Edit tour

Windows Analysis Report
https://download.ccleaner.com/portable/ccsetup629.zip

Overview

General Information

Sample URL:	https://download.ccleaner.com/portable/ccsetup629.zip
Analysis ID:	1540662
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected AntiVM3

Yara detected ZipBomb

Disables Windows system restore

Query firmware table information (likely to detect VMs)

Tries to harvest and steal browser information (history, passwords, etc)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Creates COM task schedule object (often to register a task for autostart)

Creates files inside the system directory

Creates job files (autostart)

Creates or modifies windows services

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Is looking for software installed on the system

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries disk information (often used to detect virtual machines)

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6276 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3900 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1940,i,5312688937864823866,42182297881010704,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6372 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://download.ccleaner.com/portable/ccsetup629.zip" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

rundll32.exe (PID: 7544 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)

CCleaner64.exe (PID: 8184 cmdline: "C:\Users\user\Downloads\ccsetup629\CCleaner64.exe" MD5: 16887EE1FDF940AED11E2E1F9932FD8B)

CCleaner64.exe (PID: 5428 cmdline: "C:\Users\user\Downloads\ccsetup629\CCleaner64.exe" /uac MD5: 16887EE1FDF940AED11E2E1F9932FD8B)

unsecapp.exe (PID: 1164 cmdline: C:\Windows\system32\wbem\unsecapp.exe -Embedding MD5: 9B782B1E1D7A2C28302755F963EAC907)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author
C:\Users\user\Downloads\2f4bfd42-2fd8-46c8-95e4-68502d31c004.tmp	JoeSecurity_ZipBomb	Yara detected ZipBomb	Joe Security
C:\Users\user\Downloads\2f4bfd42-2fd8-46c8-95e4-68502d31c004.tmp	JoeSecurity_ZipBomb	Yara detected ZipBomb	Joe Security
C:\Users\user\Downloads\2f4bfd42-2fd8-46c8-95e4-68502d31c004.tmp	JoeSecurity_ZipBomb	Yara detected ZipBomb	Joe Security
C:\Users\user\Downloads\2f4bfd42-2fd8-46c8-95e4-68502d31c004.tmp	JoeSecurity_ZipBomb	Yara detected ZipBomb	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000012.00000003.2279776779.0000021143499000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000012.00000003.2271668239.0000021143DB3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.175.102:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.24.1:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.24.1:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49738 version: TLS 1.2

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200

Source: global traffic	DNS traffic detected: DNS query: download.ccleaner.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: analytics.avcdn.net
Source: global traffic	DNS traffic detected: DNS query: ip-info.ff.avast.com
Source: global traffic	DNS traffic detected: DNS query: www.ccleaner.com
Source: global traffic	DNS traffic detected: DNS query: shepherd.ff.avast.com
Source: global traffic	DNS traffic detected: DNS query: ipm-provider.ff.avast.com
Source: global traffic	DNS traffic detected: DNS query: ipmcdn.avast.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.175.102:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.24.1:443 -> 192.168.2.16:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.111.24.1:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.176.28:443 -> 192.168.2.16:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.223.223:443 -> 192.168.2.16:49738 version: TLS 1.2

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe

File created: C:\Windows\Tasks\CCleanerCrashReporting.job

Source: classification engine

Classification label: mal68.spyw.evad.win@22/43@11/130

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\2f4bfd42-2fd8-46c8-95e4-68502d31c004.tmp

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Mutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_MainInstance
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Mutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_Monitoring
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Mutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_PreventSecondInstance
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Mutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_Checking_for_Updates_show_post
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Mutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_Checking_for_Updates
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Mutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_SystemTrayIconActive

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe

File created: C:\Users\user\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select name,processid,commandline,executablepath from win32_process
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecNotificationQuery - root\cimv2 : SELECT ProcessID FROM Win32_ProcessTrace WHERE __CLASS = 'Win32_ProcessStartTrace' OR __CLASS = 'Win32_ProcessStopTrace'
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select name,processid,commandline,executablepath from win32_process
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecNotificationQuery - root\cimv2 : SELECT ProcessID FROM Win32_ProcessTrace WHERE __CLASS = 'Win32_ProcessStartTrace' OR __CLASS = 'Win32_ProcessStopTrace'
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select name,processid,commandline,executablepath from win32_process
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecNotificationQuery - root\cimv2 : SELECT ProcessID FROM Win32_ProcessTrace WHERE __CLASS = 'Win32_ProcessStartTrace' OR __CLASS = 'Win32_ProcessStopTrace'
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select name,processid,commandline,executablepath from win32_process
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecNotificationQuery - root\cimv2 : SELECT ProcessID FROM Win32_ProcessTrace WHERE __CLASS = 'Win32_ProcessStartTrace' OR __CLASS = 'Win32_ProcessStopTrace'
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select name,processid,commandline,executablepath from win32_process
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecNotificationQuery - root\cimv2 : SELECT ProcessID FROM Win32_ProcessTrace WHERE __CLASS = 'Win32_ProcessStartTrace' OR __CLASS = 'Win32_ProcessStopTrace'
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select name,processid,commandline,executablepath from win32_process
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecNotificationQuery - root\cimv2 : SELECT ProcessID FROM Win32_ProcessTrace WHERE __CLASS = 'Win32_ProcessStartTrace' OR __CLASS = 'Win32_ProcessStopTrace'

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe

File read: C:\Users\user\Desktop\desktop.ini

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1940,i,5312688937864823866,42182297881010704,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://download.ccleaner.com/portable/ccsetup629.zip"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1940,i,5312688937864823866,42182297881010704,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: unknown	Process created: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe "C:\Users\user\Downloads\ccsetup629\CCleaner64.exe"
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process created: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe "C:\Users\user\Downloads\ccsetup629\CCleaner64.exe" /uac
Source: unknown	Process created: C:\Windows\System32\wbem\unsecapp.exe C:\Windows\system32\wbem\unsecapp.exe -Embedding
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: userenv.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: powrprof.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: dxgi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: winmm.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: secur32.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: urlmon.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: oleacc.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: usp10.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: winhttp.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: srvcli.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: netutils.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: umpdc.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: taskschd.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: wldp.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: propsys.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: profapi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: edputil.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: smartscreenps.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: policymanager.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: appresolver.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: slc.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: sppc.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: mpr.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: pcacli.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: sfc_os.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: userenv.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: powrprof.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: dxgi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: winmm.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: secur32.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: urlmon.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: oleacc.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: usp10.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: winhttp.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: srvcli.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: netutils.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: umpdc.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: taskschd.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: wldp.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: profapi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: mstask.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: version.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: mpr.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: mpr.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: atlthunk.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: winsta.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: d2d1.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: dwrite.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: d3d11.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: dcomp.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: textshaping.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: wscapi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: netprofm.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: npmproxy.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: newdev.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: devobj.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: devrtl.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: d3d10warp.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: dxcore.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: amsi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: webio.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: winnsi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: schannel.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: appresolver.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: slc.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: sppc.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: propsys.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: ntshrui.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: cscapi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: policymanager.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: taskflowdataengine.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: cdp.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: dsreg.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: gpapi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: esent.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: msimg32.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: libwaheap.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: libwautils.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: msi.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: mpr.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: authz.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: netapi32.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: samcli.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: logoncli.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: drvstore.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: wininet.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: spinf.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Section loaded: dsparse.dll
Source: C:\Windows\System32\wbem\unsecapp.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\unsecapp.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\unsecapp.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\unsecapp.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wbem\unsecapp.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\unsecapp.exe	Section loaded: profapi.dll

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe

File written: C:\Users\user\Downloads\ccsetup629\ccleaner.ini

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe

File created: C:\Users\user\Downloads\ccsetup629\gcapi_dll.dll

Jump to dropped file

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe

File created: C:\Windows\Tasks\CCleanerCrashReporting.job

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe

Registry key monitored for changes: HKEY_CURRENT_USER\SOFTWARE

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\unsecapp.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: 00000012.00000003.2279776779.0000021143499000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000003.2271668239.0000021143DB3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Yara detected ZipBomb

Source: Yara match

File source: C:\Users\user\Downloads\2f4bfd42-2fd8-46c8-95e4-68502d31c004.tmp, type: DROPPED

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	System information queried: FirmwareTableInformation

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe

File opened / queried: C:\Program Files\Hyper-V\

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Window / User API: threadDelayed 475
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Window / User API: threadDelayed 559
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Window / User API: threadDelayed 559

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe

Dropped PE file which has not been started: C:\Users\user\Downloads\ccsetup629\gcapi_dll.dll

Jump to dropped file

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Registry key enumerated: More than 337 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Registry key enumerated: More than 344 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Registry key enumerated: More than 344 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Registry key enumerated: More than 344 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe TID: 7220	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe TID: 1388	Thread sleep count: 475 > 30
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe TID: 1388	Thread sleep count: 559 > 30
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe TID: 1388	Thread sleep count: 559 > 30

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe

File opened: PhysicalDrive0

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Bios
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Bios
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Bios
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Bios
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Bios
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Bios

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select UUID from win32_computersystemproduct
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select UUID from win32_computersystemproduct
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select UUID from win32_computersystemproduct

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe

Process information queried: ProcessInformation

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe

Process queried: DebugPort

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process token adjusted: Debug
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Process token adjusted: Debug

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe

Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\Downloads\ccsetup629\LOG\event_manager.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\Downloads\ccsetup629\LOG\event_manager.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\Downloads\ccsetup629\LOG\DriverUpdEng.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\Downloads\ccsetup629\LOG\DriverUpdEngTask.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\Downloads\ccsetup629\LOG\su_telemetry.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\Downloads\ccsetup629\LOG\su_telemetry.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\Downloads\ccsetup629\LOG\su_controller.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

Disables Windows system restore

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore SystemRestorePointCreationFrequency

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\webappsstore.sqlite-wal
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\webappsstore.sqlite
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cookies.sqlite
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\webappsstore.sqlite-shm
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cookies.sqlite-wal
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\cookies.sqlite-shm
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager
Source: C:\Users\user\Downloads\ccsetup629\CCleaner64.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	31 Windows Management Instrumentation	1 Windows Service	1 Windows Service	11 Masquerading	1 OS Credential Dumping	1 Query Registry	Remote Services	1 Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	1 Inhibit System Recovery
Credentials	Domains	Default Accounts	2 Scheduled Task/Job	2 Scheduled Task/Job	1 Process Injection	161 Virtualization/Sandbox Evasion	LSASS Memory	15 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 Registry Run Keys / Startup Folder	2 Scheduled Task/Job	1 Process Injection	Security Account Manager	161 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	1 DLL Side-Loading	1 Registry Run Keys / Startup Folder	1 Rundll32	NTDS	11 Process Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	1 DLL Side-Loading	1 DLL Side-Loading	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	2 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	64 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Source	Detection	Scanner	Label	Link
C:\Users\user\Downloads\ccsetup629\gcapi_17297235455428.dll (copy)	0%	ReversingLabs

Name	IP	Active	Malicious	Reputation
ipm-gcp-prod.ff.avast.com	34.111.24.1	true	false	unknown
shepherd-gcp.ff.avast.com	34.160.176.28	true	false	unknown
ip-info-gcp.ff.avast.com	34.111.175.102	true	false	unknown
www.google.com	142.250.186.68	true	false	unknown
analytics-prod-gcp.ff.avast.com	34.117.223.223	true	false	unknown
download.ccleaner.com	unknown	unknown	false	unknown
shepherd.ff.avast.com	unknown	unknown	false	unknown
www.ccleaner.com	unknown	unknown	false	unknown
analytics.avcdn.net	unknown	unknown	false	unknown
ip-info.ff.avast.com	unknown	unknown	false	unknown
ipm-provider.ff.avast.com	unknown	unknown	false	unknown
ipmcdn.avast.com	unknown	unknown	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	www.google.com	United States	15169	GOOGLEUS	false
142.250.185.78	unknown	United States	15169	GOOGLEUS	false
34.111.24.1	ipm-gcp-prod.ff.avast.com	United States	15169	GOOGLEUS	false
34.111.175.102	ip-info-gcp.ff.avast.com	United States	15169	GOOGLEUS	false
2.19.225.128	unknown	European Union	16625	AKAMAI-ASUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
108.177.15.84	unknown	United States	15169	GOOGLEUS	false
172.217.18.14	unknown	United States	15169	GOOGLEUS	false
23.212.89.211	unknown	United States	16625	AKAMAI-ASUS	false
34.160.176.28	shepherd-gcp.ff.avast.com	United States	2686	ATGS-MMD-ASUS	false
216.58.206.35	unknown	United States	15169	GOOGLEUS	false
142.250.181.227	unknown	United States	15169	GOOGLEUS	false
34.117.223.223	analytics-prod-gcp.ff.avast.com	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.16
192.168.2.7
192.168.2.9

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1540662
Start date and time:	2024-10-24 00:43:40 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://download.ccleaner.com/portable/ccsetup629.zip
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	23
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.spyw.evad.win@22/43@11/130

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.181.227, 172.217.18.14, 108.177.15.84, 23.212.89.211, 34.104.35.123, 178.79.238.128
Excluded domains from analysis (whitelisted): clients2.google.com, e13363.dscd.akamaiedge.net, accounts.google.com, edgedl.me.gvt1.com, ctldl.windowsupdate.com, clientservices.googleapis.com, download2.ccleaner.com.edgekey.net, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: https://download.ccleaner.com/portable/ccsetup629.zip

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000002.dbtmp

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:
MD5:	206702161F94C5CD39FADD03F4014D98
SHA1:	BD8BFC144FB5326D21BD1531523D9FB50E1B600A
SHA-256:	1005A525006F148C86EFCBFB36C6EAC091B311532448010F70F7DE9A68007167
SHA-512:	0AF09F26941B11991C750D1A2B525C39A8970900E98CBA96FD1B55DBF93FEE79E18B8AAB258F48B4F7BDA40D059629BC7770D84371235CDB1352A4F17F80E145
Malicious:	false
Reputation:	unknown
Preview:	MANIFEST-000002.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\CURRENT (copy)

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	206702161F94C5CD39FADD03F4014D98
SHA1:	BD8BFC144FB5326D21BD1531523D9FB50E1B600A
SHA-256:	1005A525006F148C86EFCBFB36C6EAC091B311532448010F70F7DE9A68007167
SHA-512:	0AF09F26941B11991C750D1A2B525C39A8970900E98CBA96FD1B55DBF93FEE79E18B8AAB258F48B4F7BDA40D059629BC7770D84371235CDB1352A4F17F80E145
Malicious:	false
Reputation:	unknown
Preview:	MANIFEST-000002.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	145
Entropy (8bit):	4.5466597590357685
Encrypted:	false
SSDEEP:
MD5:	ECE1AFD2314A940574E0483B91C09AE3
SHA1:	A6B861A00FD208AA746445A9CB7E250A0A23B46B
SHA-256:	F943B7B699C2AE338F9EDF5C71E0F05416F975FF16F6540B9BD3AE3731D27D97
SHA-512:	F4115CE1A1058B8A1C9AE7DA0E9AD28E28ABEF0003A3E17B4EE4A9943F5ACCFCC9450E8D0214A6732A3622E86F0F33361EB4858FC51036C2A711CBA22B211D3E
Malicious:	false
Reputation:	unknown
Preview:	2024/10/23-18:49:49.000966 56c Recovering log #3.2024/10/23-18:49:49.000966 56c Delete type=0 #3.2024/10/23-18:49:49.000966 56c Delete type=3 #1.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	ECE1AFD2314A940574E0483B91C09AE3
SHA1:	A6B861A00FD208AA746445A9CB7E250A0A23B46B
SHA-256:	F943B7B699C2AE338F9EDF5C71E0F05416F975FF16F6540B9BD3AE3731D27D97
SHA-512:	F4115CE1A1058B8A1C9AE7DA0E9AD28E28ABEF0003A3E17B4EE4A9943F5ACCFCC9450E8D0214A6732A3622E86F0F33361EB4858FC51036C2A711CBA22B211D3E
Malicious:	false
Reputation:	unknown
Preview:	2024/10/23-18:49:49.000966 56c Recovering log #3.2024/10/23-18:49:49.000966 56c Delete type=0 #3.2024/10/23-18:49:49.000966 56c Delete type=3 #1.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\MANIFEST-000002

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	MPEG-4 LOAS
Category:	dropped
Size (bytes):	50
Entropy (8bit):	4.988758439731456
Encrypted:	false
SSDEEP:
MD5:	64486E4C658733375B5B98EB7DCA49FF
SHA1:	FCAE1102348CBAB75E16C45901C9EE9974A87BC3
SHA-256:	D420B162415FF7ED4B23DA14CEE4FFC3E89B288951AB5EFE8965266367D6B370
SHA-512:	A216F7A9508C011889B6859F377D7E4BA6A3DBA794A04206C759D7A41910B73C87BF62DB0AD71054D33AD3375D7DB005521C9851E3EE8F32F6388A586F78A3BF
Malicious:	false
Reputation:	unknown
Preview:	V........leveldb.BytewiseComparator\.j............

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\C0XLFJ0M.txt

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	Generic INItialization configuration [Common]
Category:	dropped
Size (bytes):	1426
Entropy (8bit):	5.420134353525113
Encrypted:	false
SSDEEP:
MD5:	806CDCDFD78F5B77D1C6D5154574FF17
SHA1:	B152738912E16AD003BBD26FE8E300B7680B0565
SHA-256:	CF07793ED7AE7A7C7C9D15FAA29B7C0D8AD141F47C5941908B6C946BDB8CB235
SHA-512:	5F8E8425ACE8E821FB623819EC48AA067C249014F75E28CA90BE2E17840FFD94AF2E48EEA95BE856F43D449CC69B0D41151FF63C882E16EE7AC7FE32F93AC265
Malicious:	false
Reputation:	unknown
Preview:	[Encrypt]..CCAM=DISABLED..CCPOC=DISABLED..CCT=DISABLED..DTNP=1200..DUNP=900..[Common]..AlphaIntegration=1..AlphaMigration=1..AU2=1..AUTNV=0..CCNU=0..DriverScanInterval=7..DriverUpdater=1..DriverUpdaterVersion=1..DumpReporting=1..DUSkipOnboarding=0..GDDEBUG=0..HCAddResults=1..HCDirectCart=0..HCResolveBtn=0..HCSkipAdvanced=0..HealthCheck=1..HealthCheckIpm=1..HealthCheckNF=1..HealthCheckVersion=1..HideRegistry=1..NotificationCentre=1..OPSWATSoftwareUpdater=1..OPSWATSoftwareUpdaterHC=1..PC=0..PCCU=0..PCCUD=5..PE=1..PENP=27..PerformanceOptimizerVersion=1..POSkipOnboarding=0..PrivacyPolicyDate=2024-02-13..ProFeatureCounters=1..PTOOF=0..QuickCleanIpm=1..REU=90..ShowOffers3rdParty=1..SoftwareUpdater=1..SoftwareUpdaterIpm=1..SPERDI=8..SRDI=8..SUExclusions=tp3149,tp848,tp3197,tp2434,tp921,tp236,tp468,tp471,tp2867,tp569,tp570,tp1339,tp2843,tp2594,tp3009,tp1373,tp311,tp571,tp1434,tp2571,tp2845,tp2979,tp2047,tp411,tp1774,tp2346,tp1082,tp3083,tp366,tp2579,tp2581,tp2580,tp2697,tp361,tp605,tp1677,tp11

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\info[1].json

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	351
Entropy (8bit):	5.041375973337717
Encrypted:	false
SSDEEP:
MD5:	CEC74FEF1206CECCD939FBD253375F8B
SHA1:	7512F0EADDA0C20142E09C9A59BE3E24F31ED38C
SHA-256:	9FB0D165A5D0A65DC9A994DFC85D799501D3416CD8BC3D5535C5553C9BD677B3
SHA-512:	BC799CFED28729D1C55CDCAAB159B8804F6CF1CF18C5D2FBB7D0CBA6ADED4AE1B96A3C695BD68AD54CA755827A69816D8BCDAF7D1A2086774DBECB6701C85E67
Malicious:	false
Reputation:	unknown
Preview:	{"asnNumber":8100,"asnOrganization":"ASN-QUADRANET-GLOBAL","city":"Killeen","continent":"North America","continentCode":"NA","country":"US","countryName":"United States","ip":"173.254.250.90","isp":"OMGitsfast","latitude":31.0065,"longitude":-97.8406,"organization":"OMGitsfast","postalCode":"76549","subdivisions":["TX"],"timezone":"America/Chicago"}

C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.39124014286970193
Encrypted:	false
SSDEEP:
MD5:	288021246ACB9433B5CDA9BDDCCB9F4A
SHA1:	64E1416B6322381EADC149F26995DC007EAB5B90
SHA-256:	CDD9B4F4BEED50CC470A7681576898794F2CDC1738A6FCD77BEC228C0931CFCF
SHA-512:	EFDF91572FCED8C43AC9E759C7B415D12AB542F0D757D7D0833954F9D9600A220160FCBA587E646BE20D9C6BCC7D0AADE4FF9C3A43160A70F89969BCF4CFCE43
Malicious:	false
Reputation:	unknown
Preview:	H..................p0.......{..................C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\..............................................................................................................................................................................................................C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\...................................................................................................................................................................................................................,...@.......~.........5w.................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	data
Category:	dropped
Size (bytes):	524288
Entropy (8bit):	0.4854520477335263
Encrypted:	false
SSDEEP:
MD5:	298B43959B4303A503BE4EC27F7954AC
SHA1:	AAEEA81DF42B5CF85C69F6ADB8266B867AA71549
SHA-256:	06475AF4AF47CB8AC449D1CD88F52D042F302FF93AE7222413EFC14C7124AF1C
SHA-512:	7AA2E900CE6B3EA26D23CC8DD639893DB2012B4AFF661B4695A3227583297F43D946AF08BF5FA9ECD70F306F453202E714004A651940399CD0562665B71FE2D2
Malicious:	false
Reputation:	unknown
Preview:	..m$.............9...\|...7...\|k.........<...p0.......{..................C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\..............................................................................................................................................................................................................C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\...............................................................................................................................................................................................................0u.............................................Y............x..f.f.#......... ..Z)......`.......h.Z.......X.....q........{..................C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.W.e.b.C.a.c.h.e.\.W.e.b.C.a.c.h.e.V.0.1...d.a.t..............................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0x78318f8e, page size 32768, Windows version 10.0
Category:	dropped
Size (bytes):	17301504
Entropy (8bit):	1.1697021128822997
Encrypted:	false
SSDEEP:
MD5:	0C589648CBD16AD57642F40F27106710
SHA1:	822D72079BC6D2F06CC94375FF9BBDBF213C64E5
SHA-256:	132634DE1B7DD2CB5A5C72F75739A2E7DA13EC04232A1F8B020129C4134D22DA
SHA-512:	01AE547801B438DB246836E7DD261BD5A5C860FE9106DFB2252D4F691EADA153567BA4801DEAC16158CDA8B3B4546622D75095A379DC8AC4032EEF5B225F1125
Malicious:	false
Reputation:	unknown
Preview:	x1..... .......c)......q........{......................6.......-1...\|%.*1...\|{.h.......-1...\|%.6...........p0.......{..............................................................................................`...........eJ......n........................................................................................................... ...........................................................................................................................................................................................................77...\|....................................-1...\|%3...................-1...\|%..........................#......6.......................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.1371908878134663
Encrypted:	false
SSDEEP:
MD5:	A00FE1A08895EF1AD151D5D8E790D517
SHA1:	20E80994930E772E427382D62FB25714F827E59E
SHA-256:	0A212BBE8073181F13B5492CF2BA8A96BFBBBA22FD30ED9ECD94E6420862766F
SHA-512:	1B33EAD384C442193E1A246D1219C3E9E5F638265FED76AF0A5A0686FD7E7D278BD2BD06DE2E26FCDB9BE0B41971955B61F07E7CA29B62C2FB59B5E2656167C1
Malicious:	false
Reputation:	unknown
Preview:	8..V.........................................{..1...\|{.-1...\|%.........-1...\|%.-1...\|%.0..\|1...\|{3...................-1...\|%.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\6358C710-B89F-46B9-93F2-F6CAC44F5286

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	data
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	3.8822182847281104
Encrypted:	false
SSDEEP:
MD5:	27C30E752D00B5AAD5173B6FA5BCC2EA
SHA1:	611D9393B728392CB7086E588FBECB90DDDF8EE9
SHA-256:	2CADAEA7A09A266E1E2B960F474A6F2B7077079F2EAAB7391552B0D5DA392BDD
SHA-512:	07ECB42C404421C9B14855CC1A48177AD5FAA3EC7FB2A2E9BB345455B41B0DB07D7EC65FAF2CCEBA799B243A885D27FE2020A169DFBE04CB5E52020AF6227FBC
Malicious:	false
Reputation:	unknown
Preview:	A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.v.+.I.6.d.z.J.B.Q.0.O.B.M.M.7.a.5.O.l.X.Q.g.Q.A.A.A.A.C.A.A.A.A.A.A.A.Q.Z.g.A.A.A.A.E.A.A.C.A.A.A.A.C.t.h.i.i.v.8.d.m.l.y.G.0.D.j.H.I.S.V.o.4.i.h.5.5.0.v.s.R.2.4.L.p.8.y.C.j.3.p.b.X.i.Q.w.A.A.A.A.A.O.g.A.A.A.A.A.I.A.A.C.A.A.A.A.D.K.k.e.Q.j.q.3.p.B.z.f.3.X.1.Q.M.3.v.v.J.A.m.q.+.H.8.M.S.0.2.v.T.c.O.s.a.A.V.1.M.t.g.f.A.A.A.A.D.a.6.S.n.F.+.2.B.y.V.m.t.L.7.Z.Q.N.Q.W.e.i.S.c.A.X.+.+.S.k.y.e.d./.f.n.n.B.z.5.w.i.P.4.0.J.w.9.O.X.7.E.F.5.Z.T.t.n.y.Q.x.s.A.P.p.t./.W.3.0.F.j.i.z.6.L./.X.+.z.2.D.Q.j.2.k.6.l.x.G.j.V.i.1.E.x.B.t.T.5.1.t.u.j.z.+.W.S.H.M./.b.9.l.3.y.s.L.z.i.5.d.C.b.K./.3.n.2.w.h.d.u.D.U.e.o.g.A.6.Y.v.U.g.O.J.Z.F./.+.I.2.A.J.X.i.Q.r.X.f.n.7.9.X.D.R.w.0.n.4.6.w.m.P.y.x.X.Y.p.8.E.q.Y.w.L.N.p.s.7.E.c.9.m.5.v.W.M.A.o.c.E.V.u.5.K.A.y.u.N.1.5.r.T.e.9.e.b.q.E.H.0.G.k.W.p.C.Y.D.e.u.V.F.7./.9.d.Z.a.f.9.X.+.N.R.t.X.F.n.M.3.s.W.T.H.j.e.C.i.l.z.v.U.H.K.b.t.J.8./.h.j.t.M.M.7.y.M.T.v.p.r.h.t.6.d.b.z.m.Z.s.A.Q.I.J.T.a.l.f.O.i.L.U.x.g.5.P.

C:\Users\user\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	2.695563383509937
Encrypted:	false
SSDEEP:
MD5:	CB0A2241AD4E82EAF1DDDB1F4A576AB1
SHA1:	13FEC915D94737149DC1936432FFAC6D6B322534
SHA-256:	55289D8CD76FFBE13812C6AE9DC9FDDA8084A2DCDC2F0C02B36C9527E0BE87DE
SHA-512:	4B22DA6192197927C86842413402F09D0A7FBC1B654A1B4498299D7D90E4332B2CE14218605B469B9DB62C0DECEBE422CBF8D36D44B4BF5BB253E857597D00CA
Malicious:	false
Reputation:	unknown
Preview:	8.4.E.F.F.4.A.8.4.4.5.E.5.2.1.1.5.F.8.F.A.A.A.2.C.B.E.7.7.0.A.4.

C:\Users\user\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	2.798445966233785
Encrypted:	false
SSDEEP:
MD5:	7684ADBFC3404EF079090435923E00D5
SHA1:	1B0D217AF6061BC3879D7F8044DBF5B31CA333CA
SHA-256:	6460B00BBBBC24A42B8D17F2818C15462C5439BA687A06781D4FA60117FC492B
SHA-512:	B8E4B77DB8E7CC5F326A28C02AE40BD0561C664921FCB05DBE541B8560718D6D8292AD0E215667B1A9E3D9DAAF9694AA801921DBB36DA6FE8E5D5C18BD577425
Malicious:	false
Reputation:	unknown
Preview:	b.3.b.6.5.1.3.7.-.b.4.b.3.-.4.5.6.1.-.8.5.0.a.-.4.3.2.5.c.5.5.7.6.e.3.9.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\B249ZNM80TU3VQ2OKGVN.temp

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	data
Category:	dropped
Size (bytes):	6603
Entropy (8bit):	3.429379679198438
Encrypted:	false
SSDEEP:
MD5:	29BA5ACCAE00EA27588D5DB80C3601FD
SHA1:	38BCD8E7EBC7BE546C7EF288944234135EBDA330
SHA-256:	B59098C9D26A9C3A6A8C039EA9134D797638B0EF509AE58847708A0A93C49444
SHA-512:	AB4E47489F6BD7865926B933311D38677A1998F9313B8E9BE9B748DCCF5F3C12E1F49DBDD147A4EACA0AE199B9C105F506884279665F48223D081B8E820D3A0C
Malicious:	false
Reputation:	unknown
Preview:	...................................FL..................F.@.. .....JC=...E..K.%...*.%..0............................P.O. .:i.....+00.:....9..#..K.&].B.._&...&.........{4...18.).%...%.L.%....^.1.....WY....CCSETU~1..F......WY..WY......\Y.....................%0.c.c.s.e.t.u.p.6.2.9.....j.2.0...WY.. .CCLEAN~1.EXE..N......OYf.WY.......Y.....................oa.C.C.l.e.a.n.e.r.6.4...e.x.e.......`...............-......._...........&$.%.....C:\Users\user\Downloads\ccsetup629\CCleaner64.exe..../.A.U.T.O.J.L.1.C.:.\.U.s.e.r.s.\.c.a.l.i.\.D.o.w.n.l.o.a.d.s.\.c.c.s.e.t.u.p.6.2.9.\.C.C.l.e.a.n.e.r.6.4...e.x.e.........%USERPROFILE%\Downloads\ccsetup629\CCleaner64.exe...................................................................................................................................................................................................................%.U.S.E.R.P.R.O.F.I.L.E.%.\.D.o.w.n.l.o.a.d.s.\.c.c.s.e.t.u.p.6.2.9.\.C.C.l.e.a.n.e.r.6.4...e.x.e.............................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\cc3891bee323ecc0.customDestinations-ms (copy)

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	29BA5ACCAE00EA27588D5DB80C3601FD
SHA1:	38BCD8E7EBC7BE546C7EF288944234135EBDA330
SHA-256:	B59098C9D26A9C3A6A8C039EA9134D797638B0EF509AE58847708A0A93C49444
SHA-512:	AB4E47489F6BD7865926B933311D38677A1998F9313B8E9BE9B748DCCF5F3C12E1F49DBDD147A4EACA0AE199B9C105F506884279665F48223D081B8E820D3A0C
Malicious:	false
Reputation:	unknown
Preview:	...................................FL..................F.@.. .....JC=...E..K.%...*.%..0............................P.O. .:i.....+00.:....9..#..K.&].B.._&...&.........{4...18.).%...%.L.%....^.1.....WY....CCSETU~1..F......WY..WY......\Y.....................%0.c.c.s.e.t.u.p.6.2.9.....j.2.0...WY.. .CCLEAN~1.EXE..N......OYf.WY.......Y.....................oa.C.C.l.e.a.n.e.r.6.4...e.x.e.......`...............-......._...........&$.%.....C:\Users\user\Downloads\ccsetup629\CCleaner64.exe..../.A.U.T.O.J.L.1.C.:.\.U.s.e.r.s.\.c.a.l.i.\.D.o.w.n.l.o.a.d.s.\.c.c.s.e.t.u.p.6.2.9.\.C.C.l.e.a.n.e.r.6.4...e.x.e.........%USERPROFILE%\Downloads\ccsetup629\CCleaner64.exe...................................................................................................................................................................................................................%.U.S.E.R.P.R.O.F.I.L.E.%.\.D.o.w.n.l.o.a.d.s.\.c.c.s.e.t.u.p.6.2.9.\.C.C.l.e.a.n.e.r.6.4...e.x.e.............................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 21:44:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9897918112606976
Encrypted:	false
SSDEEP:
MD5:	6EC76E01453DD2095DB8607F650BE84A
SHA1:	5933081F6CBB7BAF521E99555D5CCA28B8446E6B
SHA-256:	E858813E57CCA5E073BAE1295EA3FA626D98C328E5D78B16F208A16E182E26DF
SHA-512:	FA1018B6E865CD0C50F081CAAB099DD61D339E43E7D41234138E667ECA3045988CC06A0BCDAAE98F9AB244D3F09ED16AD0A5D1121E596796F2613C09647DBDC1
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.........%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY\|.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........&$.%.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 21:44:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.002385646246759
Encrypted:	false
SSDEEP:
MD5:	AEBA037E9EBE8D21400098DB50E958D7
SHA1:	CF598F08505B8140F71E91385880791BB7F144F1
SHA-256:	5BC3C8673C4860A14C3A8E14FC1746C6D801E0B8BF1A707D922382B9BD56DDCA
SHA-512:	DB4FBF2800E9FB746BB957BFA49B63F86ABDE8525166335D96BF2D54969E45CC3697587BE7BEA97DFBBADFD2372D75AB63F4AE862AE032DF74BBB8C879F0D182
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....Y....%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY\|.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........&$.%.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.011019363668157
Encrypted:	false
SSDEEP:
MD5:	F6B85883DF3D34C225A31C34CE255B37
SHA1:	A618F7B70C5B943D8F3B35826DB96AA5BFBC320D
SHA-256:	7304FA832DDDD14AE799DF5F5910F94BD5CBC2B60C49A7D22177D0CAFAEF902D
SHA-512:	73D95973BB205DB113316F4A494A03B9BCA0D638652AB5997ED24F2D691421CCF2EB476795721B874C611029EEC785425B30C145BB8959701D125B8EE3084865
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY\|.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........&$.%.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 21:44:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.003384119762773
Encrypted:	false
SSDEEP:
MD5:	F92357B3783E6D53ABBAC33928846407
SHA1:	E16A85E25D333682A2B0AFD0BC4747F66AC04CD5
SHA-256:	028641D6D39BA12667A4F8B449A0A31E61AE97CD7CD779EEC6D97238D6368EB9
SHA-512:	766F78121868E225F2DAC2F37AF33EAC01D6E1946BF4D18ACCA5DBAB12349FB6B3CC002365F4AF8CB9EBCA65AD64F49A4666C25BED5FD51D07D846FBB84A5FB7
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.........%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY\|.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........&$.%.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 21:44:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9904461297249183
Encrypted:	false
SSDEEP:
MD5:	0C47E57C53E92FD95437F9B0E204E033
SHA1:	5A18F1D283AB9142DAB12054B39EFD4D4D5BA7C2
SHA-256:	E21DEE9C8BD225C3196933AB2C4DE407EFE055C945D400F54B9E09023E343CDE
SHA-512:	3BDFA4DDA7CC05EFAFB31D33AA450EC6FF8EB20CFAC905B5A3F8F10F47CB8ACCDB0F758CA257DCBEA8D4204D3322BB3A0FA896DB6E88DA4B95F294B14097B865
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,........%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY\|.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........&$.%.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 21:44:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.998136394255661
Encrypted:	false
SSDEEP:
MD5:	7C0139260F9F81A438BF03E065878E51
SHA1:	92162892C6E52C1D530CD5FD556F08B947E10352
SHA-256:	CDC9F18161CE9FE2B9D0E84B245258759100384D750E321BC3E5E991E0018952
SHA-512:	457F09C7C87C9FDE7883606EB54536A607A85D39AE0A9F9C7C06D3A0772433DB20959903B416B3C73592BEA5DED0312C5CDC9D8E3FA0D472F4D58395BB5B773E
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....ym...%..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IWY\|.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VWY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VWY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VWY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........&$.%.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\webappsstore.sqlite-shm

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	true
Reputation:	unknown
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Downloads\2f4bfd42-2fd8-46c8-95e4-68502d31c004.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	16029
Entropy (8bit):	7.9832587317678705
Encrypted:	false
SSDEEP:
MD5:	D2DD933E588A600EBD1549CCE75CEF1C
SHA1:	E39F25D1BC2F2C3237DA88639D28D8C36BAB5384
SHA-256:	A78F0CCCEA5A5A89DE886D6A74C550D82A19EA4EB8D548CBF52411DEE1C7A8AF
SHA-512:	96EF9816A0F55338E2D2EC8C7DFE883C0B54A106DB1EA46C95D181BDCE36B93BCBBFC6D2822A4A0E3E2BE0DF6D09B79254FD76CEDFFE3E00AB9DD1535670E6A7
Malicious:	true
Yara Hits:	Rule: JoeSecurity_ZipBomb, Description: Yara detected ZipBomb, Source: C:\Users\user\Downloads\2f4bfd42-2fd8-46c8-95e4-68502d31c004.tmp, Author: Joe Security Rule: JoeSecurity_ZipBomb, Description: Yara detected ZipBomb, Source: C:\Users\user\Downloads\2f4bfd42-2fd8-46c8-95e4-68502d31c004.tmp, Author: Joe Security Rule: JoeSecurity_ZipBomb, Description: Yara detected ZipBomb, Source: C:\Users\user\Downloads\2f4bfd42-2fd8-46c8-95e4-68502d31c004.tmp, Author: Joe Security Rule: JoeSecurity_ZipBomb, Description: Yara detected ZipBomb, Source: C:\Users\user\Downloads\2f4bfd42-2fd8-46c8-95e4-68502d31c004.tmp, Author: Joe Security
Reputation:	unknown
Preview:	PK........f.OYG..`#...0yT.....CCleaner.exe.].\|.W..I.d.-..[....;.Pc...m..@.......-G[.Y..)W.D..(j.Qk.7.Uk.5...H..$.Z...#...h.....7...9..l.i`gg.......{.....]o..X,V\|..,..,./.r....2n..,..HzA.H.y.e..y....{...\.r...<y..z...dN...o....l...q$..o={.......Se....e..x....\Q.k.?.PP.'.^Y...~.l-.?n_Y....(.%..je.s\|..oq..e......(.9...jE..\|u.O..+..i\|...O....ih..h.t..?z...y...g..'J_{@...gK..M...I.K._,.).k..9....3.Z. .3...Y,YR.e..q.....8i.4.....K..[%..U....N..8...q.K..a~[...#...8KF.....-.Z.,.l'GY:..Rf...J.....5eZN.k...q..\aY.Z ..$@...._.C2mH...wX,.[..g...].\|......K...j...X._.....Y,...,!.s......NT.<......d....eq .^.u..BM..G....?._/oY...3&..{....y.~..-."0b.,.....z.ZF...w....0[..@.g.p.l5....+Nm.M~......R~V+S..'/.}T.V....z(w........].h......h~.-.......w-.].....w..ej&...YD.Y#?.q.....V...<;."..dCK.6......._.&Q-..../.r..gq.lr.7.a..S.NL....ki."v.}...'....!......4.<..H....&.../..E.tQ;.Hek^.........?....k...'8..nI.RB.B.a.It....O..]..K..P..Z;1........#....... .. .L

C:\Users\user\Downloads\ccsetup629.zip (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	D2DD933E588A600EBD1549CCE75CEF1C
SHA1:	E39F25D1BC2F2C3237DA88639D28D8C36BAB5384
SHA-256:	A78F0CCCEA5A5A89DE886D6A74C550D82A19EA4EB8D548CBF52411DEE1C7A8AF
SHA-512:	96EF9816A0F55338E2D2EC8C7DFE883C0B54A106DB1EA46C95D181BDCE36B93BCBBFC6D2822A4A0E3E2BE0DF6D09B79254FD76CEDFFE3E00AB9DD1535670E6A7
Malicious:	false
Reputation:	unknown
Preview:	PK........f.OYG..`#...0yT.....CCleaner.exe.].\|.W..I.d.-..[....;.Pc...m..@.......-G[.Y..)W.D..(j.Qk.7.Uk.5...H..$.Z...#...h.....7...9..l.i`gg.......{.....]o..X,V\|..,..,./.r....2n..,..HzA.H.y.e..y....{...\.r...<y..z...dN...o....l...q$..o={.......Se....e..x....\Q.k.?.PP.'.^Y...~.l-.?n_Y....(.%..je.s\|..oq..e......(.9...jE..\|u.O..+..i\|...O....ih..h.t..?z...y...g..'J_{@...gK..M...I.K._,.).k..9....3.Z. .3...Y,YR.e..q.....8i.4.....K..[%..U....N..8...q.K..a~[...#...8KF.....-.Z.,.l'GY:..Rf...J.....5eZN.k...q..\aY.Z ..$@...._.C2mH...wX,.[..g...].\|......K...j...X._.....Y,...,!.s......NT.<......d....eq .^.u..BM..G....?._/oY...3&..{....y.~..-."0b.,.....z.ZF...w....0[..@.g.p.l5....+Nm.M~......R~V+S..'/.}T.V....z(w........].h......h~.-.......w-.].....w..ej&...YD.Y#?.q.....V...<;."..dCK.6......._.&Q-..../.r..gq.lr.7.a..S.NL....ki."v.}...'....!......4.<..H....&.../..E.tQ;.Hek^.........?....k...'8..nI.RB.B.a.It....O..]..K..P..Z;1........#....... .. .L

C:\Users\user\Downloads\ccsetup629.zip.crdownload (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	D2DD933E588A600EBD1549CCE75CEF1C
SHA1:	E39F25D1BC2F2C3237DA88639D28D8C36BAB5384
SHA-256:	A78F0CCCEA5A5A89DE886D6A74C550D82A19EA4EB8D548CBF52411DEE1C7A8AF
SHA-512:	96EF9816A0F55338E2D2EC8C7DFE883C0B54A106DB1EA46C95D181BDCE36B93BCBBFC6D2822A4A0E3E2BE0DF6D09B79254FD76CEDFFE3E00AB9DD1535670E6A7
Malicious:	false
Reputation:	unknown
Preview:	PK........f.OYG..`#...0yT.....CCleaner.exe.].\|.W..I.d.-..[....;.Pc...m..@.......-G[.Y..)W.D..(j.Qk.7.Uk.5...H..$.Z...#...h.....7...9..l.i`gg.......{.....]o..X,V\|..,..,./.r....2n..,..HzA.H.y.e..y....{...\.r...<y..z...dN...o....l...q$..o={.......Se....e..x....\Q.k.?.PP.'.^Y...~.l-.?n_Y....(.%..je.s\|..oq..e......(.9...jE..\|u.O..+..i\|...O....ih..h.t..?z...y...g..'J_{@...gK..M...I.K._,.).k..9....3.Z. .3...Y,YR.e..q.....8i.4.....K..[%..U....N..8...q.K..a~[...#...8KF.....-.Z.,.l'GY:..Rf...J.....5eZN.k...q..\aY.Z ..$@...._.C2mH...wX,.[..g...].\|......K...j...X._.....Y,...,!.s......NT.<......d....eq .^.u..BM..G....?._/oY...3&..{....y.~..-."0b.,.....z.ZF...w....0[..@.g.p.l5....+Nm.M~......R~V+S..'/.}T.V....z(w........].h......h~.-.......w-.].....w..ej&...YD.Y#?.q.....V...<;."..dCK.6......._.&Q-..../.r..gq.lr.7.a..S.NL....ki."v.}...'....!......4.<..H....&.../..E.tQ;.Hek^.........?....k...'8..nI.RB.B.a.It....O..]..K..P..Z;1........#....... .. .L

C:\Users\user\Downloads\ccsetup629\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\44ED97C8-2D40-4A50-913D-673F6858B9AF

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	5.545787138214116
Encrypted:	false
SSDEEP:
MD5:	5068FE0E1EDC3ED1E5F9D087146D515C
SHA1:	14018A95DC0E7EAC042F3017CF1D3A58FE258F3C
SHA-256:	E92EF8C6991937F1FEDD1EC7A4414066956BF966A6B339248339C419168FE7A4
SHA-512:	D387DF407723A3949CA7E59042D04669BB7E0C08F19F66B296856D3C19004A4EF3E1ADB668FE244348E72FD7DEF14F2D46F2E45089D5F5D09C574999413B22E4
Malicious:	false
Reputation:	unknown
Preview:	..gcrxas20,1..gcrxas, Inc..&Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz ...*.Intel Corporation2.Intel 806f88..@.H.P.?X..`..

C:\Users\user\Downloads\ccsetup629\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\7d846b03-5697-42ad-987c-9d397e36e919

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	data
Category:	dropped
Size (bytes):	678
Entropy (8bit):	7.410019842629259
Encrypted:	false
SSDEEP:
MD5:	5AD8F8BD41A359E4098D7BA07275AA1C
SHA1:	0D75DC3946821F097D1044F0D4968D30DDAFFF96
SHA-256:	195363FEA59B05E03189FDA82514F275EAB6EBBB9C962BD854E9CAAFEC5086C5
SHA-512:	32B304BE4B68CA440B3B48B4BA2B7E8E1F9ED547B1B9B0C15DAD8B0E7440A1500DB948A5D9A1970FDB42631EC37C6715AAF8C4B21DE3FE3E707543AD61B0269B
Malicious:	false
Reputation:	unknown
Preview:	burgerdata..................................z..O.......}.....F.&v....-...........f...... ...WR......W.#....D...3.......0............ ......}x..12YO.&...{a.7.`].....T@....{t.W0s.A...n ....R......IX.&..{..M.6...;...4....E......=...0{....[z....+1.Y..*c_.ju...".HA..^.$.......E.O=.$wH....H,^.n.......+>..U...e. .3...~$O.......2.mur.....X.\|:.....V_V..R=@...g.....<)......e.....d......B.v.q.l..q9,...r..J...~...(T.S..+......8w..S..wf>........j..b..NK..p.+.......M.I.p..9L.d..O......V...]K...sP.Wfu.5gr...M..Q_.Jo.1.k...P.#a.?...jHP..=R....F....:\.a..p.L.e...lE.%...O5..[.+..s.~Q_..,){@........o.c.Uy\|}A.....RR[.<..6.(L.{..%.(.--.....5.[.,Ru)S?....-..

C:\Users\user\Downloads\ccsetup629\Data\usercfg.ini

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	43
Entropy (8bit):	4.658368242872937
Encrypted:	false
SSDEEP:
MD5:	A85E9E7C24280934AE6AB3C6453584D4
SHA1:	7A5B6AC277D4A0078C3D4FD3C8AB9F36F9421E20
SHA-256:	3992DEBC7C4972F2636B14211B979809FA52008FCE7DE80D90574A7B8AC7C5FA
SHA-512:	1AD72DE83D7BB234696425AE41C6B89AFAB3B018EFD41452170504C8C8678D605A07505F0D0D2B11F9B3D9360393D62CAF7470456561F17864A388EFE8B65F58
Malicious:	false
Reputation:	unknown
Preview:	...[GDPR]..thirdPartyAnalyticsEnabled=1..

C:\Users\user\Downloads\ccsetup629\LOG\DriverUpdEng.log

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	551
Entropy (8bit):	4.997018412353725
Encrypted:	false
SSDEEP:
MD5:	7DD6018359BD70F5D001B2C08C5C224E
SHA1:	6E4E36E3E65CA9C80C8D1984EADBD617FDCB87F0
SHA-256:	964F71C33410902BE2B526E833E6155F69A6408F057D6179341D95EA11E6FF39
SHA-512:	A5A314EB621C3E0B85DD6A3E4F44D85E96EE4E123B684D31DC173964F2DA64C1A7FCF838264A9954547319B42CB8540E450B4F42091F918FF8694FD3C45CF8CF
Malicious:	false
Reputation:	unknown
Preview:	.[2024-10-23 22:45:45.766] [info ] [DULib ] [ 5428: 6928] [3273A3: 38] [24.2.5234.0] [UpdateManager.cpp] [38] DriverUpdater::UpdateManager::UpdateManager: Initialize Update Engine..[2024-10-23 22:49:24.523] [info ] [DULib ] [ 5428: 1388] [CEF02C:1416] [24.2.5234.0] [DriverUpdater.cpp] [1416] DriverUpdater::DriverUpdaterImpl::logTask: Creating new SCAN Task..[2024-10-23 22:49:24.523] [info ] [DULib ] [ 5428: 6988] [CEF02C:2239] [24.2.5234.0] [DriverUpdater.cpp] [2239] DriverUpdater::DriverUpdaterImpl::Scan: Starting Scan..

C:\Users\user\Downloads\ccsetup629\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\44ED97C8-2D40-4A50-913D-673F6858B9AF

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	5.545787138214116
Encrypted:	false
SSDEEP:
MD5:	EC955CE134CEF38F971AE7FC4D5E7D5D
SHA1:	783CB51B2BC8016ED2AD5CBC8D120771B78B3DE8
SHA-256:	D9148D5CC5972F5E6369C042235FE2CE94F65A984594E14DFF00E8D36E5C937A
SHA-512:	AC44001A4EF70B60806B6A1DF993977A6C196339B3DF37C99FDE39220AB4976DE783673041A7FEB7A99CBE8B6572C4004ECED6F0F20CE3348886A978B9142B36
Malicious:	false
Reputation:	unknown
Preview:	..gcrxas20,1..gcrxas, Inc..&Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz ...*.Intel Corporation2.Intel 806f88..@.H.P.?X..`..

C:\Users\user\Downloads\ccsetup629\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\78181805-65b0-48ec-b23e-bb9eea753fff

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	data
Category:	dropped
Size (bytes):	582
Entropy (8bit):	7.2541006371111685
Encrypted:	false
SSDEEP:
MD5:	08C342750F607946607D5B395E1D4F4C
SHA1:	606E6E555910CC15112B60D0A7BEE27EF912EC49
SHA-256:	FB59EE0BE659BC5C5D50C68E34FCBEB4980960F4ECF509086626DB64788C30E0
SHA-512:	808C2109E866436DA1581C921854C8AD3CF87A4436A99073B7B0BC69995CFD435DEFADF19B202BAB28DD84FB72C51C049027EA9BA5A4A98FDE81449199AFD836
Malicious:	false
Reputation:	unknown
Preview:	burgerdata..................................z..O.......}.....F.&v....-...........f...... ...+.5...#T....~ZP.oE.o.Z$.....}............. .....C..\|i....&w;...+?.Wy..,lP......D.....7.... .k.f....;...hv.U..:.n>n.U"...O.-.0,.6u.k... ..-..pI..-X.Z...;.8Q.h..P.'%N^.Q.[`..1d.0.QC.=..RQ].3..5e......$...Rm6VEN.kxYR..0.C.....>X...\|~.$.7..5...$Oz.X._...ViK.C..n.Q.M!.$K{?..#X....Z.\|....G.....E......h..2i........../O......p......`l...<.q..p..3.m...%.Q6Zx_...!(../E.oJmK.m..\|.R\B...,G.m.g..A.O.*..@...q..<.4Y....}.....5.=0....,..n.Bz..]>.O.........`.Z..A....`.s.

C:\Users\user\Downloads\ccsetup629\LOG\su_controller.log

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	504
Entropy (8bit):	5.100510232746275
Encrypted:	false
SSDEEP:
MD5:	513FF831A8B25503EAFF8F54250083A9
SHA1:	0F584D8E4FAB31ABC08BB9FE253F85C4840A4E89
SHA-256:	F5B777F0741B863607BC5D892158F79D2E7EE19D45498FF739D2A8EC67AB37BB
SHA-512:	148986A256E430B834E7898D24C55A735F5DA3B10674E21A3CCEFDF92D1EC84BF6BD47780AE032BF04815843011F3E99CF53C96C385B931F4913D0FA2FC3975A
Malicious:	false
Reputation:	unknown
Preview:	.[2024-10-23 22:49:24.347] [info ] [sw_updater ] [ 5428: 1388] [98DA86: 96] asw::su_controller::detail::SUControllerModule::OnScanStateUpdated..[2024-10-23 22:49:24.347] [info ] [sw_updater ] [ 5428: 1388] [98DA86: 96] asw::su_controller::detail::SUControllerModule::OnDetectionsUpdated..[2024-10-23 22:49:24.347] [info ] [sw_updater ] [ 5428: 1388] [98DA86: 105] asw::su_controller::detail::SUControllerModule::StartScan:S-1-5-21-2246122658-3693405117-2476756634-1003,Nothing,Manual,,nullopt..

C:\Users\user\Downloads\ccsetup629\Setup\config.def

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	27
Entropy (8bit):	4.106377316818027
Encrypted:	false
SSDEEP:
MD5:	05927E894C81EB42C3B4DAE5A5A6C937
SHA1:	7EC0660AAC7C3396599447A49F30BA18E1F0DB49
SHA-256:	09C65B39BC891E12956AB7BB30FAE147EF7C8FA37542B6F040613436B566E7F8
SHA-512:	C06E2788952A3550597F5B539CF8F5CF7A569E33192951BC8CE97D4570BD4BA35ABCE99586F309F3E1CFFE6F1D83AEE98B79C0C26503EF4CD4D1FBFB40E1BA4E
Malicious:	false
Reputation:	unknown
Preview:	[common]..DumpReporting=1..

C:\Users\user\Downloads\ccsetup629\ccleaner.ini

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	Microsoft HTML Help Project
Category:	modified
Size (bytes):	2050
Entropy (8bit):	5.585384042696089
Encrypted:	false
SSDEEP:
MD5:	D81EA5B14B30C5D423368AE459B4BEBD
SHA1:	F2CBAFFF85A265060F7B20828BB08C443E1890A6
SHA-256:	37BA9C937EE440039BD861009FA48D846D7DF29E15F7C34769A5201DB4C286B1
SHA-512:	41539BBE721CBF396183B799DED03C6319C5DCB8CA7BB34BF813E1CAC3E90574A3EC2E17300EABD083B460546FCB06FFED516096B10A1BE31B2AE40B3021A21A
Malicious:	false
Reputation:	unknown
Preview:	[Options]..DAST=10/23/2024 18:45:45..T8062=1..HomeScreen=3..DefaultDetailedView=2..CheckTrialOffer=0..UpdateBackground=1..FTU=23/10/2024\|1\|0..AcqSrc=mmm_ccl_oth_007_745_m..LatestICS=6.29.11342..CookiesToSave=.avast.com\|.ccleaner.com\|.ccleanercloud.com\|.piriform.com\|login.live.com..RunICS=0..Monitoring=0..LTR=10/23/2024 18:49:24..UpdateKey=10/23/2024 06:49:32 pm..CountryCode=US..LastCheckCountry=10/23/2024 06:49:26 pm..(Cfg)TTL= 86400..(Cfg)TTL-Spread= 43200..(Cfg)AU2=1..(Cfg)AUTNV=0..(Cfg)AlphaIntegration=1..(Cfg)AlphaMigration=1..(Cfg)CCNU=0..(Cfg)DUSkipOnboarding=0..(Cfg)DriverScanInterval=7..(Cfg)DriverUpdater=1..(Cfg)DriverUpdaterVersion=1..(Cfg)DumpReporting=1..(Cfg)GDDEBUG=0..(Cfg)HCAddResults=1..(Cfg)HCDirectCart=0..(Cfg)HCResolveBtn=0..(Cfg)HCSkipAdvanced=0..(Cfg)HealthCheck=1..(Cfg)HealthCheckIpm=1..(Cfg)HealthCheckNF=1..(Cfg)HealthCheckVersion=1..(Cfg)HideRegistry=1..(Cfg)NotificationCentre=1..(Cfg)OPSWATSoftwareUpdater=1..(Cfg)OPSWATSoftwareUpdaterHC=1..(Cfg)PC=0..(Cfg)P

C:\Users\user\Downloads\ccsetup629\gcapi_17297235455428.dll (copy)

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	F17F96322F8741FE86699963A1812897
SHA1:	A8433CAB1DEB9C128C745057A809B42110001F55
SHA-256:	8B6CE3A640E2D6F36B0001BE2A1ABB765AE51E62C314A15911E75138CBB544BB
SHA-512:	F10586F650A5D602287E6E7AEEAF688B275F0606E20551A70EA616999579ACDF7EA2F10CEBCFAA817DAE4A2FC9076E7FA5B74D9C4B38878FBF590FFE0E7D81C9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...Pt.^.........." ................0M.......................................@............`..........................................f.......h..........x........V........... ......\|e.......................c..(.......0............n...............................text............................... ..`.rdata..L...........................@..@.data...D}.......4..................@....pdata...V.......X..................@..@.00cfg..(............r..............@..@.tls.................t..............@..._RDATA...............v..............@..@.rsrc...x............x..............@..@.reloc....... .......~..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\Downloads\ccsetup629\gcapi_dll.dll

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	758272
Entropy (8bit):	6.544177497925195
Encrypted:	false
SSDEEP:
MD5:	F17F96322F8741FE86699963A1812897
SHA1:	A8433CAB1DEB9C128C745057A809B42110001F55
SHA-256:	8B6CE3A640E2D6F36B0001BE2A1ABB765AE51E62C314A15911E75138CBB544BB
SHA-512:	F10586F650A5D602287E6E7AEEAF688B275F0606E20551A70EA616999579ACDF7EA2F10CEBCFAA817DAE4A2FC9076E7FA5B74D9C4B38878FBF590FFE0E7D81C9
Malicious:	false
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...Pt.^.........." ................0M.......................................@............`..........................................f.......h..........x........V........... ......\|e.......................c..(.......0............n...............................text............................... ..`.rdata..L...........................@..@.data...D}.......4..................@....pdata...V.......X..................@..@.00cfg..(............r..............@..@.tls.................t..............@..._RDATA...............v..............@..@.rsrc...x............x..............@..@.reloc....... .......~..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\Downloads\ccsetup629\lc.dat (copy)

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	E644DD4E6A10081E173A0B961EF72278
SHA1:	BE32D6479AB0E20EEBACA84BE37FC60DA11F975A
SHA-256:	F51FA40E3459DF6AC048D43F9E5168C760A90674BCF3339AAB60A7FAF7AEEC72
SHA-512:	2F6FCA5E761CD1F8CBAB6648F7AA8E26D798D348C3F40099F6C15B80A674DB27D36A790EF5E70CB7FE38DB169352CFD039A16C7008E14D7288402265BAC6A4C8
Malicious:	false
Reputation:	unknown
Preview:	...S.....m..G...i.N.....z.{......b.......z........k...u.h.Z._.f%3..3z0..o.._[4....r.b...9Ak....J....d..`Oh.....@..$^....]..TtA..>.vI...Y.p~...?F.].z+Wo..N.........e.......\..F...^.~.\..j_.q.....f..P....q."......B....+l.v.Z1...qb....5../.....j...n..i..\|.x#...<._.3.....@....9.C..n.....(T.-<%..r[.J~.{7k..o..7(..u..).S..M..c.O./^.r..@.c:Q,o.....&..pN....%"C....L.+0....h.8.........N..(.y.

C:\Windows\Tasks\CCleanerCrashReporting.job

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	data
Category:	dropped
Size (bytes):	656
Entropy (8bit):	3.614673675649633
Encrypted:	false
SSDEEP:
MD5:	27F2C545E62B20D2FB4B659BBE478CE1
SHA1:	94E87F10AC4C0348CA164FB8EEE6D1122803AAD2
SHA-256:	9BCD98049EE31AD5A51153BC8ED8724374661D93EE98734A6605A9A489608F38
SHA-512:	64496798E5171DE06400042F776E2AE3DD8887D0844B393FA0CA28EDB712DAAE1343CB204A93658BE23D484422D7455BEC9CBEA65F752ACD3AA01789222A44B9
Malicious:	false
Reputation:	unknown
Preview:	..........fN...._...F.^.....<... .....s.......... ....................=.C.:.\.U.s.e.r.s.\.c.a.l.i.\.D.o.w.n.l.o.a.d.s.\.c.c.s.e.t.u.p.6.2.9.\.x.6.4.\.C.C.l.e.a.n.e.r.B.u.g.R.e.p.o.r.t...e.x.e.....-.-.p.r.o.d.u.c.t. .9.0. .-.-.s.e.n.d. .d.u.m.p.s.\|.r.e.p.o.r.t. .-.-.p.a.t.h. .".C.:.\.U.s.e.r.s.\.c.a.l.i.\.D.o.w.n.l.o.a.d.s.\.c.c.s.e.t.u.p.6.2.9.\.L.O.G.". .-.-.p.r.o.g.r.a.m.p.a.t.h. .".C.:.\.U.s.e.r.s.\.c.a.l.i.\.D.o.w.n.l.o.a.d.s.\.c.c.s.e.t.u.p.6.2.9.". .-.-.g.u.i.d. .".". .-.-.v.e.r.s.i.o.n. .".6...2.9...1.1.3.4.2.". .-.-.s.i.l.e.n.t.......P.i.r.i.f.o.r.m. .S.o.f.t.w.a.r.e. .L.t.d...................0.................-.............................

C:\Windows\Temp\waapi-1729723784\db0796778834078181e5dc1f

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	12
Entropy (8bit):	3.0220552088742
Encrypted:	false
SSDEEP:
MD5:	BCB12B64789865CA3B2938C764EC699E
SHA1:	2102663CB1B92B356E77EA33E4964CF1EAA6810B
SHA-256:	F1F247AF004A58613D480B1A591FF680E150E57B99DDC1670AA55C15AB3D8422
SHA-512:	606168E1DB74C2748AB4217E17FA44ADD1485D92725ED88DADF8D3F2CA7BFD047378AD644582852D43E98285AF4AACA7D698F3C61FA1ED029E0BED554237330B
Malicious:	false
Reputation:	unknown
Preview:	WA1729723784

C:\Windows\Temp\waapi-1729723784\lc.dat

Download File

Process:	C:\Users\user\Downloads\ccsetup629\CCleaner64.exe
File Type:	data
Category:	dropped
Size (bytes):	400
Entropy (8bit):	7.448182354755518
Encrypted:	false
SSDEEP:
MD5:	E644DD4E6A10081E173A0B961EF72278
SHA1:	BE32D6479AB0E20EEBACA84BE37FC60DA11F975A
SHA-256:	F51FA40E3459DF6AC048D43F9E5168C760A90674BCF3339AAB60A7FAF7AEEC72
SHA-512:	2F6FCA5E761CD1F8CBAB6648F7AA8E26D798D348C3F40099F6C15B80A674DB27D36A790EF5E70CB7FE38DB169352CFD039A16C7008E14D7288402265BAC6A4C8
Malicious:	false
Reputation:	unknown
Preview:	...S.....m..G...i.N.....z.{......b.......z........k...u.h.Z._.f%3..3z0..o.._[4....r.b...9Ak....J....d..`Oh.....@..$^....]..TtA..>.vI...Y.p~...?F.].z+Wo..N.........e.......\..F...^.~.\..j_.q.....f..P....q."......B....+l.v.Z1...qb....5../.....j...n..i..\|.x#...<._.3.....@....9.C..n.....(T.-<%..r[.J~.{7k..o..7(..u..).S..M..c.O./^.r..@.c:Q,o.....&..pN....%"C....L.+0....h.8.........N..(.y.

Static File Info

⊘No static file info

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete or remove built-in data and turn off services designed to aid in the recovery of a corrupted system to prevent recovery.This may deny access to available backups and recovery options.
Tactics:	Impact
Data Sources:	Cloud Storage: Cloud Storage Deletion, Command: Command Execution, File: File Deletion, Process: Process Creation, Service: Service Metadata, Snapshot: Snapshot Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://download.ccleaner.com/portable/ccsetup629.zip

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Dropped Files

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Spreading

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000002.dbtmp

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\CURRENT (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\MANIFEST-000002

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\C0XLFJ0M.txt

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\info[1].json

C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk

C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log

C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm

C:\Users\user\AppData\Local\Temp\6358C710-B89F-46B9-93F2-F6CAC44F5286

C:\Users\user\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3

C:\Users\user\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\B249ZNM80TU3VQ2OKGVN.temp

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\cc3891bee323ecc0.customDestinations-ms (copy)

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\webappsstore.sqlite-shm

C:\Users\user\Downloads\2f4bfd42-2fd8-46c8-95e4-68502d31c004.tmp

C:\Users\user\Downloads\ccsetup629.zip (copy)

C:\Users\user\Downloads\ccsetup629.zip.crdownload (copy)

C:\Users\user\Downloads\ccsetup629\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\44ED97C8-2D40-4A50-913D-673F6858B9AF

C:\Users\user\Downloads\ccsetup629\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\7d846b03-5697-42ad-987c-9d397e36e919

C:\Users\user\Downloads\ccsetup629\Data\usercfg.ini

C:\Users\user\Downloads\ccsetup629\LOG\DriverUpdEng.log

C:\Users\user\Downloads\ccsetup629\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\44ED97C8-2D40-4A50-913D-673F6858B9AF

Windows Analysis Report
https://download.ccleaner.com/portable/ccsetup629.zip