150916.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2501336799.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2580060589.0000000003DDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0ts
Source: lw2HMxuVuf.exe, 00000000.00000003.2764150916.0000000003DB2000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2795133723.0000000003DB2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0x
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://www.ccleaner.com/inapp/notificationsContent-Type:
Source: lw2HMxuVuf.exe, 00000000.00000002.2792248940.000000000092D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ccleaner.comopen
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270251081.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288416809.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2275697474.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2294225394.000000000773A000.00000004.00000800.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288318115.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270427153.0000000005FFB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270319331.0000000005FFB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288480612.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293252543.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270401010.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293376550.0000000006003000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2293393367.0000000005FFD000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2275697474.0000000006002000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2288480612.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0~
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://www.gimp.org/xmp/
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://www.winimage.com/zLibDll
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: http://www.winimage.com/zLibDllNUL
Source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.zkysky.com.ar/This
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270300318.0000000006001000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2270401010.0000000005FF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2284247616.000000000772B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaotak
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2284247616.000000000772B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingrms
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aefd.nelreports.net/api/report?cat=wsb
Source: lw2HMxuVuf.exe, 00000000.00000003.2769284851.000000000549B000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2798101974.000000000549C000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2798976484.0000000005F25000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000002.2561649308.00000197BD9D6000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 0000000E.00000003.2754172633.0000014794623000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/
Source: CCleaner64.exe, 0000000E.00000003.2754172633.0000014794623000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/(
Source: CCleaner64.exe, 00000005.00000002.2562103985.00000197BE520000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/S
Source: CCleaner64.exe, 0000000E.00000003.2754172633.0000014794623000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/ash
Source: CCleaner64.exe, 00000005.00000002.2562103985.00000197BE450000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/dll
Source: lw2HMxuVuf.exe, 00000000.00000002.2798976484.0000000005F25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/om
Source: CCleaner64.exe, 00000005.00000002.2561649308.00000197BD9D6000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000002.2562103985.00000197BE45C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/receive3
Source: lw2HMxuVuf.exe, 00000000.00000002.2798020466.0000000005470000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/receive3H
Source: lw2HMxuVuf.exe, 00000000.00000002.2798976484.0000000005F25000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net/receive3r
Source: CCleaner64.exe, 00000005.00000002.2562103985.00000197BE450000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000002.2562103985.00000197BE4BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.avcdn.net:443/receive3
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.000000000772B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: lw2HMxuVuf.exe, lw2HMxuVuf.exe, 00000000.00000002.2823648359.000000006B7E5000.00000002.00000001.01000000.0000000A.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bits.avcdn.net/productfamily_ANTIVIRUS/insttype_FREE/platform_WIN/installertype_ONLINE/build
Source: lw2HMxuVuf.exe	String found in binary or memory: https://bits.avcdn.net/productfamily_ANTIVIRUS/insttype_FREE/platform_WIN_AVG/installertype_ONLINE/b
Source: CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://bits.avcdn.net/productfamily_ANTIVIRUS/insttype_ONE_FREE/platform_WIN/installertype_ONLINE/b
Source: CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://bits.avcdn.net/productfamily_ANTIVIRUS/insttype_ONE_PRO/platform_WIN/installertype_ONLINE/bu
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://brain.jumpshot.com/avast/ss/jumpshot_silentscanresults2://https://brain.jumpshot.com/avast/s
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp	String found in binary or memory: https://brain.jumpshot.com/avast/ss/reportjumpshot_silentscanresults://https://brain.jumpshot.com/av
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://ccleaner.com/go/app_cc_acknowledgements
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://ccleaner.com/go/app_cc_license_agreement
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://ccleaner.com/go/app_cc_privacy_data_factsheet
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://ccleaner.com/go/app_cc_privacy_policy
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://ccleaner.com/go/app_cc_privacy_product_policy
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleanerBugReport.exe, 0000000B.00000002.2666069416.00007FF66186A000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleanerBugReport.exe, 0000000B.00000002.2666069416.00007FF66186A000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://curl.se/docs/hsts.html
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleanerBugReport.exe, 0000000B.00000002.2666069416.00007FF66186A000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.000000000772B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fp-vp.azureedge.net/apc/trans.gif?7e9591e308dbda599df1fc08720a72a3
Source: lw2HMxuVuf.exe, 00000000.00000003.2284247616.0000000007700000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fp-vp.azureedge.net/apc/trans.gif?c6a2869c584d2ea23c67c44abe1ec326
Source: CCleanerBugReport.exe, 0000000B.00000002.2666069416.00007FF66186A000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://hns.sb.avast.com
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avast-atrk/release/avast_antitrack_online_setup.exeASWSig2A532CCF5ABF
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avast-bg/beta/avast_breach_guard_online_setup.exeASWSig2A6DF674D10553
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avast-bg/release/avast_breach_guard_online_setup.exeASWSig2A2457920CE
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avast-bs/beta/avast_battery_saver_online_setup.exeASWSig2A3A3BE3789E6
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avast-bs/release/avast_battery_saver_online_setup.exeASWSig2A072492C0
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avast-du/beta/avast_driver_updater_online_setup.exeASWSig2A3CBDA28891
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avast-du/release/avast_driver_updater_online_setup.exeASWSig2A021F36B
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exeASWSig2A06FCDABA5742BE662
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avg-atrk/release/avg_antitrack_online_setup.exeASWSig2A2B99C8EA31CB6D
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avg-bg/beta/avg_breach_guard_online_setup.exeASWSig2A56213C511B9A9241
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avg-bg/release/avg_breach_guard_online_setup.exeASWSig2A14AA13983E189
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avg-du/beta/avg_driver_updater_online_setup.exeASWSig2A667B4A5D8ECDBD
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avg-du/release/avg_driver_updater_online_setup.exeASWSig2A24A39E8D727
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://honzik.avcdn.net/setup/avg-vpn/release/avg_vpn_online_setup.exeASWSig2A27B1BBBA8E4138C4EDCFD
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://httphttpsasw.pancake.proto.Identityasw.pancake.proto.Productasw.pancake.proto.Settingsasw.pa
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://install.avcdn.net/avg/beta9x/avg_internet_security_setup.exeASWSig2A7D77EF27F362060AF957E761
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://install.avcdn.net/avg/iavs9x/avg_internet_security_setup.exeASWSig2A123D026AE3BEAC0AC7D4DC35
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://install.avcdn.net/avg/iavs9x/avg_internet_security_setup.exeASWSig2A357ACEF8FE55D8ED7E2EA469
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://install.avcdn.net/beta9x/avast_pro_antivirus_setup_online.exeASWSig2A579D90FED0C6441EE7B258F
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://install.avcdn.net/iavs9x/avast_free_antivirus_setup_online.exeASWSig2A2EC0971AB07DE15C30023C
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://install.avcdn.net/iavs9x/avast_pro_antivirus_setup_online.exeASWSig2A03A4D7B0044FDD707267F64
Source: CCUpdate.exe, CCUpdate.exe, 00000007.00000003.2534004735.0000000000D17000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000003.2533875197.0000000000D15000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ip-info.ff.avast.com/v2/info
Source: CCUpdate.exe, 00000007.00000000.2510072602.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000007.00000002.2687185247.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000008.00000002.2527898318.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000008.00000000.2524315754.0000000000A34000.00000002.00000001.01000000.00000018.sdmp	String found in binary or memory: https://ip-info.ff.avast.com/v2/infocountry
Source: lw2HMxuVuf.exe, 00000000.00000003.2242932198.0000000003DB5000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2764150916.0000000003DB2000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2795133723.0000000003DB2000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2371999463.0000000003DB2000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2336816159.0000000003DB2000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2354021661.0000000003DB2000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2242833936.0000000003DB2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipm-provider.ff.avast.com/?p_elm=76&action=1&p_age=0&p_bau=0&p_bsls=0&p_chcc=2&p_chr=0&p_dvt
Source: lw2HMxuVuf.exe, 00000000.00000003.2242833936.0000000003DB2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipm-static.avcdn.net/content-assets-prod/
Source: lw2HMxuVuf.exe, 00000000.00000003.2242833936.0000000003DB2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipmcdn.avast.com/images/
Source: lw2HMxuVuf.exe, 00000000.00000003.2242932198.0000000003DB5000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2242833936.0000000003DB2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipmcdn.avast.com/images/Persistent-AuthWWW-AuthenticateVaryClientId=6cf3d2ac-bf28-4f57-80cd-
Source: lw2HMxuVuf.exe, 00000000.00000002.2795133723.0000000003DA9000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2764150916.0000000003D9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://license.piriform.com//
Source: lw2HMxuVuf.exe, 00000000.00000002.2795133723.0000000003DA9000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2764150916.0000000003D9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://license.piriform.com/0
Source: lw2HMxuVuf.exe, lw2HMxuVuf.exe, 00000000.00000002.2795450593.0000000003DF8000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2765729980.0000000003DF5000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2423261870.0000000005F1F000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2440494807.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2764150916.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2501336799.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2580060589.0000000003DDB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2423373462.0000000003DFA000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2423145055.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://license.piriform.com/product/v1/installcheck?p=1&v=6.30.11385&vx=&l=1033&b=1&o=10W6&g=0&i=1&
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://license.piriform.com/updateMozilla/4.0The
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp	String found in binary or memory: https://openid-stage.avast.comhttps://openid-stage.avg.comalpha-iqs-stage.ff.avast.comalpha-crap-sta
Source: CCleaner64.exe, 00000005.00000002.2561649308.00000197BD988000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://openid.avast.com
Source: CCleaner64.exe, 00000005.00000002.2561649308.00000197BD988000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://openid.avast.comp
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp	String found in binary or memory: https://openid.avg.commy-devices.avast.comalpha-rollout-service.ff.avast.comhttps://openid.avast.com
Source: CCleanerBugReport.exe, 0000000B.00000002.2666069416.00007FF66186A000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://packet-responder.ff.avast.com:8443Vaar-VersionVaar-Header-Content-Type0application/jsonnetwo
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://piriform.zendesk.com/hc/en-us/articles/204043884-Using-CCleaner-s-Drive-Wiper
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://piriform.zendesk.com/hc/en-us/articles/218109957-How-do-I-manage-browser-plugins-
Source: CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://s-trackoff.avcdn.net/avg/trackoff/7854df286ff1c4e1f4d81d466f4a1b0243b39837ac99c5b98817907f76
Source: CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://s-trackoff.avcdn.net/trackoff/8ad1526a87b9617cf6dd677cdf9f87a0e3fd1555b6a8828d87ec2bef2850fa
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://sciter.com/docs/content/script/Array.htm
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://sciter.com/forums/topic/plus-custom-output-formatter-wont-work-if-they-are-written-in-htm/#p
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://secure.ccleaner.com/502/uurl-90zu4qtn5p?x-source=833
Source: lw2HMxuVuf.exe, 00000000.00000002.2795133723.0000000003DA9000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2764150916.0000000003D9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://service.piriform.com/
Source: lw2HMxuVuf.exe, 00000000.00000002.2795133723.0000000003DA9000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2764150916.0000000003D9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://service.piriform.com/a
Source: lw2HMxuVuf.exe, 00000000.00000002.2792248940.000000000092D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://service.piriform.com/installcheck.aspx5.70.7909PrefsPrivacyShareData1stParty
Source: lw2HMxuVuf.exe, 00000000.00000003.2501336799.0000000003DDC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://service.piriform.com/installcheck.aspx?p=1&v=6.30.11385&vx=&l=1033&b=1&o=10W6&g=0&i=1&a=0&e=
Source: lw2HMxuVuf.exe, lw2HMxuVuf.exe, 00000000.00000003.2440442999.0000000005F43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shepherd.ff.avast.com/
Source: lw2HMxuVuf.exe, 00000000.00000003.2353823942.0000000003E08000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2440494807.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2764150916.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2501336799.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2580060589.0000000003DDB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2423373462.0000000003DFA000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2440494807.0000000003DDB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2423145055.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shepherd.ff.avast.com/?p_vep=6&p_ves=30&p_vbd=11385&p_lit=0&p_midex=1F2CCAD3812656C493060833
Source: lw2HMxuVuf.exe, 00000000.00000003.2371948448.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2336816159.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2765911965.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2795396615.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2440494807.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2764150916.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2501336799.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2580060589.0000000003DDB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2354021661.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2423145055.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shepherd.ff.avast.com/F?(e5
Source: lw2HMxuVuf.exe, 00000000.00000002.2792248940.000000000092D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shepherd.ff.avast.com/Mozilla/4.0
Source: lw2HMxuVuf.exe, 00000000.00000003.2371948448.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2336816159.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2765911965.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2795396615.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2440494807.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2764150916.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2501336799.0000000003DED000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2580060589.0000000003DDB000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2354021661.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2423145055.0000000003DEF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shepherd.ff.avast.com/Y?
Source: lw2HMxuVuf.exe, 00000000.00000003.2440442999.0000000005F43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://shepherd.ff.avast.com/cO
Source: CCleanerBugReport.exe, 0000000B.00000002.2666069416.00007FF66186A000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://submit.sb.avast.com
Source: CCleanerBugReport.exe, 0000000B.00000002.2666069416.00007FF66186A000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://viruslab-samples.sb.avast.com
Source: CCleanerBugReport.exe, 0000000B.00000002.2666069416.00007FF66186A000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://viruslab-samples.sb.avast.comhttps://submit.sb.avast.comhttps://hns.sb.avast.comhttps://winq
Source: CCleanerBugReport.exe, 0000000B.00000002.2666069416.00007FF66186A000.00000002.00000001.01000000.0000001A.sdmp	String found in binary or memory: https://winqual.sb.avast.com
Source: CCleanerBugReport.exe, 0000000B.00000003.2637778411.000001D24E877000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000003.2634530104.000001D24E877000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000002.2650423766.000001D24E877000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000003.2619892102.000001D24E877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://winqual.sb.avast.com/.MD
Source: CCleanerBugReport.exe, 0000000B.00000003.2637778411.000001D24E877000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000003.2623729160.000001D24E8D8000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000003.2634530104.000001D24E877000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000002.2650423766.000001D24E877000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000003.2637114350.000001D24E8E7000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000003.2619892102.000001D24E877000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000002.2661948121.000001D2503F0000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000003.2612294281.000001D24E8D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://winqual.sb.avast.com/V1/MD
Source: CCleanerBugReport.exe, 0000000B.00000003.2637778411.000001D24E877000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000003.2634530104.000001D24E877000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000002.2650423766.000001D24E877000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000003.2619892102.000001D24E877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://winqual.sb.avast.com/p_
Source: CCleanerBugReport.exe, 0000000B.00000003.2612294281.000001D24E8D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://winqual.sb.avast.com:443/V1/MD
Source: CCleanerBugReport.exe, 0000000B.00000003.2637778411.000001D24E877000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000003.2634530104.000001D24E877000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000002.2650423766.000001D24E877000.00000004.00000020.00020000.00000000.sdmp, CCleanerBugReport.exe, 0000000B.00000003.2619892102.000001D24E877000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://winqual.sb.avast.com:443/V1/MDMicrosoft
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.avast.com/lp-ppc-nbu-fav-cc
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/business
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/business/ccleaner-business-edition
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/ccleaner
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/ccleaner/browser
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/docs/ccleaner/ccleaner-settings/choosing-which-cookies-to-keep
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/docs/ccleaner/using-ccleaner/browser-cleaning
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/docs/ccleaner/using-ccleaner/managing-auto-starting-programs
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/docs/ccleaner/using-ccleaner/uninstalling-programs
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_cc_activation_error
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_cc_driver_update_failed
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_cc_failedtoupdate0x6
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_cc_get_updatehttps://license.piriform.com/updateMozilla/4.0cvtvolkmk
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_cc_help_performance_optimizer
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_cc_help_preloading
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_cc_help_schedule_setup?utm_source=ccleaner&utm_medium=application&ut
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_deactivated_help
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_du_support
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_du_survey
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_du_systemprotection
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_du_systemrestoreinfo
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8534000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_no_license_error
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_po_surveyContinueDemoViewSleepingProgramsPopup/PerformanceOptimizer/
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp	String found in binary or memory: https://www.ccleaner.com/go/app_uninstall_surveyinfnan(ind)nannan(snan)infnan(ind)nannan(snan)infnan
Source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.gendigital.com/
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	String found in binary or memory: https://www.ssllabs.com/ssltest/viewMyClient.htmlEnter

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50738
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50748
Source: unknown	Network traffic detected: HTTP traffic on port 50417 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50508
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50740
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50741
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 50738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50515
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50519
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50518
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50750
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50269 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 50714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 50280 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50527
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50520
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 50622 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50701
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 50656 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 50748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50717
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50534 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50728
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50573
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50572
Source: unknown	Network traffic detected: HTTP traffic on port 50632 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50343
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50345
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50587
Source: unknown	Network traffic detected: HTTP traffic on port 50289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50592
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50597
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50596
Source: unknown	Network traffic detected: HTTP traffic on port 50374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50598
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 50442 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50371
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 50736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50534
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50444 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50569
Source: unknown	Network traffic detected: HTTP traffic on port 50372 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50565
Source: unknown	Network traffic detected: HTTP traffic on port 50746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50295
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 50286 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50343 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 50652 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 50515 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50572 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 50527 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50266
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50269
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 50677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50468 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50596 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50280
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50446 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50285
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50287
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50286
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50289
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50288
Source: unknown	Network traffic detected: HTTP traffic on port 50375 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50650 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50290
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50292
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50291
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50293
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50598 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50649 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50345 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 50229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 50625 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 50751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 50519 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50520 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 50692 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 50508 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50622
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50625
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50624
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50626
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845

Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.24.1:443 -> 192.168.2.5:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.175.102:443 -> 192.168.2.5:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.209.22:443 -> 192.168.2.5:49803 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.190.209.22:443 -> 192.168.2.5:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.175.102:443 -> 192.168.2.5:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49825 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49840 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.5:49839 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49849 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49851 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49862 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49872 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49876 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49894 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49895 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49895 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49909 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49918 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49919 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49935 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49936 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49951 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49953 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49965 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49981 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.175.102:443 -> 192.168.2.5:49986 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.5:49996 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.24.1:443 -> 192.168.2.5:49993 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.24.1:443 -> 192.168.2.5:49994 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.175.102:443 -> 192.168.2.5:49995 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:49998 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50013 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50014 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.5:50017 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.175.102:443 -> 192.168.2.5:50016 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50023 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50024 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50026 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50033 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50042 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.202.126:443 -> 192.168.2.5:50044 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50045 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50052 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50060 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50062 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50064 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50079 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50110 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.202.126:443 -> 192.168.2.5:50126 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50141 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50182 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50226 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.24.1:443 -> 192.168.2.5:50229 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50230 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50231 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50269 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50345 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50352 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50416 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50477 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50508 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50527 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50592 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.5:50698 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

Reads the Security eventlog

Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\PowerShell
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\PowerShell
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\PowerShell
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security

Reads the System eventlog

Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PowerShell
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PowerShell
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System

System Summary

Contains functionality to call native functions

Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009CE1E7 __EH_prolog3_catch_GS,GetSystemTime,GetCurrentProcessId,CreateFileW,GetLastError,Sleep,GetLastError,WriteFile,WriteFile,WriteFile,WriteFile,GetFileSizeEx,NtSetInformationFile,OutputDebugStringW,CloseHandle,		7_2_009CE1E7
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: 9_2_00007FF669F3B4C0 GetModuleHandleW,GetProcAddress,NtQueryInformationProcess,GetCurrentProcess,NtQueryInformationProcess,		9_2_00007FF669F3B4C0

Contains functionality to communicate with device drivers

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

Code function: 0_2_6B74CFD0: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle,

0_2_6B74CFD0

Contains functionality to launch a process as a different user

Source: C:\Program Files\CCleaner\CCUpdate.exe

7_2_009D1DEA

Creates files inside the system directory

Source: C:\Program Files\CCleaner\CCleaner64.exe	File created: C:\Windows\Tasks\CCleanerCrashReporting.job			Jump to behavior
Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Detected potential crypto function

Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009F11B0	7_2_009F11B0
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009EC220	7_2_009EC220
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009F34D0	7_2_009F34D0
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009E9410	7_2_009E9410
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009E4904	7_2_009E4904
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009B3080	7_2_009B3080
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009F00DD	7_2_009F00DD
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A0E0F2	7_2_00A0E0F2
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009FA070	7_2_009FA070
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009C0283	7_2_009C0283
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A20222	7_2_00A20222
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A27264	7_2_00A27264
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009F9270	7_2_009F9270
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009C43B7	7_2_009C43B7
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009B73A0	7_2_009B73A0
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009FC330	7_2_009FC330
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009C1487	7_2_009C1487
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009FA4B0	7_2_009FA4B0
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A214DA	7_2_00A214DA
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A0E457	7_2_00A0E457
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009C257B	7_2_009C257B
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009FE8B0	7_2_009FE8B0
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009FD810	7_2_009FD810
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009ED9A0	7_2_009ED9A0
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009FE9A0	7_2_009FE9A0
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009BF91B	7_2_009BF91B
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009DD93E	7_2_009DD93E
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009F9AA0	7_2_009F9AA0
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009BDBDD	7_2_009BDBDD
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A0DDAA	7_2_00A0DDAA
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A18D28	7_2_00A18D28
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A1AD10	7_2_00A1AD10
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009F9D20	7_2_009F9D20
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009EEE10	7_2_009EEE10
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009EFFC0	7_2_009EFFC0
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009C0F36	7_2_009C0F36
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: 9_2_00007FF669F0C400	9_2_00007FF669F0C400
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: 9_2_00007FF66A0AD458	9_2_00007FF66A0AD458
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: 9_2_00007FF669F089B0	9_2_00007FF669F089B0
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: 9_2_00007FF669F0B1E0	9_2_00007FF669F0B1E0
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: 9_2_00007FF66A0AC1E0	9_2_00007FF66A0AC1E0
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: 9_2_00007FF669EF1F20	9_2_00007FF669EF1F20
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: 9_2_00007FF66A0AF7BC	9_2_00007FF66A0AF7BC
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: 9_2_00007FF669EF20AB	9_2_00007FF669EF20AB

Found potential string decryption / allocating functions

Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: String function: 00007FF669F14AB0 appears 58 times
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: String function: 00A06B60 appears 58 times
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: String function: 00A1C919 appears 37 times
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: String function: 009CE1D8 appears 199 times
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: String function: 009CE6CC appears 96 times
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: String function: 00A06992 appears 135 times
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: String function: 00A0F9D3 appears 81 times
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: String function: 00A069C5 appears 43 times

PE file contains executable resources (Code or Archives)

Source: lang-1032.dll.0.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: lang-1032.dll.0.dr	Static PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable
Source: lang-1032.dll.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 demand-paged pure executable not stripped
Source: lang-1034.dll.0.dr	Static PE information: Resource name: RT_STRING type: 0420 Alliant virtual executable not stripped
Source: lang-1036.dll.0.dr	Static PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-III ECOFF executable not stripped - version 0.109
Source: lang-1036.dll.0.dr	Static PE information: Resource name: RT_STRING type: 0421 Alliant compact executable not stripped
Source: lang-1038.dll.0.dr	Static PE information: Resource name: RT_STRING type: basic-16 executable not stripped
Source: lang-1043.dll.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 pure executable not stripped
Source: lang-1043.dll.0.dr	Static PE information: Resource name: RT_STRING type: 0421 Alliant compact executable not stripped
Source: lang-1045.dll.0.dr	Static PE information: Resource name: RT_STRING type: 370 XA sysV executable not stripped
Source: lang-1046.dll.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 executable not stripped
Source: lang-1048.dll.0.dr	Static PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable
Source: lang-1048.dll.0.dr	Static PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable
Source: lang-1050.dll.0.dr	Static PE information: Resource name: RT_STRING type: iAPX 286 executable large model (COFF) not stripped
Source: lang-1051.dll.0.dr	Static PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable
Source: lang-1053.dll.0.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: lang-1026.dll.0.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM)
Source: lang-1026.dll.0.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: lang-1029.dll.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 demand-paged pure executable not stripped
Source: lang-1032.dll0.0.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: lang-1032.dll0.0.dr	Static PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable
Source: lang-1032.dll0.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 demand-paged pure executable not stripped
Source: lang-1034.dll0.0.dr	Static PE information: Resource name: RT_STRING type: 0420 Alliant virtual executable not stripped
Source: lang-1055.dll.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 demand-paged pure executable not stripped
Source: lang-1056.dll.0.dr	Static PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable
Source: lang-1057.dll.0.dr	Static PE information: Resource name: RT_STRING type: 370 sysV pure executable not stripped
Source: lang-1057.dll.0.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM)
Source: lang-1057.dll.0.dr	Static PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable
Source: lang-1058.dll.0.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM)
Source: lang-1058.dll.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 executable not stripped - version 4
Source: lang-1060.dll.0.dr	Static PE information: Resource name: RT_STRING type: iAPX 286 executable small model (COFF) not stripped
Source: lang-1060.dll.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 separate I&D executable not stripped
Source: lang-1060.dll.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 pure executable not stripped
Source: lang-1063.dll.0.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: lang-1063.dll.0.dr	Static PE information: Resource name: RT_STRING type: x86 executable (TV) not stripped
Source: lang-1063.dll.0.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: lang-1065.dll.0.dr	Static PE information: Resource name: RT_STRING type: x86 executable (TV) not stripped
Source: lang-1065.dll.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 demand-paged pure executable not stripped
Source: lang-1036.dll0.0.dr	Static PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-III ECOFF executable not stripped - version 0.109
Source: lang-1036.dll0.0.dr	Static PE information: Resource name: RT_STRING type: 0421 Alliant compact executable not stripped
Source: lang-1038.dll0.0.dr	Static PE information: Resource name: RT_STRING type: basic-16 executable not stripped
Source: lang-1043.dll0.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 pure executable not stripped
Source: lang-1043.dll0.0.dr	Static PE information: Resource name: RT_STRING type: 0421 Alliant compact executable not stripped
Source: lang-1045.dll0.0.dr	Static PE information: Resource name: RT_STRING type: 370 XA sysV executable not stripped
Source: lang-1066.dll.0.dr	Static PE information: Resource name: RT_STRING type: 0421 Alliant compact executable not stripped
Source: lang-1081.dll.0.dr	Static PE information: Resource name: RT_STRING type: x86 executable not stripped
Source: lang-1081.dll.0.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM)
Source: lang-1086.dll.0.dr	Static PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-II ECOFF executable not stripped - version 0.108
Source: lang-1046.dll0.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 executable not stripped
Source: lang-1048.dll0.0.dr	Static PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable
Source: lang-1048.dll0.0.dr	Static PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable
Source: lang-1050.dll0.0.dr	Static PE information: Resource name: RT_STRING type: iAPX 286 executable large model (COFF) not stripped
Source: lang-1051.dll0.0.dr	Static PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable
Source: lang-1053.dll0.0.dr	Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: lang-1055.dll0.0.dr	Static PE information: Resource name: RT_STRING type: PDP-11 demand-paged pure executable not stripped
Source: lang-1056.dll0.0.dr	Static PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable

PE file does not import any functions

Source: lang-1054.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1050.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1041.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1056.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1035.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1038.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1053.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1044.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1026.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1050.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1081.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1090.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1032.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1042.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1087.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1063.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1092.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1034.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1049.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1040.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1036.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1028.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1034.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1086.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1040.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1053.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1057.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1046.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1062.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1045.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1056.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1051.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1043.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1068.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1027.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1079.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1037.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1041.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1052.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1067.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1058.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1055.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1052.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1044.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1043.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1046.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1049.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1061.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1055.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1060.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1031.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1037.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1066.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1054.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1025.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1048.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1038.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1029.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1045.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1032.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1036.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1051.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1071.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1030.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1065.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1042.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1035.dll0.0.dr	Static PE information: No import functions for PE file found
Source: lang-1059.dll.0.dr	Static PE information: No import functions for PE file found
Source: lang-1048.dll0.0.dr	Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: lw2HMxuVuf.exe, 00000000.00000002.2785371893.000000000041E000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameButtonEvent.dllR vs lw2HMxuVuf.exe
Source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000003265000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepfUI.dll* vs lw2HMxuVuf.exe
Source: lw2HMxuVuf.exe, 00000000.00000002.2860356752.000000006C63B000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamepfBL.dll* vs lw2HMxuVuf.exe
Source: lw2HMxuVuf.exe, 00000000.00000002.2827457833.000000006B823000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: OriginalFilenameAvastAdSDK_Release Static.dll@ vs lw2HMxuVuf.exe
Source: lw2HMxuVuf.exe, 00000000.00000002.2798976484.0000000005F15000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameccleaner.exe2 vs lw2HMxuVuf.exe
Source: lw2HMxuVuf.exe, 00000000.00000003.2764951451.0000000005F37000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameccleaner.exe2 vs lw2HMxuVuf.exe
Source: lw2HMxuVuf.exe, 00000000.00000002.2799288435.0000000005F37000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameccleaner.exe2 vs lw2HMxuVuf.exe
Source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameAvastAdSDK_Release Static.dll@ vs lw2HMxuVuf.exe
Source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameButtonEvent.dllR vs lw2HMxuVuf.exe
Source: lw2HMxuVuf.exe, 00000000.00000002.2803313882.000000006B5CD000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: OriginalFilenamepfUI.dll* vs lw2HMxuVuf.exe
Source: lw2HMxuVuf.exe, 00000000.00000002.2800303822.000000006A168000.00000002.00000001.01000000.00000014.sdmp	Binary or memory string: OriginalFilenameServiceUninstaller.dllF vs lw2HMxuVuf.exe

Uses 32bit PE files

Source: lw2HMxuVuf.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal42.spyw.evad.winEXE@75/464@185/41

Source: C:\Program Files\CCleaner\CCUpdate.exe

7_2_009D1D1B

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

Code function: 0_2_6B749230 GetDiskFreeSpaceExW,

0_2_6B749230

Source: C:\Program Files\CCleaner\CCUpdate.exe

Code function: 7_2_009D4221 __EH_prolog3_align,VariantInit,CoCreateInstance,VariantClear,VariantClear,CoCreateInstance,

7_2_009D4221

Source: C:\Program Files\CCleaner\CCUpdate.exe

Code function: 7_2_009B9C9A LoadResource,LockResource,SizeofResource,

7_2_009B9C9A

Source: C:\Program Files\CCleaner\CCUpdate.exe

7_2_009D206A

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

File created: C:\Program Files\CCleaner

Jump to behavior

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\RX3GZ0SR.txt

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Program Files\CCleaner\CCleaner64.exe	Mutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_SystemTraySingleIcon
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1524:120:WilError_03
Source: C:\Program Files\CCleaner\CCleaner64.exe	Mutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_Monitoring
Source: C:\Program Files\CCleaner\CCleaner64.exe	Mutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_MainInstance
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6444:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3424:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4308:120:WilError_03
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\AvastBugReport-F44FD5F2-ED43-485f-8A66-041B81E21AC2
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7068:120:WilError_03
Source: C:\Program Files\CCleaner\CCleaner64.exe	Mutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_PreventSecondInstance
Source: C:\Program Files\CCleaner\CCleaner64.exe	Mutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_SystemTrayMonitorIconActive
Source: C:\Program Files\CCleaner\CCUpdate.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\CCleanerSetupMutex
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1380:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1052:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5708:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5796:120:WilError_03
Source: C:\Program Files\CCleaner\CCleaner64.exe	Mutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_SystemTrayIconActive

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

File created: C:\Users\user\AppData\Local\Temp\nsq31DE.tmp

Jump to behavior

Source: lw2HMxuVuf.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select name,processid,commandline,executablepath from win32_process
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecNotificationQuery - root\cimv2 : SELECT ProcessID FROM Win32_ProcessTrace WHERE __CLASS = 'Win32_ProcessStartTrace' OR __CLASS = 'Win32_ProcessStopTrace'
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: lw2HMxuVuf.exe, 00000000.00000002.2802761039.000000006B239000.00000008.00000001.01000000.0000000B.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: lw2HMxuVuf.exe, 00000000.00000002.2802761039.000000006B239000.00000008.00000001.01000000.0000000B.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);

Source: lw2HMxuVuf.exe	String found in binary or memory: Config-NameCCleaner_cc-ui-launch-in-the-background_cloud-cleaning-tools_distribution---driver-updater_distribution---google-drive-debug_distribution---hc-add-results-flow_hcv2-rollout_distribution---notification-centre_distribution---opswatsoftwareupdater_dist
Source: lw2HMxuVuf.exe	String found in binary or memory: Config-NameCCleaner_cc-ui-launch-in-the-background_cloud-cleaning-tools_distribution---driver-updater_distribution---google-drive-debug_distribution---hc-add-results-flow_hcv2-rollout_distribution---notification-centre_distribution---opswatsoftwareupdater_dist
Source: lw2HMxuVuf.exe	String found in binary or memory: ttps://service.piriform.com/installcheck.aspx?p=1&v=6.30.11385&vx=&l=1033&b=1&o=10W6&g=0&i=1&a=0&e=0&n=lw2HMxuVuf.exe&id=003&mk=PH
Source: lw2HMxuVuf.exe	String found in binary or memory: OptimizationTargetPrediction,OptimizationHints --start-maximized --load-extension=C:\Windows\crx --single-argument http://www.ccle
Source: lw2HMxuVuf.exe	String found in binary or memory: https://license.piriform.com/product/v1/installcheck?p=1&v=6.30.11385&vx=&l=1033&b=1&o=10W6&g=0&i=1&a=0&e=0&n=lw2HMxuVuf.exe&id=00
Source: lw2HMxuVuf.exe	String found in binary or memory: expressvpn-browser-helper.exe
Source: lw2HMxuVuf.exe	String found in binary or memory: productfamily_HMA/insttype_PRO/platform_WIN/installertype_ONLINE/build_RELEASE
Source: lw2HMxuVuf.exe	String found in binary or memory: productfamily_BATTERY_SAVER/insttype_PRO/platform_WIN/installertype_ONLINE/build_RELEASE/trialid_mmm_ccl_prm_005_814_m
Source: lw2HMxuVuf.exe	String found in binary or memory: productfamily_KAMO/insttype_PRO/platform_WIN/installertype_ONLINE/build_RELEASE
Source: lw2HMxuVuf.exe	String found in binary or memory: https://bits.avcdn.net/productfamily_ANTIVIRUS/insttype_FREE/platform_WIN_AVG/installertype_ONLINE/build_RELEASE
Source: lw2HMxuVuf.exe	String found in binary or memory: https://bits.avcdn.net/productfamily_ANTIVIRUS/insttype_FREE/platform_WIN/installertype_ONLINE/build_RELEASE
Source: lw2HMxuVuf.exe	String found in binary or memory: https://bits.avcdn.net/productfamily_ANTIVIRUS/insttype_ONE_FREE/platform_WIN/installertype_ONLINE/build_RELEASE
Source: CCUpdate.exe	String found in binary or memory: /installer

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

File read: C:\Users\user\Desktop\lw2HMxuVuf.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\lw2HMxuVuf.exe "C:\Users\user\Desktop\lw2HMxuVuf.exe"
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe" /createSkipUAC
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process created: C:\Program Files\CCleaner\CCUpdate.exe "C:\Program Files\CCleaner\CCUpdate.exe" /reg
Source: unknown	Process created: C:\Program Files\CCleaner\CCUpdate.exe "C:\Program Files\CCleaner\CCUpdate.exe"
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\CCleanerCrashDump.exe "C:\Program Files\CCleaner\CCleanerCrashDump.exe" --pid 1272 --exception_ptr 0000007E054FD2C0 --thread_id 5744 --dump_level 21 --dump_file "C:\Program Files\CCleaner\LOG\unp31145570364458760i-unhandled.mdmp" --comment "" --min_interval 60
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Program Files\CCleaner\CCleanerBugReport.exe "C:\Program Files\CCleaner\CCleanerBugReport.exe" --product 90 --send dumps\|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "aa2c86aa-7fc5-4c8e-a69d-19a7dbc0b72a" --version "6.30.11385" --silent
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Program Files\CCleaner\CCleaner.exe "C:\Program Files\CCleaner\CCleaner.exe" 0
Source: C:\Program Files\CCleaner\CCleaner.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner.exe" 0
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2004,i,4752939339511443600,2295827606538063107,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\CCleaner\CCUpdate.exe	Process created: C:\Program Files\CCleaner\CCUpdate.exe CCUpdate.exe /emupdater /applydll "C:\Program Files\CCleaner\Setup\92a778af-76d6-4186-8535-ae66d08f623f.dll"
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe" /monitor
Source: unknown	Process created: C:\Windows\System32\wbem\unsecapp.exe C:\Windows\system32\wbem\unsecapp.exe -Embedding
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe --pid=3276
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe "C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe"
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe --pid=2992
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe --pid=3276
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Source: unknown	Process created: C:\Program Files\CCleaner\CCleaner.exe "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
Source: C:\Program Files\CCleaner\CCleaner.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /S /C ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -ExecutionPolicy Bypass "(Get-ItemProperty 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe').VersionInfo.FileDescription" > "C:\Users\user\AppData\Local\Temp\OPSBBCA.tmp" 2> "C:\Users\user\AppData\Local\Temp\OPSBBCB.tmp""
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -ExecutionPolicy Bypass "(Get-ItemProperty 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe').VersionInfo.FileDescription"
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe --pid=2992
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /S /C ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -ExecutionPolicy Bypass "(Get-ItemProperty 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe').VersionInfo.FileDescription" > "C:\Users\user\AppData\Local\Temp\OPSD146.tmp" 2> "C:\Users\user\AppData\Local\Temp\OPSD147.tmp""
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -ExecutionPolicy Bypass "(Get-ItemProperty 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe').VersionInfo.FileDescription"
Source: unknown	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Source: unknown	Process created: C:\Program Files\CCleaner\CCleaner.exe "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
Source: C:\Program Files\CCleaner\CCleaner.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\CCleanerCrashDump.exe "C:\Program Files\CCleaner\CCleanerCrashDump.exe" --pid 7236 --exception_ptr 0000005CCC9FD640 --thread_id 8100 --dump_level 21 --dump_file "C:\Program Files\CCleaner\LOG\unp31145570997760611i-unhandled.mdmp" --comment "" --min_interval 60
Source: C:\Program Files\CCleaner\CCleaner.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe" /createSkipUAC	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process created: C:\Program Files\CCleaner\CCUpdate.exe "C:\Program Files\CCleaner\CCUpdate.exe" /reg	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe"	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\CCleanerCrashDump.exe "C:\Program Files\CCleaner\CCleanerCrashDump.exe" --pid 1272 --exception_ptr 0000007E054FD2C0 --thread_id 5744 --dump_level 21 --dump_file "C:\Program Files\CCleaner\LOG\unp31145570364458760i-unhandled.mdmp" --comment "" --min_interval 60	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Process created: C:\Program Files\CCleaner\CCUpdate.exe CCUpdate.exe /emupdater /applydll "C:\Program Files\CCleaner\Setup\92a778af-76d6-4186-8535-ae66d08f623f.dll"	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner.exe" 0
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe" /monitor
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe --pid=3276
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe --pid=3276
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2004,i,4752939339511443600,2295827606538063107,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe --pid=2992
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe --pid=2992
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /S /C ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -ExecutionPolicy Bypass "(Get-ItemProperty 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe').VersionInfo.FileDescription" > "C:\Users\user\AppData\Local\Temp\OPSBBCA.tmp" 2> "C:\Users\user\AppData\Local\Temp\OPSBBCB.tmp""
Source: C:\Program Files\CCleaner\CCleaner.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -ExecutionPolicy Bypass "(Get-ItemProperty 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe').VersionInfo.FileDescription"
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /S /C ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -ExecutionPolicy Bypass "(Get-ItemProperty 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe').VersionInfo.FileDescription" > "C:\Users\user\AppData\Local\Temp\OPSD146.tmp" 2> "C:\Users\user\AppData\Local\Temp\OPSD147.tmp""
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -ExecutionPolicy Bypass "(Get-ItemProperty 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe').VersionInfo.FileDescription"
Source: C:\Program Files\CCleaner\CCleaner.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\CCleanerCrashDump.exe "C:\Program Files\CCleaner\CCleanerCrashDump.exe" --pid 7236 --exception_ptr 0000005CCC9FD640 --thread_id 8100 --dump_level 21 --dump_file "C:\Program Files\CCleaner\LOG\unp31145570997760611i-unhandled.mdmp" --comment "" --min_interval 60

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: wscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: esent.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: powrprof.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: winhttp.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: version.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: umpdc.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: dbghelp.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: dbgcore.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: wldp.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: profapi.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: webio.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: mswsock.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: winnsi.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: sspicli.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: schannel.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: ntasn1.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: ncrypt.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: msasn1.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: gpapi.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: dpapi.dll
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: winhttp.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: userenv.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: powrprof.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: dxgi.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: dbghelp.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: winmm.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: secur32.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: urlmon.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: oleacc.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: usp10.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: iertutil.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: srvcli.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: netutils.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: sspicli.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: umpdc.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: dbgcore.dll
Source: C:\Program Files\CCleaner\CCleaner.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: userenv.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: powrprof.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dxgi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dbghelp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: winmm.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: secur32.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: urlmon.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: oleacc.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: usp10.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: winhttp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: iertutil.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: srvcli.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: netutils.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: sspicli.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: umpdc.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dbgcore.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: windowscodecs.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: taskschd.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: wldp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: profapi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: mstask.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: mpr.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: version.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: webio.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: mswsock.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: winnsi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: atlthunk.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: winsta.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: d2d1.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dwrite.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dwmapi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dataexchange.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: d3d11.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dcomp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: twinapi.appcore.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: textshaping.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: wscapi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: netprofm.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: npmproxy.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: msasn1.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: newdev.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: devobj.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: devrtl.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: d3d10warp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dxcore.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dpapi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: ntmarta.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: amsi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: xmllite.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: schannel.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: textinputframework.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: coremessaging.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: coremessaging.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: wintypes.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: wintypes.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: wintypes.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: appresolver.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: bcp47langs.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: slc.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: sppc.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: propsys.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: linkinfo.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: ntshrui.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: cscapi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: policymanager.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: taskflowdataengine.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: cdp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dsreg.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: rstrtmgr.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: ncrypt.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: ntasn1.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: msasn1.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: gpapi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: esent.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: msimg32.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: libwaheap.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: libwautils.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: msi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: msi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: mpr.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: authz.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: netapi32.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: logoncli.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: samcli.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: edputil.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dsparse.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: apphelp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: explorerframe.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: wininet.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: drvstore.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: spinf.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: rstrtmgr.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: rstrtmgr.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: ieframe.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: wkscli.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: sxs.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: msiso.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: mshtml.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: srpapi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: msimtf.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: msls31.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: mlang.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: uiautomationcore.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: jscript9.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: imgutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: userenv.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: powrprof.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dxgi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dbghelp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: winmm.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: secur32.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: urlmon.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: oleacc.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: usp10.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: winhttp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: iertutil.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: srvcli.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: netutils.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: sspicli.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: umpdc.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: dbgcore.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: windowscodecs.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: taskschd.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: wldp.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: profapi.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: mstask.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: mpr.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: version.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Section loaded: cryptsp.dll

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Program Files\CCleaner\CCUpdate.exe

File written: C:\Program Files\CCleaner\Setup\02cb0e58-d7f9-4650-aaa3-c382df995438.ini

Jump to behavior

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Automated click: OK
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Automated click: Install
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Automated click: OK
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Automated click: Install

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\CCleaner\CCleaner64.exe	Window detected: Number of UI elements: 12
Source: C:\Program Files\CCleaner\CCleaner64.exe	Window detected: Number of UI elements: 12

Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleaner.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleaner64.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCUpdate.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1025.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1026.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1027.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1028.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1029.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1030.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1031.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1032.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1034.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1035.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1036.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1037.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1038.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1040.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1041.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1042.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1043.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1044.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1045.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1046.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1048.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1049.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1050.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1051.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1052.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1053.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1054.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1055.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1056.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1057.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1058.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1059.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1060.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1061.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1062.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1063.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1065.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1066.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1067.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1068.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1079.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1071.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1081.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1086.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1087.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1090.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1092.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1093.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1102.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1104.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1109.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1110.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-1155.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-2052.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-2070.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-2074.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-3098.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-5146.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\Lang\lang-9999.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleanerDU.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleanerPerformanceOptimizer.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleanerReactivator.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\libwaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\libwaheap.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\libwalocal.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\libwaresource.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\libwautils.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\libwavmodapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleanerBugReport.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\CCleanerReactivator.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Directory created: C:\Program Files\CCleaner\uninst.exe	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Setup\config.def	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Directory created: C:\Program Files\CCleaner\Setup\	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Directory created: C:\Program Files\CCleaner\Setup\02cb0e58-d7f9-4650-aaa3-c382df995438.ini	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Directory created: C:\Program Files\CCleaner\Setup\92a778af-76d6-4186-8535-ae66d08f623f.dll	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Directory created: C:\Program Files\CCleaner\Setup\9c909bc2-cad9-48a5-8b4a-a855a60d0635.xml	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Directory created: C:\Program Files\CCleaner\log\DumpProcess.log.tmp.f53516a7-b1d4-4e35-9f9f-5bf19acd8d46	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Directory created: C:\Program Files\CCleaner\LOG\unp31145570364458760i-unhandled.mdmp	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Directory created: C:\Program Files\CCleaner\LOG\last.dump	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Directory created: C:\Program Files\CCleaner\log\BugReport.log.tmp.dae51f4d-55cc-41f8-b071-6a014d36c644
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Directory created: C:\Program Files\CCleaner\log\BugReport.status
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\gcapi_dll.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\DriverUpdaterLib.log.tmp.accacbd3-aee6-455d-9f5d-9609fdf807c7
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\DriverUpdEng.log.tmp.62d78b02-53aa-4397-82ba-6f79541c1b50
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\DriverUpdEngTask.log.tmp.25e35e65-8152-4023-ad23-4ef6ff68a13b
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\journal
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\log
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\report
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\chest
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\moved
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\fw
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\event_manager.log.tmp.57b5a0f5-3c1f-4a68-8856-fdecb876f055
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\burger_client
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\burger_client\825E3DD4-926B-4EB9-A66E-9F88AAD28A0F
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\usercfg.ini
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\44ED97C8-2D40-4A50-913D-673F6858B9AF
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\BackupStorage
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\203abf8c-03ea-4cb7-b490-fe04ea1c26bb
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\su_controller.log.tmp.528f08fa-e71c-4268-add3-1b0450e8eb1a
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\su_telemetry.log.tmp.3dbb3c72-b585-4e54-aa6e-48787f35bd13
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\burger_client
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\burger_client\825E3DD4-926B-4EB9-A66E-9F88AAD28A0F
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\44ED97C8-2D40-4A50-913D-673F6858B9AF
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\2bab7519-4020-4dae-a822-3e7f39e8fa82
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\LOG\su_adapter.log.tmp.5669dd20-a121-429d-bc95-a17865357101
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\DUState.dat
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\StateHistory
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\StateHistory\DUState 2024-11-24 11-16-32-817.dat
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\StateHistory\InitialDUState V24_2.dat
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\gcapi_dll.dll
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\Data\StateHistory\DUState 2024-11-24 11-17-08-263.dat
Source: C:\Program Files\CCleaner\CCleaner64.exe	Directory created: C:\Program Files\CCleaner\gcapi_dll.dll
Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe	Directory created: C:\Program Files\CCleaner\LOG\pd.log.tmp.ecbf8d94-bb5d-46ed-abbb-da465ab5d3b8

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner

Jump to behavior

Source: lw2HMxuVuf.exe

Static PE information: certificate valid

Source: lw2HMxuVuf.exe

Static file information: File size 86349752 > 1048576

Source: lw2HMxuVuf.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: UxTheme.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: CLBCatQ.pdbr; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rsaenh.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winnsi.pdb`; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bcrypt.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wbemcomn.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: taskschd.pdbw; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\c1dae475bef2edc0\bin_x86\v143\Release Static\neutral\pfUI_link.pdb# source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2802095777.000000006B047000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: cryptsp.pdbo; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mskeyprotect.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcrt.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winnsi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: cryptsp.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: advapi32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\67d9289f94964a81\BUILDS\Release\x86\CCUpdate.pdb source: CCUpdate.exe, 00000007.00000000.2510072602.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000007.00000002.2687185247.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000008.00000002.2527898318.0000000000A34000.00000002.00000001.01000000.00000018.sdmp, CCUpdate.exe, 00000008.00000000.2524315754.0000000000A34000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: CLBCatQ.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: urlmon.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: schannel.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: shlwapi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: taskschd.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\work\848d668bab18d6e2\bin_x86\v142\Release Static\neutral\ServiceUninstaller_link.pdb source: lw2HMxuVuf.exe, 00000000.00000002.2800041545.000000006A14B000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: kernel32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2557982481.000001A4341F0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: usp10.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: oleacc.pdb.A source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: win32u.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: urlmon.pdb)A source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: srvcli.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: imm32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gcapi_dll.dll.pdb\| source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: comdlg32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ws2_32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winspool.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mswsock.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: iphlpapi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nsi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: webio.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winmm.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: cfgmgr32.pdb~; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gpapi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: powrprof.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ole32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gcapi_dll.dll.pdb source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D82E1000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: iertutil.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: imm32.pdb$A source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msasn1.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\_av\BUILDS\Release\x86\emupdate.pdb source: CCUpdate.exe, 00000007.00000003.2588880320.0000000000D65000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\c1dae475bef2edc0\bin_x86\v143\Release Static\neutral\pfBL_link.pdb source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: C:\BUILD\work\8889074bed3874b9\bin\CCleaner\Release Static\x64\CCleaner64.pdb source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: cfgmgr32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: combase.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Windows.Storage.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\7f23b0fca235e2b8\BUILDS\Release\x64\AvBugReport.pdb source: CCleanerBugReport.exe, 0000000B.00000002.2666069416.00007FF66186A000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: ncrypt.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: secur32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dpapi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: apphelp.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rasadhlp.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: UMPDC.pdbc; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: kernelbase.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: netutils.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\c1dae475bef2edc0\bin_x86\v143\Release Static\neutral\pfUI_link.pdb source: lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2802095777.000000006B047000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: UMPDC.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dhcpcsvc.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rpcrt4.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: netutils.pdby; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: fastprox.pdbe; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: schannel.pdbt; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: shcore.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: oleacc.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: shell32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sspicli.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp_win.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dnsapi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\7f23b0fca235e2b8\BUILDS\Release\x64\avDump.pdb source: CCleanerCrashDump.exe, 00000009.00000002.2559469510.00007FF66A0F9000.00000002.00000001.01000000.00000019.sdmp, CCleanerCrashDump.exe, 00000009.00000000.2543417283.00007FF66A0F9000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: userenv.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\7f23b0fca235e2b8\BUILDS\Release\x64\avDump.pdbG source: CCleanerCrashDump.exe, 00000009.00000002.2559469510.00007FF66A0F9000.00000002.00000001.01000000.00000019.sdmp, CCleanerCrashDump.exe, 00000009.00000000.2543417283.00007FF66A0F9000.00000002.00000001.01000000.00000019.sdmp
Source:	Binary string: winhttp.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntasn1.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gdi32full.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gdiplus.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dbghelp.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: gdi32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: profapi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dhcpcsvc6.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WindowsCodecs.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dnsapi.pdbQ; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WLDP.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sechost.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dpapi.pdb;1 source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: propsys.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winhttp.pdbl; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: fastprox.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wbemsvc.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mstask.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ncryptsslp.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\3ec84b7238d5b18a\BUILDS\Release\x86\AvastAdSDK_Release Static.pdb source: lw2HMxuVuf.exe, 00000000.00000002.2823648359.000000006B7E5000.00000002.00000001.01000000.0000000A.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msctf.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: version.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dbgcore.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: user32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: winmm.pdb'A source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Kernel.Appcore.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: fwpuclnt.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: cryptbase.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: bcryptprimitives.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\BUILD\work\c1dae475bef2edc0\bin_x86\v143\Release Static\neutral\pfBL_link.pdb#@ source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: ntdll.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2557982481.000001A4341F0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Amsi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msctf.pdbj; source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: oleaut32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dxgi.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: apphelp.pdb.1 source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: comctl32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wbemprox.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: crypt32.pdb source: CCleanerCrashDump.exe, 00000009.00000003.2556363631.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2556849605.000001A434231000.00000004.00000020.00020000.00000000.sdmp, CCleanerCrashDump.exe, 00000009.00000003.2557898666.000001A434231000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Contains functionality to dynamically determine API calls

Source: C:\Program Files\CCleaner\CCUpdate.exe

7_2_009CBC3B

Uses code obfuscation techniques (call, push, ret)

Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A2C09B push ecx; ret	7_2_00A2C0B0
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A06960 push ecx; ret	7_2_00A06973
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: 9_2_00007FF669EFC8A1 push rbp; iretd	9_2_00007FF669EFC8A2

Persistence and Installation Behavior

Contains functionality to infect the boot sector

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Code function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive	0_2_6B74CFD0
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Code function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,CloseHandle, \\.\PhysicalDrive	0_2_6B74D340
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Code function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,CloseHandle, \\.\PhysicalDrive	0_2_6B74D740
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u	7_2_009F2870
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u	7_2_009F2AF0
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u	7_2_009F2E10

Drops PE files

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-3098.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1030.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\CCleaner64.exe	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\pfUI.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1065.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1081.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1055.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1065.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1030.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\libwaheap.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1049.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1057.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\uninst.exe	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\p\pfBL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-5146.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1040.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-5146.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1059.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1032.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1049.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\CCleanerPerformanceOptimizer.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\UserInfo.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1063.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1045.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1093.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1053.dll	Jump to dropped file
Source: C:\Program Files\CCleaner\CCleaner64.exe	File created: C:\Program Files\CCleaner\gcapi_dll.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1040.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1050.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1071.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1037.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1034.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1081.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1067.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1029.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ButtonEvent.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1042.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1043.dll	Jump to dropped file
Source: C:\Program Files\CCleaner\CCleaner64.exe	File created: C:\Program Files\CCleaner\gcapi_17324469042992.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1086.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1035.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1060.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1052.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1026.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1025.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1068.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1035.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\p\ServiceUninstaller.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-2052.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-2070.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1052.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\libwalocal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1031.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1037.dll	Jump to dropped file
Source: C:\Program Files\CCleaner\CCleaner64.exe	File created: C:\Program Files\CCleaner\gcapi_1732446922760.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1061.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1155.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1087.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1057.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1044.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1071.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\CCleanerBugReport.exe	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1041.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1027.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\a\asdk.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1067.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1054.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1029.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1059.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-3098.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1046.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\libwaapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1063.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1050.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1090.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1093.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\CCUpdate.exe	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1048.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\CCleanerReactivator.exe	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1102.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1038.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1110.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1056.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\libwavmodapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\libwaresource.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1066.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1031.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1090.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1155.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1102.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1048.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-2074.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1110.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1056.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1066.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1092.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1079.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1062.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1036.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-2074.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1058.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1028.dll	Jump to dropped file
Source: C:\Program Files\CCleaner\CCUpdate.exe	File created: C:\Program Files\CCleaner\Setup\92a778af-76d6-4186-8535-ae66d08f623f.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\libwautils.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-9999.dll	Jump to dropped file
Source: C:\Program Files\CCleaner\CCleaner64.exe	File created: C:\Program Files\CCleaner\gcapi_17324469293276.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1046.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1051.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1104.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1041.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1054.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1109.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1034.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1051.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-2052.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1036.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1061.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1079.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1086.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1087.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1060.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1026.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1027.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\g\gcapi_dll.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1044.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1053.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1043.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-2070.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1104.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1092.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-9999.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\nsProcess.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1109.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1042.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1025.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\CCleanerReactivator.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1062.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\CCleanerDU.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\CCleaner.exe	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1032.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1038.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1045.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1058.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1068.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\INetC.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1055.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\Program Files\CCleaner\Lang\lang-1028.dll	Jump to dropped file

Source: C:\Program Files\CCleaner\CCUpdate.exe

7_2_009CBC3B

Boot Survival

Contains functionality to infect the boot sector

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Code function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive	0_2_6B74CFD0
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Code function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,CloseHandle, \\.\PhysicalDrive	0_2_6B74D340
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Code function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,CloseHandle, \\.\PhysicalDrive	0_2_6B74D740
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u	7_2_009F2870
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u	7_2_009F2AF0
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u	7_2_009F2E10

Creates job files (autostart)

Source: C:\Program Files\CCleaner\CCleaner64.exe

File created: C:\Windows\Tasks\CCleanerCrashReporting.job

Jump to behavior

Creates or modifies windows services

Source: C:\Program Files\CCleaner\CCleaner64.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Program Files\CCleaner\CCUpdate.exe

7_2_009D206A

Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CCleaner Smart Cleaning
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CCleaner Smart Cleaning

Hooking and other Techniques for Hiding and Protection

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key monitored for changes: HKEY_CURRENT_USER\SOFTWARE
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key monitored for changes: HKEY_CURRENT_USER\SOFTWARE
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: 0000000E.00000003.2795690252.000001479DB6B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.2789770376.000001479CAF6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Found stalling execution ending in API Sleep call

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

Stalling execution: Execution stalls by calling Sleep

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCUpdate.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCUpdate.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	System information queried: FirmwareTableInformation

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Memory allocated: 4710000 memory reserve \| memory write watch
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Memory allocated: 4C60000 memory reserve \| memory write watch
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Memory allocated: 4A80000 memory reserve \| memory write watch
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Memory allocated: 4CC0000 memory reserve \| memory write watch
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Memory allocated: 5000000 memory reserve \| memory write watch
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Memory allocated: 4E50000 memory reserve \| memory write watch
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Memory allocated: 244784C0000 memory reserve \| memory write watch
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Memory allocated: 24478640000 memory reserve \| memory write watch
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Memory allocated: 1F905F00000 memory reserve \| memory write watch
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Memory allocated: 1F91E0D0000 memory reserve \| memory write watch

Contains capabilities to detect virtual machines

Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened / queried: C:\Program Files\VMware\VMware Horizon View Client
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened / queried: C:\Program Files (x86)\VMware\VMware Player
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened / queried: C:\Program Files\VMware\VMware Workstation
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened / queried: C:\Program Files\Hyper-V\
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened / queried: C:\Program Files\VMware\VMware Player
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened / queried: C:\Program Files (x86)\VMware\VMware Horizon View Client
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened / queried: C:\Program Files (x86)\VMware\VMware Workstation

Contains long sleeps (>= 3 min)

Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 900000
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899775
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899617
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899495
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899109
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 898952
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 898532
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 898034
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 897385
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 900000
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899853
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899725
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899622
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899139
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 900000
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899764
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899569
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899419
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899297
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899056
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898814
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898126
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 897860
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 897652
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 897442
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 897298
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 897165
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 896999
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 896798
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 896610
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 896454
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 896266
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 895735
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 895553
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 895405
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 895275
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 895058
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894934
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894823
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894703
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894587
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894406
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894291
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894172
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894054
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 900000
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899836
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899620
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899495
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899385
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899265
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899149
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898968
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898852
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898748
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898639
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898529
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898420
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898310
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898172
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898027
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Program Files\CCleaner\CCleaner64.exe	Window / User API: threadDelayed 624
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Window / User API: threadDelayed 1034
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Window / User API: threadDelayed 481
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Window / User API: threadDelayed 1873
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 801
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Window / User API: threadDelayed 1764
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2610

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-3098.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1030.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\pfUI.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1065.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1081.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1055.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1065.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1030.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1049.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1057.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\uninst.exe	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\p\pfBL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-5146.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1040.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-5146.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1059.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1032.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1049.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\UserInfo.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1063.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1045.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1093.dll	Jump to dropped file
Source: C:\Program Files\CCleaner\CCleaner64.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\gcapi_dll.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1053.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1040.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1050.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1071.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1037.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1034.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1081.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1067.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1029.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ButtonEvent.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1042.dll	Jump to dropped file
Source: C:\Program Files\CCleaner\CCleaner64.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\gcapi_17324469042992.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1043.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1086.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1035.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1060.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1052.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1026.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1025.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1068.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1035.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\p\ServiceUninstaller.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-2052.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-2070.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\libwalocal.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1052.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1031.dll	Jump to dropped file
Source: C:\Program Files\CCleaner\CCleaner64.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\gcapi_1732446922760.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1037.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1061.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1155.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1087.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1057.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1044.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1071.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1041.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1027.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1067.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\a\asdk.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1029.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1054.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1059.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-3098.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\libwaapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1046.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1063.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1050.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1090.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1093.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1048.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\CCleanerReactivator.exe	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1102.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1038.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1110.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1056.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\libwavmodapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\libwaresource.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1066.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1031.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1090.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1155.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1102.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1048.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-2074.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1110.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1056.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1092.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1066.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1079.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1062.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1036.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-2074.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1058.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1028.dll	Jump to dropped file
Source: C:\Program Files\CCleaner\CCUpdate.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Setup\92a778af-76d6-4186-8535-ae66d08f623f.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-9999.dll	Jump to dropped file
Source: C:\Program Files\CCleaner\CCleaner64.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\gcapi_17324469293276.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1046.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1051.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1104.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1041.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1054.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1109.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1034.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1051.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-2052.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1036.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1061.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1079.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1086.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1087.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1060.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1026.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1027.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\g\gcapi_dll.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1044.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1053.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1043.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1104.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-2070.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-9999.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1092.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\nsProcess.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1109.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1042.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1025.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\CCleanerReactivator.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1062.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\CCleanerDU.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1038.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1032.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1045.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1068.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\INetC.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1058.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\lang-1055.dll	Jump to dropped file
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Dropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1028.dll	Jump to dropped file

Found evasive API chain (may stop execution after accessing registry keys)

Source: C:\Program Files\CCleaner\CCUpdate.exe

Evasive API call chain: RegQueryValue,DecisionNodes,Sleep

Found evasive API chain (may stop execution after checking a module file name)

Source: C:\Program Files\CCleaner\CCUpdate.exe

Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep

Found evasive API chain checking for process token information

Source: C:\Program Files\CCleaner\CCUpdate.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

Found large amount of non-executed APIs

Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe

API coverage: 7.0 %

Is looking for software installed on the system

Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key enumerated: More than 138 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe TID: 5624	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe TID: 6448	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Program Files\CCleaner\CCUpdate.exe TID: 6448	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe TID: 5500	Thread sleep time: -60000s >= -30000s
Source: C:\Program Files\CCleaner\CCleaner64.exe TID: 6152	Thread sleep time: -60000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 5492	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\CCleaner\CCleaner64.exe TID: 7752	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\CCleaner\CCleaner64.exe TID: 6112	Thread sleep count: 105 > 30
Source: C:\Program Files\CCleaner\CCleaner64.exe TID: 3536	Thread sleep count: 59 > 30
Source: C:\Program Files\CCleaner\CCleaner64.exe TID: 6112	Thread sleep count: 180 > 30
Source: C:\Program Files\CCleaner\CCUpdate.exe TID: 7176	Thread sleep time: -90000s >= -30000s
Source: C:\Program Files\CCleaner\CCUpdate.exe TID: 7176	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\CCleaner\CCleaner64.exe TID: 616	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 2132	Thread sleep count: 1034 > 30
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 7964	Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 7964	Thread sleep time: -900000s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 7964	Thread sleep time: -899775s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 7964	Thread sleep time: -899617s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 7964	Thread sleep time: -899495s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 7964	Thread sleep time: -899109s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 7964	Thread sleep time: -898952s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 7964	Thread sleep time: -898532s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 7964	Thread sleep time: -898034s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 7964	Thread sleep time: -897385s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 6484	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 6468	Thread sleep count: 481 > 30
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 3920	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 3920	Thread sleep time: -900000s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 3920	Thread sleep time: -899853s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 3920	Thread sleep time: -899725s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 3920	Thread sleep time: -899622s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 3920	Thread sleep time: -899139s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 6084	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 6500	Thread sleep count: 1873 > 30
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -3689348814741908s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -900000s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -899764s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -899569s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -899419s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -899297s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -899056s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -898814s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -898126s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -897860s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -897652s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -897442s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -897298s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -897165s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -896999s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -896798s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -896610s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -896454s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -896266s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -895735s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -895553s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -895405s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -895275s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -895058s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -894934s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -894823s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -894703s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -894587s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -894406s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -894291s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -894172s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7208	Thread sleep time: -894054s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 6368	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\CCleaner\CCleaner64.exe TID: 7532	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7072	Thread sleep count: 801 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7248	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6416	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7988	Thread sleep count: 1764 > 30
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -5534023222112862s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -900000s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -899836s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -899620s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -899495s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -899385s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -899265s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -899149s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -898968s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -898852s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -898748s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -898639s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -898529s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -898420s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -898310s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -898172s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 7140	Thread sleep time: -898027s >= -30000s
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe TID: 3352	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6760	Thread sleep count: 2610 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6392	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2072	Thread sleep time: -1844674407370954s >= -30000s

Queries disk information (often used to detect virtual machines)

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

File opened: PhysicalDrive0

Jump to behavior

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select UUID from win32_computersystemproduct
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PCSystemType,Domain from win32_computersystem

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Program Files\CCleaner\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Program Files\CCleaner\CCleaner64.exe	Last function: Thread delayed
Source: C:\Program Files\CCleaner\CCleaner64.exe	Last function: Thread delayed

Uses the system / local time for branch decision (may execute only at specific dates)

Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009C7F44 GetSystemTime followed by cmp: cmp esi, 06h and CTI: je 009C80A4h	7_2_009C7F44
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009C7F44 GetSystemTime followed by cmp: cmp esi, 05h and CTI: je 009C80A4h	7_2_009C7F44
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009C7F44 GetSystemTime followed by cmp: cmp esi, 04h and CTI: je 009C80A4h	7_2_009C7F44
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009C7F44 GetSystemTime followed by cmp: cmp esi, 03h and CTI: je 009C80A4h	7_2_009C7F44
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009C7F44 GetSystemTime followed by cmp: cmp esi, 02h and CTI: je 009C80A4h	7_2_009C7F44

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009CF00C __EH_prolog3_GS,FindFirstFileW,SetFileAttributesW,DeleteFileW,GetLastError,Sleep,FindNextFileW,SetFileAttributesW,RemoveDirectoryW,GetLastError,FindClose,	7_2_009CF00C
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A25B9E FindFirstFileExW,	7_2_00A25B9E
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_009E0B37 __EH_prolog3_GS,FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,	7_2_009E0B37

Source: C:\Program Files\CCleaner\CCUpdate.exe

Code function: 7_2_009EF2A0 GetSystemInfo,GetVersionExW,GetVersionExW,RtlGetVersion,GetModuleHandleW,GetProcAddress,RtlGetVersion,

7_2_009EF2A0

Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 900000
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899775
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899617
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899495
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899109
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 898952
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 898532
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 898034
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 897385
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 900000
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899853
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899725
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899622
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 899139
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 900000
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899764
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899569
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899419
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899297
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899056
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898814
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898126
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 897860
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 897652
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 897442
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 897298
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 897165
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 896999
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 896798
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 896610
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 896454
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 896266
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 895735
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 895553
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 895405
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 895275
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 895058
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894934
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894823
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894703
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894587
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894406
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894291
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894172
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 894054
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 900000
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899836
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899620
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899495
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899385
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899265
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 899149
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898968
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898852
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898748
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898639
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898529
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898420
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898310
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898172
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 898027
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: onLicenseKeyisPreviousAvailablegetKeyboardLanguageonManageSubscriptiononActivateNewKeyonAlphaUserInfoonBackToCCleaneronPasteKeyonUserNameactivateconfirmrequestCompanyNameEmailCOptionsLicenseSciterCtrl::onPasteKeyCOptionsLicenseSciterCtrl: the license key couldn't be pasted - no key on the clipboardSetUserNamesetManageLicenseContextEnablePasteSetLicenseKeyfile://LicenseUserInfo.htmfile://LicenseAlphaUserInfo.htmStopWaitingfile://LicenseKeyActivation.htmtracknameStartWaitingSurnamemessageautoExtensionsubscriptionManagementdaysLeftexpiryDatelicenseKeylicenseTypefile://LicenseRegistered.htmfile://ManageLicense.htmdataUpdatedLicenseKey_ManageSubscriptionSoftware\Microsoft\Internet Explorer\SettingsAnchor ColorAnchor Color Visitedtooltips_class32static<A></A>TahomaREQUEST_EVENTS_WINDOW_MESSAGE1COMBOBOXShowOffers3rdPartyHelp improve CCleaneruntickOptions/PrivacyShowOffers1stPartytick/MONITORenable automatic updatesOptions/Updatesenable new version notificationCCleaner Smart CleaningVMware Horizon ClientSoftware\Piriform\CCleanerTaskbarSetProgressStateTaskbarSetProgressValueconfig.def()ACTIVATION_EVENTS_WINDOW_MESSAGEignoreprogramIDcommandError: [Named Pipes] CCleaner::DbgLogger::LogDebug: Trace: Info: Warning: ProgramFolderDataFolderDumpReportingCCleanerCrashDump.exetemp.defSetup[common]Exception installing Crash HandlerCrash Handler installed with result: Exception while creating new directoryCreate LOG subfolderInitialize Crash Handler[CrashSupport] Piriform::CrashSupport::InitializeCrashHandlerException occured when writing to a config file
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: FileKey4=%LocalAppData%\VMware\|*.log
Source: CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: %sApple Mobile Device Serviceoutlook.exeShowEdgePreloadingWarningShowNoxplayerCleanSuspendedWarningvideopad.exeNoxVMSVC.exeNoxVMHandle.exeShowActionCleanSuspendedWarningShowVideoPadVideoEditorCleanSuspendedWarningActionLauncher.exepostbox.exeShowPostboxCleanSuspendedWarningTeraBox.exeShowTeraBoxCleanSuspendedWarningNox.exeMultiPlayerManager.exeOpenVPNConnect.exeShowOpenVPNConnectCleanSuspendedWarningGoTo.exeShowGoToMeetingCleanSuspendedWarningrecorder.exeShowIcecreamScreenRecorderCleanSuspendedWarningiTopPDF.exeShowiTopPDFCleanSuspendedWarningui32.exeShowWallpaperEngineCleanSuspendedWarningShowBlueJeansCleanSuspendedWarningBox.exeShowBitCometCleanSuspendedWarningBlueJeans.exeBox Local Com Service.exeShowBoxEditCleanSuspendedWarningShowBoxDriveCleanSuspendedWarningBox Edit.exevmware-view.exevmwetlm.exeShowVNCViewerCleanSuspendedWarninghorizon_client_service.exeShowCalibreCleanSuspendedWarningBitComet.exeShowVMwareHorizonClientCleanSuspendedWarningcalibre-parallel.exeShowCyberLinkYouCam10CleanSuspendedWarningnextcloud.exeYouCam10.exeYouCamService10.exeShowPlexHTPCCleanSuspendedWarningvncviewer.exeShowNextcloudDesktopClientCleanSuspendedWarningPlex HTPC.exeShowCutePDFCleanSuspendedWarningXmind.exeShowGoodSyncCleanSuspendedWarningCutePDFE.exePlexScriptHost.exeShowPlexMediaServerCleanSuspendedWarningShowXmindCleanSuspendedWarningPlex Media Server.exeShowZoomCleanSuspendedWarningccsa.exeShoWYoutuPlayCleanSuspendedWarningZoom.exeShowCorelPaintShopProCleanSuspendedWarningGoodSync.exeShowCodeCompareCleanSuspendedWarningCorel PaintShop Pro.exeShowMessengerCleanSuspendedWarningCiscoCollabHost.exeShowWPSOfficeCleanSuspendedWarningMessenger.exeShowDouyinCleanSuspendedWarningYouTubePlayer.UWP.exeShowWebexCleanSuspendedWarningDouyin.exeDb.App.exeShowDrawboardPDFCleanSuspendedWarningLINE.exeShowLineCleanSuspendedWarningShowCapCutCleanSuspendedWarningwps.exeCapCut.exeparfait_crash_handler.exerealplay.exeShowRealPlayerCleanSuspendedWarningShowOneDriveCleanSuspendedWarningShowSkypeCleanSuspendedWarningClipchamp.exeShowClipchampCleanSuspendedWarningresso.exeShowRessoCleanSuspendedWarningAppleMobileDeviceProcess.exeiCloud.exesecd.exeAppleFirefoxHost.exeShowTeamsCleanSuspendedWarningShowiCloudCleanSuspendedWarningTeams.exeiCloudPhotos.exeiCloudDrive.exeiCloudServices.exeiCloudIE.exeAppleIEDAV.exeAPSDaemon.exeiCloudFirefox.exeApplePhotoStreams.exeMicrosoft.Photos.exeShowMicrosoftPhotosCleanSuspendedWarningDiscord.exeShowDiscordCleanSuspendedWarningiCloudPrefs.exeiCloudCKKS.exeMicrosoft.Notes.exeShowMicrosoftStickyNotesCleanSuspendedWarningDolbyAccess.exeShowDolbyAccessCleanSuspendedWarningShowMicrosoftToDoCleanSuspendedWarningAcrobat.exeShowAdobeAcrobatReaderCleanSuspendedWarningTelegram.exeShowTelegramCleanSuspendedWarningShowAmazonPrimeCleanSuspendedWarningShowSlackCleanSuspendedWarningShowItunesCleanSuspendedWarningShowWhatsAppCleanSuspendedWarningShowAmazonMusicCleanSuspendedWarningShowNortonBrowserCleanSuspendedWarningShowAviraBrowserCleanSuspendedWarningShowAvas
Source: lw2HMxuVuf.exe, 00000000.00000002.2802095777.000000006B047000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: CCREMOVESELFRECURSEActionLauncher.exevideopad.exeNoxVMHandle.exeNoxVMSVC.exeMultiPlayerManager.exeNox.exeOpenVPNConnect.exepostbox.exeTeraBox.exeiTopPDF.exeui32.exeGoTo.exerecorder.exeBox Local Com Service.exeBox Edit.exeBox.exeBlueJeans.exeBitComet.execalibre-parallel.exevmwetlm.exevmware-view.exehorizon_client_service.exevncviewer.exePlex HTPC.exenextcloud.exeYouCamService10.exeYouCam10.exePlexScriptHost.exePlex Media Server.exeXmind.exeCutePDFE.exeGoodSync.exeCorel PaintShop Pro.execcsa.exeZoom.exeYouTubePlayer.UWP.exeDouyin.exeCiscoCollabHost.exeMessenger.exewps.exeparfait_crash_handler.exeCapCut.exeDb.App.exeLINE.exeClipchamp.exeresso.exerealplay.exeSkype.exeFileCoAuth.exeOneDrive.exeTeams.exeiCloud.exeAppleMobileDeviceProcess.exeAppleFirefoxHost.exesecd.exeAPSDaemon.exeAppleIEDAV.exeApplePhotoStreams.exeiCloudFirefox.exeiCloudDrive.exeiCloudPhotos.exeiCloudIE.exeiCloudServices.exeiCloudCKKS.exeiCloudPrefs.exeMicrosoft.Notes.exeMicrosoft.Photos.exeDiscord.exeAcrobat.exeTelegram.exeprimevideo.exeDolbyAccess.exeTodo.exeWhatsApp.exeAppleMobileDeviceService.exeiTunes.exeAmazon Music Helper.exeAmazon Music.exeslack.exe:a3yn
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: FileKey6=%LocalAppData%\Temp\|VMware_Horizon_Client*.log
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: [VMware Horizon Client]
Source: lw2HMxuVuf.exe, 00000000.00000002.2794685834.0000000003D10000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2213470711.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2222945307.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2794848571.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2766117669.0000000003D4C000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000002.2560641566.00000197BBF72000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000002.2562103985.00000197BE4BD000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000003.2534004735.0000000000D17000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000003.2571029060.0000000000D15000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000003.2533875197.0000000000D15000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: Username: CCleaner CApplication::EnableLogging/monitoring/options/registry/tools/cleaner/log/cleanie/updatefailed/register/createskipuac/scanreg/ccupdate/ccinfo/export/scheduling/advanced /[l\|L][i\|I][s\|S][t\|T] +"?{[^"]+})(/[s\|S][y\|Y][s\|S][r\|R][e\|E][s\|S][t\|T][o\|O][r\|R][e\|E] +{[0-9]+})/sysrestoreMonitor ApplicationCApplication::ParseCommandlineArguments/unregister( [k\|K][e\|E][y\|Y]=+?"{[^"]+})( [n\|N][a\|A][m\|M][e\|E]=+?"{[^"]+})NumOfIssueDetectedDriversNumOfUpToDateDriversPiriformRegistration/manualupdatefromtoaster/issues/du/restoreccb/restoreccbSmartClean:BrowserAlertsSmartClean:JunkAlertsSmartCleanAutoUpdatesUpdateNotificationsActivationoffonLikelyVirtualMachinecc6 research - Detectioncc6 researchDetectionwebview2 :: IsElevatedIsAdminSkipUAC/CLEANER/AUTOJLGamerScoreVersionGamerScoreStartupgui openmonitoringccleaner startup eventCCInfo.txt3.18.17083.19.ShowTrialDiscountOfferUninstall.lnkuninst.exe/OPTIONS/TOOLSTLS1.2TLS1.1OS={}
Source: CCUpdate.exe, 00000007.00000003.2534004735.0000000000D17000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000003.2571029060.0000000000D15000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000003.2533875197.0000000000D15000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000003.2571262365.0000000000D17000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000D15000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-GBn
Source: CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: hardware accelerated execution managerputtypostgrespgadminoraclevagrantxmingsdknetbeansgithubsourcetreeslackiis * expressiis express application compatibility databasemicrosoft sql server management studiovmwareapache tomcatglassfishsublime text*tortoisesvnszProductVerszInstallDateTime.txt_32settingsextended_expiry_dtnum_licensesSOFTWARE\McAfee\DesktopProtection
Source: lw2HMxuVuf.exe, 00000000.00000002.2798020466.0000000005470000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: @wgencounter.inf,%GenCounter.SVCDESC%;Microsoft Hyper-V Generation Counter
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: DetectFile1=%ProgramFiles%\VMware\VMware Horizon View Client
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: FileKey6=%ProgramFiles%\VMware\VMware Workstation\ico\|*.ico
Source: lw2HMxuVuf.exe, 00000000.00000002.2798020466.0000000005470000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: @virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: FileKey3=%ProgramData%\VMware\VDM\logs\|.
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: FileKey2=%ProgramData%\VMware\VDM\logs\|.
Source: CCleaner64.exe, 00000005.00000002.2560641566.00000197BBF3B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Horizon Client$
Source: CCUpdate.exe, 00000007.00000003.2533875197.0000000000CED000.00000004.00000020.00020000.00000000.sdmp, CCUpdate.exe, 00000007.00000002.2688383482.0000000000CEF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8T
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: [VMware Player]
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: DetectFile1=%ProgramFiles%\VMware\VMware Player
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: DetectFile1=%ProgramFiles%\VMware\VMware Workstation
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: [VMware Workstation]
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: FileKey4=%LocalAppData%\VMware\VDM\logs\|.
Source: CCleaner64.exe, 00000005.00000002.2560641566.00000197BBF3B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Horizon Client^
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: FileKey4=%LocalAppData%\Temp\vmware-\|.*
Source: lw2HMxuVuf.exe, 00000000.00000003.2258418784.0000000006140000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ZeqHGFSQN=HME31
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: FileKey5=%LocalAppData%\Temp\vmware-\|.*
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: FileKey5=%ProgramFiles%\Common Files\VMware\InstallerCache\|.
Source: lw2HMxuVuf.exe, 00000000.00000002.2851079522.000000006C299000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: [pythonjava se development kitxamarinwinscpmicrosoft azuremicrosoft r clientbkchemcronosvisual c++ for mobile developmentmysql connector c++microsoft visual c++ build toolsdev-c++cmaketrafico de faunamm7270gnu privacy guarde-readerkokoriginga.arlabcamforcepadkhi3maximamicrosoft emulatorgapminderavidemuxscilabversion imagensongsmithmodellusfusioninventorypilas-enginealice applicationeqtablajetbrainsgit versionmysqlprerequisites for ssdtnode.jsandroid studiowinpcapunityxamppatomblenderarduinonetbeansgithubsourcetreeslackoraclevagrantxmingsdkapache tomcatglassfishsublime texttortoisesvn*iis expressiis express application compatibility databasemicrosoft sql server management studiovmwaremicrosoft system clr types for sql server*microsoft .net framework multi-targeting pack*microsoft sql server management objectswindows software development kitnotepad++*microsoft sql server transact-sql scriptdom*microsoft sql server express localdb*microsoft visual studio shell**intel
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: DetectFile2=%ProgramFiles%\VMware\VMware Workstation
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: FileKey3=%LocalAppData%\Temp\vmware-\|.*
Source: CCleaner64.exe, 00000005.00000002.2564460819.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: LikelyVirtualMachine
Source: CCleaner64.exe, 00000005.00000000.2507611866.00007FF7D756B000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: Update config.def file under Piriform::CrashSupport::UpdateConfigFileException occured when creating config.def file with [common] values from ShepherdCreate config.def file under Piriform::CrashSupport::CreateConfigFile --guid " --programpath " --path " --send dumps\|report--product 90Exception while checking if config folder existsGet crash config from config.def filePiriform::CrashSupport::ReadConfigFiledisabledenabledCrash Reporting scheduled task Piriform::CrashSupport::UpdateCrashReportingTaskStatus\CCleanerBugReport.exe Piriform::CrashSupport::CrashReportParameters --silent --version "Add crash reporting scheduled task which runs daily crash reporting scheduled task - error when loading crash reporting scheduled task - error when saving: disabled enabledFailed to 4141FCD7-B506-4916-8EC4-D38E4373F47AF9FD4EDF-1129-4DBC-9A8C-9EE7271FBE7Etrial-source-none17191109A435FAA9-2311-4E23-B944-096D54E9DB317F4CCD0B-B3BE-4FD2-9A26-A0299FDE418B78E68749-DE5B-404A-9B44-7A5AEDED1CFCF16A9578-E0E4-4EA7-8FD7-E91C0061A9FD103134healthcheckNF-trial-offer17931017softwareupdater-trial-offer17101108198050performanceOptimizer-trial-offer165286436driverupdater-trial-offer952accountmanager-start-trial-offer1121accountmanager-trial-offer199437options-trial-offer1993optionsabout-trial-offer44schedulervalidation-trial-offer171540schedulerhomescreen-trial-offer171410503920customclean-trial-offer1927106145clouddrivecleaner-trial-offer20291131healthcheck-direct-30d-trial-offer2012onboarding-trial-offer1937108147upgradebutton-trial-offer1940109148healthcheck-interstitial-60d-trial-offer2013healthcheck-interstitial-30d-trial-offer2011healthcheck-direct-60d-trial-offer2014toaster-offer1929107146healthcheck-banner-offer1943Application EndedCApplication::~CApplicationhttp_proxy_loader.dllSendMessageToMainApp: Sending message, action: SendMessageToMainApp: Opened main application window, waiting for it to openSendMessageToMainApp: Cannot send message, invalid data or from wrong flowCApplication::SendMessageToMainApplication /debug %dPrevious CountBroken CountError type/autojl()Scripting/autojlRun CCleaner/autorb/monitorSendMessageToMainApp: Could not find main application window/auto/shutdown/shutdown/auto/autosc/autosc/autos/autos/update/method/delete/method %d/method/delete/restart/restartSYSTEM\CurrentControlSet\Control\SystemInformationOpen CCleaner/frb/analyze/analyze/clean/clean/updateParallels ARM Virtual MachineGoogleGoogle Compute EngineCloud PC EnterpriseMicrosoft CorporationVirtual Machineinnotek GmbHVirtualBoxCOOLHOUSING s.r.o.Virtual serverQEMUQEMU Virtual MachineParallelsParallels Software International Inc.Parallels Virtual PlatformParallels International GmbH.UpCloudTencent CloudVMware, Inc.Amazon EC2Baidu CloudBaidu Cloud BCCAlibaba CloudAlibaba Cloud ECSVirtual ServerVirtual PlatformSystemProductNameSystemManufacturerVultrVirtuozzoQuanta Cloud Technology Inc.ThinCloud/updatesuccess/uac/debugApplication Started
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: VMware Horizon Client
Source: lw2HMxuVuf.exe, 00000000.00000002.2802095777.000000006B047000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: %s%slang\lang-.dlllang-%s\%s%d%siexploreshell32SHQueryRecycleBinWSHUpdateRecycleBinIcon.exe(null)VMware Horizon ClientSELECT FROM __InstanceDeletionEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'" - %lldBad optional accessCCleanerSkipUACCCleaner"*64.exe64.Software\Microsoft\Windows\CurrentVersion\RunEVENTS_WINDOW_MESSAGEUnmatched '}' in format string.winsyswinappwinregFILEPATHREGFIREFOXCHROMETHUNDERBIRDOPERACCLEANERVIVALDIBRAVEOPERAGXSPOTIFYAVASTSECUREBROWSERARCIncludeExcludeCustomLocationFinderIncludeFinderExcludeinfnan(ind)nannan(snan)Invalid format string.Unknown format specifier.Missing '}' in format string.Can not switch from manual to automatic indexingFormat specifier requires numeric argument.Can not switch from automatic to manual indexingInvalid type specification.Invalid presentation type specifierInvalid presentation type for boolInvalid presentation type for charInvalid presentation type for integerInvalid presentation type for floating-pointInvalid presentation type for stringInvalid presentation type for pointerModifier requires an integer presentation type for bool0e+00Number is too biginvalid fill character '{'Missing precision specifier.Invalid fill (too long).Precision not allowed for this argument type.Argument not found.String pointer is null.integral cannot be stored in char0b0B0x0X0\t\t\n\n\r\r\\\\\u{\u{\x{\x{Number is too big.Width is not an integer.Negative width.Precision is not an integer.Negative precision.
Source: lw2HMxuVuf.exe, 00000000.00000002.2798020466.0000000005470000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: @wvpci.inf,%vpci.SVCDESC%;Microsoft Hyper-V Virtual PCI Bus0
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: FileKey1=%ProgramData%\VMware\logs\|.
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: VMware Player
Source: lw2HMxuVuf.exe, 00000000.00000002.2798020466.0000000005470000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: @wvmgid.inf,%VmGid.SVCDESC%;Microsoft Hyper-V Guest Infrastructure Driverice
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: FileKey3=%ProgramData%\VMware\vmwetlm\logs\|.
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: VMware Workstation
Source: lw2HMxuVuf.exe, 00000000.00000002.2798020466.0000000005470000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: @wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator
Source: CCleanerBugReport.exe, 0000000B.00000003.2555480964.000001D24E891000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:g
Source: CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: FileKey2=%Program Files%\VMware\VMware Player\ico\|.
Source: CCleaner64.exe, 00000005.00000002.2562103985.00000197BE4BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWYcr

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Checks if the current process is being debugged

Source: C:\Program Files\CCleaner\CCleaner64.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Process queried: DebugPort
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process queried: DebugPort
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process queried: DebugPort
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process queried: DebugPort
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process queried: DebugPort
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process queried: DebugPort
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process queried: DebugPort
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process queried: DebugPort

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe

9_2_00007FF66A061C20

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Program Files\CCleaner\CCUpdate.exe

Code function: 7_2_00A0661F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

7_2_00A0661F

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Source: C:\Program Files\CCleaner\CCUpdate.exe

7_2_009CE1E7

Contains functionality to dynamically determine API calls

Source: C:\Program Files\CCleaner\CCUpdate.exe

7_2_009CBC3B

Contains functionality to read the PEB

Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A1F22C mov ecx, dword ptr fs:[00000030h]	7_2_00A1F22C
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A24602 mov eax, dword ptr fs:[00000030h]	7_2_00A24602
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A24646 mov eax, dword ptr fs:[00000030h]	7_2_00A24646

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Program Files\CCleaner\CCUpdate.exe

Code function: 7_2_009BA9D6 __EH_prolog3,GetProcessHeap,

7_2_009BA9D6

Enables debug privileges

Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleanerBugReport.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process token adjusted: Debug

Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A0600E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_00A0600E
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A0661F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_00A0661F
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A067AC SetUnhandledExceptionFilter,	7_2_00A067AC
Source: C:\Program Files\CCleaner\CCUpdate.exe	Code function: 7_2_00A0AA73 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_00A0AA73
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: 9_2_00007FF66A09ECE0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	9_2_00007FF66A09ECE0
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: 9_2_00007FF66A090684 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	9_2_00007FF66A090684

Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

Bypasses PowerShell execution policy

Source: C:\Windows\System32\cmd.exe

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe" /createSkipUAC	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process created: C:\Program Files\CCleaner\CCUpdate.exe "C:\Program Files\CCleaner\CCUpdate.exe" /reg	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe"	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Process created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe" /monitor
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /S /C ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -ExecutionPolicy Bypass "(Get-ItemProperty 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe').VersionInfo.FileDescription" > "C:\Users\user\AppData\Local\Temp\OPSBBCA.tmp" 2> "C:\Users\user\AppData\Local\Temp\OPSBBCB.tmp""
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -ExecutionPolicy Bypass "(Get-ItemProperty 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe').VersionInfo.FileDescription"
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /S /C ""C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -ExecutionPolicy Bypass "(Get-ItemProperty 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe').VersionInfo.FileDescription" > "C:\Users\user\AppData\Local\Temp\OPSD146.tmp" 2> "C:\Users\user\AppData\Local\Temp\OPSD147.tmp""
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -ExecutionPolicy Bypass "(Get-ItemProperty 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe').VersionInfo.FileDescription"

Source: C:\Program Files\CCleaner\CCUpdate.exe

Code function: 7_2_009CE871 __EH_prolog3,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,

7_2_009CE871

Source: C:\Program Files\CCleaner\CCUpdate.exe

Code function: 7_2_009D0058 GetCurrentProcess,OpenProcessToken,AllocateAndInitializeSid,GetTokenInformation,EqualSid,FreeSid,CloseHandle,

7_2_009D0058

Language, Device and Operating System Detection

Contains functionality to query CPU information (cpuid)

Source: C:\Program Files\CCleaner\CCUpdate.exe

Code function: 7_2_00A0643E cpuid

7_2_00A0643E

Contains functionality to query locales information (e.g. system language)

Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: EnumSystemLocalesW,	9_2_00007FF66A0BAC38
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: EnumSystemLocalesW,	9_2_00007FF66A0BAD08
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	9_2_00007FF66A0BB148
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: EnumSystemLocalesW,	9_2_00007FF66A0B2A44
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: GetLocaleInfoEx,FormatMessageA,	9_2_00007FF66A08FA80
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	9_2_00007FF66A0BB324
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	9_2_00007FF66A0BA8E8
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Code function: GetLocaleInfoW,	9_2_00007FF66A0B2EDC

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files\CCleaner\CCleaner64.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\CC_logo_72x66.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\CC_Logo_40x96.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\nsw3338.tmp\ui\res\PF_computer.png VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\lw2HMxuVuf.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\event_manager.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\event_manager.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\DriverUpdEng.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\DriverUpdEngTask.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\su_telemetry.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\su_telemetry.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\su_controller.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\DriverUpdaterLib.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\DriverUpdEng.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\DriverUpdEngTask.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\event_manager.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\event_manager.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\event_manager.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\DriverUpdEng.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\DriverUpdEngTask.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\su_controller.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\su_telemetry.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\su_telemetry.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\su_telemetry.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\su_controller.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Program Files\CCleaner\LOG\su_adapter.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V0100006.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V0100006.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files\CCleaner\CCleaner64.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe	Queries volume information: C:\Program Files\CCleaner\LOG\event_manager.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe	Queries volume information: C:\Program Files\CCleaner\LOG\event_manager.log VolumeInformation
Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe	Queries volume information: C:\Program Files\CCleaner\LOG\event_manager.log VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files\CCleaner\wa_3rd_party_host_64.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Program Files\CCleaner\CCleanerCrashDump.exe	Queries volume information: C:\Program Files\CCleaner\LOG\DumpProcess.log VolumeInformation

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

Code function: 0_2_6B794210 GetSystemTimes,

0_2_6B794210

Source: C:\Program Files\CCleaner\CCUpdate.exe

Code function: 7_2_00A25092 GetTimeZoneInformation,

7_2_00A25092

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

Code function: 0_2_6B74CFD0 GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle,

0_2_6B74CFD0

Source: C:\Users\user\Desktop\lw2HMxuVuf.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Disables Windows system restore

Source: C:\Program Files\CCleaner\CCleaner64.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore SystemRestorePointCreationFrequency

AV process strings found (often used to terminate AV products)

Source: lw2HMxuVuf.exe	Binary or memory string: guardxkickoff.exe
Source: lw2HMxuVuf.exe, 00000000.00000003.2775079657.0000000003E37000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2771923430.0000000003E1E000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2783345897.0000000003E3A000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2772165852.0000000003E2F000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2781580724.0000000003E3A000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2795911206.0000000003E3A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AVKService.exe
Source: lw2HMxuVuf.exe, lw2HMxuVuf.exe, 00000000.00000002.2796059986.0000000003E54000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2769327001.0000000003E3F000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2776195650.0000000003E53000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avcenter.exe
Source: lw2HMxuVuf.exe	Binary or memory string: vsserv.exe
Source: lw2HMxuVuf.exe, 00000000.00000003.2769125944.0000000003F01000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2782233568.0000000003F01000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2796600283.0000000003F01000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: cfp.exe
Source: lw2HMxuVuf.exe, 00000000.00000002.2803313882.000000006B485000.00000002.00000001.01000000.0000000B.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000002.2566152433.00007FF7D8088000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: DetectFile1=%ProgramFiles%\Malwarebytes' Anti-Malware\mbam.exe
Source: lw2HMxuVuf.exe	Binary or memory string: dwengine.exe
Source: lw2HMxuVuf.exe	Binary or memory string: mcshield.exe
Source: lw2HMxuVuf.exe, 00000000.00000003.2769125944.0000000003F01000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2782233568.0000000003F01000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2796600283.0000000003F01000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vsmon.exe
Source: lw2HMxuVuf.exe	Binary or memory string: mcupdate.exe
Source: lw2HMxuVuf.exe	Binary or memory string: a2service.exe
Source: lw2HMxuVuf.exe, lw2HMxuVuf.exe, 00000000.00000002.2796004323.0000000003E40000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2781695830.0000000003E40000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2769327001.0000000003E3F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: guardxservice.exe
Source: lw2HMxuVuf.exe, lw2HMxuVuf.exe, 00000000.00000002.2796059986.0000000003E54000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2769327001.0000000003E3F000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2776195650.0000000003E53000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: bdagent.exe
Source: lw2HMxuVuf.exe, lw2HMxuVuf.exe, 00000000.00000003.2781540563.0000000003E63000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2796157960.0000000003E6A000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2769327001.0000000003E3F000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2776195650.0000000003E53000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: acs.exe
Source: lw2HMxuVuf.exe	Binary or memory string: cmdagent.exe
Source: lw2HMxuVuf.exe, 00000000.00000003.2769125944.0000000003F01000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2782233568.0000000003F01000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2796600283.0000000003F01000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: MSASCui.exe
Source: lw2HMxuVuf.exe	Binary or memory string: avguard.exe
Source: lw2HMxuVuf.exe, lw2HMxuVuf.exe, 00000000.00000002.2796059986.0000000003E54000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2769327001.0000000003E3F000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2776195650.0000000003E53000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: BullGuard.exe
Source: lw2HMxuVuf.exe	Binary or memory string: dwservice.exe
Source: lw2HMxuVuf.exe, 00000000.00000003.2769125944.0000000003F01000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2782233568.0000000003F01000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2796600283.0000000003F01000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avp.exe
Source: lw2HMxuVuf.exe, lw2HMxuVuf.exe, 00000000.00000002.2796059986.0000000003E54000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2769327001.0000000003E3F000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2776195650.0000000003E53000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avgcsrvx.exe
Source: lw2HMxuVuf.exe, lw2HMxuVuf.exe, 00000000.00000002.2796059986.0000000003E54000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2769327001.0000000003E3F000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2776195650.0000000003E53000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ClamTray.exe
Source: lw2HMxuVuf.exe	Binary or memory string: avgnsx.exe
Source: lw2HMxuVuf.exe	Binary or memory string: a2start.exe
Source: lw2HMxuVuf.exe	Binary or memory string: avgnt.exe
Source: lw2HMxuVuf.exe	Binary or memory string: a2guard.exe
Source: lw2HMxuVuf.exe, 00000000.00000003.2772473215.0000000003E27000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2771923430.0000000003E1E000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2781630779.0000000003E2A000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2795747992.0000000003E2C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 360Tray.exe
Source: lw2HMxuVuf.exe, 00000000.00000002.2803313882.000000006B485000.00000002.00000001.01000000.0000000B.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2793573066.0000000002B99000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000005.00000002.2566152433.00007FF7D8088000.00000002.00000001.01000000.00000017.sdmp, CCleaner64.exe, 00000005.00000000.2508640115.00007FF7D8175000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: DetectFile2=%ProgramFiles%\Malwarebytes Anti-Malware\mbam.exe
Source: lw2HMxuVuf.exe, 00000000.00000003.2771923430.0000000003E1E000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2795803575.0000000003E31000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2772165852.0000000003E2F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: FPAVServer.exe
Source: lw2HMxuVuf.exe	Binary or memory string: mbam.exe
Source: lw2HMxuVuf.exe, 00000000.00000003.2769125944.0000000003F01000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2782233568.0000000003F01000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000002.2796600283.0000000003F01000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: QUHLPSVC.EXE
Source: lw2HMxuVuf.exe, lw2HMxuVuf.exe, 00000000.00000002.2796059986.0000000003E54000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2769327001.0000000003E3F000.00000004.00000020.00020000.00000000.sdmp, lw2HMxuVuf.exe, 00000000.00000003.2776195650.0000000003E53000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ClamWin.exe

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\webappsstore.sqlite-shm
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\compatibility.ini
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\webappsstore.sqlite-wal
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-wal
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\webappsstore.sqlite
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\permissions.sqlite
Source: C:\Program Files\CCleaner\CCleaner64.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

ID:	1561836
Product:	CloudBasic
Start time:	12:13:13
Start date:	24.11.2024
Sample:	lw2HMxuVuf.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	d12d2a0f8909a768683f6c548205e955
SHA1:	2fccbec13bc847741b7cdd85cbdd560af59d96e1
SHA256:	5c48490b288fbb3b9d7b17aebc15b0f76edc4339029cadf91b28113111c2b20b
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report lw2HMxuVuf.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Signatures

Cryptography

Phishing

Compliance

Spreading

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
lw2HMxuVuf.exe