Windows Analysis Report
https://download.ccleaner.com/portable/ccsetup629.zip

Overview

General Information

Sample URL: https://download.ccleaner.com/portable/ccsetup629.zip
Analysis ID: 1540662
Infos:

Detection

Score: 68
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Yara detected AntiVM3
Yara detected ZipBomb
Disables Windows system restore
Query firmware table information (likely to detect VMs)
Tries to harvest and steal browser information (history, passwords, etc)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Creates COM task schedule object (often to register a task for autostart)
Creates files inside the system directory
Creates job files (autostart)
Creates or modifies windows services
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Is looking for software installed on the system
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Stores files to the Windows start menu directory

Classification

Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.111.175.102:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.111.24.1:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.111.24.1:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49738 version: TLS 1.2
Creates COM task schedule object (often to register a task for autostart)
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: global traffic DNS traffic detected: DNS query: download.ccleaner.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: analytics.avcdn.net
Source: global traffic DNS traffic detected: DNS query: ip-info.ff.avast.com
Source: global traffic DNS traffic detected: DNS query: www.ccleaner.com
Source: global traffic DNS traffic detected: DNS query: shepherd.ff.avast.com
Source: global traffic DNS traffic detected: DNS query: ipm-provider.ff.avast.com
Source: global traffic DNS traffic detected: DNS query: ipmcdn.avast.com
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.111.175.102:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.111.24.1:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.111.24.1:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49738 version: TLS 1.2
Creates files inside the system directory
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe File created: C:\Windows\Tasks\CCleanerCrashReporting.job
Source: classification engine Classification label: mal68.spyw.evad.win@22/43@11/130
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\2f4bfd42-2fd8-46c8-95e4-68502d31c004.tmp
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Mutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_MainInstance
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Mutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_Monitoring
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Mutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_PreventSecondInstance
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Mutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_Checking_for_Updates_show_post
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Mutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_Checking_for_Updates
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Mutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_SystemTrayIconActive
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe File created: C:\Users\user\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select name,processid,commandline,executablepath from win32_process
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecNotificationQuery - root\cimv2 : SELECT ProcessID FROM Win32_ProcessTrace WHERE __CLASS = 'Win32_ProcessStartTrace' OR __CLASS = 'Win32_ProcessStopTrace'
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select name,processid,commandline,executablepath from win32_process
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecNotificationQuery - root\cimv2 : SELECT ProcessID FROM Win32_ProcessTrace WHERE __CLASS = 'Win32_ProcessStartTrace' OR __CLASS = 'Win32_ProcessStopTrace'
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select name,processid,commandline,executablepath from win32_process
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecNotificationQuery - root\cimv2 : SELECT ProcessID FROM Win32_ProcessTrace WHERE __CLASS = 'Win32_ProcessStartTrace' OR __CLASS = 'Win32_ProcessStopTrace'
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select name,processid,commandline,executablepath from win32_process
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecNotificationQuery - root\cimv2 : SELECT ProcessID FROM Win32_ProcessTrace WHERE __CLASS = 'Win32_ProcessStartTrace' OR __CLASS = 'Win32_ProcessStopTrace'
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select name,processid,commandline,executablepath from win32_process
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecNotificationQuery - root\cimv2 : SELECT ProcessID FROM Win32_ProcessTrace WHERE __CLASS = 'Win32_ProcessStartTrace' OR __CLASS = 'Win32_ProcessStopTrace'
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select name,processid,commandline,executablepath from win32_process
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecNotificationQuery - root\cimv2 : SELECT ProcessID FROM Win32_ProcessTrace WHERE __CLASS = 'Win32_ProcessStartTrace' OR __CLASS = 'Win32_ProcessStopTrace'
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe File read: C:\Users\user\Desktop\desktop.ini
Source: C:\Windows\System32\rundll32.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1940,i,5312688937864823866,42182297881010704,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://download.ccleaner.com/portable/ccsetup629.zip"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1940,i,5312688937864823866,42182297881010704,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: unknown Process created: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe "C:\Users\user\Downloads\ccsetup629\CCleaner64.exe"
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process created: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe "C:\Users\user\Downloads\ccsetup629\CCleaner64.exe" /uac
Source: unknown Process created: C:\Windows\System32\wbem\unsecapp.exe C:\Windows\system32\wbem\unsecapp.exe -Embedding
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: userenv.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: powrprof.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: dxgi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: dbghelp.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: winmm.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: secur32.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: urlmon.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: oleacc.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: usp10.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: dnsapi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: winhttp.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: iertutil.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: srvcli.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: netutils.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: cryptbase.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: sspicli.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: umpdc.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: dbgcore.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: uxtheme.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: taskschd.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: windows.storage.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: wldp.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: propsys.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: profapi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: edputil.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: smartscreenps.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: policymanager.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: msvcp110_win.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: appresolver.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: slc.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: sppc.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: mpr.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: pcacli.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: sfc_os.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: userenv.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: powrprof.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: dxgi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: dbghelp.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: winmm.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: secur32.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: urlmon.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: oleacc.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: usp10.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: dnsapi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: winhttp.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: iertutil.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: srvcli.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: netutils.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: cryptbase.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: sspicli.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: umpdc.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: dbgcore.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: uxtheme.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: windowscodecs.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: taskschd.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: windows.storage.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: wldp.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: profapi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: cryptsp.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: rsaenh.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: mstask.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: version.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: mpr.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: mpr.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: atlthunk.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: wtsapi32.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: winsta.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: d2d1.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: dwrite.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: dwmapi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: mswsock.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: dataexchange.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: d3d11.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: dcomp.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: twinapi.appcore.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: textshaping.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: wscapi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: netprofm.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: npmproxy.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: newdev.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: devobj.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: devrtl.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: d3d10warp.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: dxcore.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: dpapi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: wbemcomn.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: amsi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: ntmarta.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: webio.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: winnsi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: rasadhlp.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: fwpuclnt.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: schannel.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: textinputframework.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: coreuicomponents.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: coremessaging.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: appresolver.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: slc.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: sppc.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: propsys.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: linkinfo.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: ntshrui.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: cscapi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: policymanager.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: msvcp110_win.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: taskflowdataengine.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: cdp.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: dsreg.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: rstrtmgr.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: ncrypt.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: ntasn1.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: mskeyprotect.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: ncryptsslp.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: msasn1.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: gpapi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: esent.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: msimg32.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: libwaheap.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: libwautils.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: msi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: mpr.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: authz.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: netapi32.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: samcli.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: logoncli.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: explorerframe.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: drvstore.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: wininet.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: spinf.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: rstrtmgr.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Section loaded: dsparse.dll
Source: C:\Windows\System32\wbem\unsecapp.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\unsecapp.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\unsecapp.exe Section loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\unsecapp.exe Section loaded: amsi.dll
Source: C:\Windows\System32\wbem\unsecapp.exe Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\unsecapp.exe Section loaded: profapi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe File written: C:\Users\user\Downloads\ccsetup629\ccleaner.ini
Source: Window Recorder Window detected: More than 3 window changes detected
Drops PE files
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe File created: C:\Users\user\Downloads\ccsetup629\gcapi_dll.dll Jump to dropped file
Creates job files (autostart)
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe File created: C:\Windows\Tasks\CCleanerCrashReporting.job
Creates or modifies windows services
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Registry key monitored for changes: HKEY_CURRENT_USER\SOFTWARE
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\unsecapp.exe Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion
barindex
Yara detected AntiVM3
Source: Yara match File source: 00000012.00000003.2279776779.0000021143499000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000012.00000003.2271668239.0000021143DB3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Yara detected ZipBomb
Source: Yara match File source: C:\Users\user\Downloads\2f4bfd42-2fd8-46c8-95e4-68502d31c004.tmp, type: DROPPED
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe System information queried: FirmwareTableInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe System information queried: FirmwareTableInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe System information queried: FirmwareTableInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe System information queried: FirmwareTableInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe System information queried: FirmwareTableInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe System information queried: FirmwareTableInformation
Contains capabilities to detect virtual machines
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe File opened / queried: C:\Program Files\Hyper-V\
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Window / User API: threadDelayed 475
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Window / User API: threadDelayed 559
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Window / User API: threadDelayed 559
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Dropped PE file which has not been started: C:\Users\user\Downloads\ccsetup629\gcapi_dll.dll Jump to dropped file
Is looking for software installed on the system
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Registry key enumerated: More than 337 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Registry key enumerated: More than 344 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Registry key enumerated: More than 344 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Registry key enumerated: More than 344 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe TID: 7220 Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe TID: 1388 Thread sleep count: 475 > 30
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe TID: 1388 Thread sleep count: 559 > 30
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe TID: 1388 Thread sleep count: 559 > 30
Queries disk information (often used to detect virtual machines)
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe File opened: PhysicalDrive0
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Bios
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Bios
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Bios
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Bios
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Bios
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Bios
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select UUID from win32_computersystemproduct
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select UUID from win32_computersystemproduct
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select UUID from win32_computersystemproduct
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process information queried: ProcessInformation
Checks if the current process is being debugged
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process queried: DebugPort
Enables debug privileges
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process token adjusted: Debug
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process token adjusted: Debug
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process token adjusted: Debug
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process token adjusted: Debug
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Process token adjusted: Debug
Queries information about the installed CPU (vendor, model number etc)
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\Downloads\ccsetup629\LOG\event_manager.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\Downloads\ccsetup629\LOG\event_manager.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\Downloads\ccsetup629\LOG\DriverUpdEng.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\Downloads\ccsetup629\LOG\DriverUpdEngTask.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\Downloads\ccsetup629\LOG\su_telemetry.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\Downloads\ccsetup629\LOG\su_telemetry.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\Downloads\ccsetup629\LOG\su_controller.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings
barindex
Disables Windows system restore
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore SystemRestorePointCreationFrequency

Stealing of Sensitive Information
barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\webappsstore.sqlite-wal
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\webappsstore.sqlite
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cookies.sqlite
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\webappsstore.sqlite-shm
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cookies.sqlite-wal
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cookies.sqlite-shm
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
142.250.186.68
 www.google.com United States
15169 GOOGLEUS false
142.250.185.78
 unknown United States
15169 GOOGLEUS false
34.111.24.1
 ipm-gcp-prod.ff.avast.com United States
15169 GOOGLEUS false
34.111.175.102
 ip-info-gcp.ff.avast.com United States
15169 GOOGLEUS false
2.19.225.128
 unknown European Union
16625 AKAMAI-ASUS false
1.1.1.1
 unknown Australia
13335 CLOUDFLARENETUS false
108.177.15.84
 unknown United States
15169 GOOGLEUS false
172.217.18.14
 unknown United States
15169 GOOGLEUS false
23.212.89.211
 unknown United States
16625 AKAMAI-ASUS false
34.160.176.28
 shepherd-gcp.ff.avast.com United States
2686 ATGS-MMD-ASUS false
216.58.206.35
 unknown United States
15169 GOOGLEUS false
142.250.181.227
 unknown United States
15169 GOOGLEUS false
34.117.223.223
 analytics-prod-gcp.ff.avast.com United States
139070 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG false
239.255.255.250
 unknown Reserved
unknown unknown false

Private

IP
192.168.2.16
192.168.2.7
192.168.2.9

Contacted Domains

Name IP Active
ipm-gcp-prod.ff.avast.com 34.111.24.1 true
shepherd-gcp.ff.avast.com 34.160.176.28 true
ip-info-gcp.ff.avast.com 34.111.175.102 true
www.google.com 142.250.186.68 true
analytics-prod-gcp.ff.avast.com 34.117.223.223 true
download.ccleaner.com unknown unknown
shepherd.ff.avast.com unknown unknown
www.ccleaner.com unknown unknown
analytics.avcdn.net unknown unknown
ip-info.ff.avast.com unknown unknown
ipm-provider.ff.avast.com unknown unknown
ipmcdn.avast.com unknown unknown