Source: CCleaner.exe | String found in binary or memory: Error %d - %sPNG1100COMBOBOX%I64d&cc%dccteccbeFreeccproProfessionalTechnicianMozilla/4.0 (CCleaner, %s)BusinessBRANDINGCCleanerThank you for purchasing CCleaner Professional.Piriform CCleaner ActivationYour upgrade is complete.PNG101COMBOBOX0&%d%I64dccbeccccproccteTechnicianFreeBusinessProfessionalCCleanerMozilla/4.0 (CCleaner, %s)CCleanerBRANDING%s%s - %s*.piriform.com0||mail.google.comlogin.live.comgoogle.com/accountswww.google.com/accountswww.google.comgoogle.comwebmail.earthlink.netaccounts.google.commail.yahoo.commail.netscape.comwebmail.aol.comyahoo.comfastmail.fmmy.screenname.aol.commail.rumail.lycos.comovi.com/services/signinauth.me.comwww.mail.lycos.comlogin.comcast.netmy.screenname.aol.commail.aol.comscreenname.aol.comicloud.comfacebook.comaol.com0twitter.comPNGEVENTS_WINDOW_MESSAGE equals www.yahoo.com (Yahoo) |
Source: CCleaner.exe | String found in binary or memory: Facebook Metro equals www.facebook.com (Facebook) |
Source: CCleaner.exe | String found in binary or memory: Intelligent Cookie Scan'Intelligently scan for cookies to keep?pThis will allow CCleaner to keep your persistent logins for websites, such as GMail, Outlook.com and Yahoo Mail. equals www.yahoo.com (Yahoo) |
Source: CCleaner.exe | String found in binary or memory: This will allow CCleaner to keep your persistent logins for websites, such as Hotmail, GMail and Yahoo Mail equals www.hotmail.com (Hotmail) |
Source: CCleaner.exe | String found in binary or memory: This will allow CCleaner to keep your persistent logins for websites, such as Hotmail, GMail and Yahoo Mail equals www.yahoo.com (Yahoo) |
Source: CCleaner.exe | String found in binary or memory: Twitter Metro equals www.twitter.com (Twitter) |
Source: CCleaner.exe | String found in binary or memory: Yahoo Messenger equals www.yahoo.com (Yahoo) |
Source: CCleaner.exe | String found in binary or memory: Yahoo Toolbar equals www.yahoo.com (Yahoo) |
Source: CCleaner.exe | String found in binary or memory: [Facebook Metro] equals www.facebook.com (Facebook) |
Source: CCleaner.exe | String found in binary or memory: [Twitter Metro] equals www.twitter.com (Twitter) |
Source: CCleaner.exe | String found in binary or memory: [Yahoo Messenger] equals www.yahoo.com (Yahoo) |
Source: CCleaner.exe | String found in binary or memory: [Yahoo Toolbar] equals www.yahoo.com (Yahoo) |
Source: CCleaner.exe | String found in binary or memory: login.yahoo.com equals www.yahoo.com (Yahoo) |
Source: CCleaner.exe | String found in binary or memory: login.yahoo.com0 equals www.yahoo.com (Yahoo) |
Source: CCleaner.exe | String found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo) |
Source: CCleaner.exe | String found in binary or memory: ftp://license.piriform.com/verify/?p=ccpro&c=cc&cv=5.33.6162&l=1033&lk=cj9t-j7cu-spnv-gwmb-wbec&mk=f |
Source: CCleaner.exe | String found in binary or memory: http:// |
Source: CCleaner.exe | String found in binary or memory: http://. |
Source: CCleaner.exe | String found in binary or memory: http://.domstore:http://domstore:https://:hstsdomstore:https://:hpkp:hsts:hpkppng101&0combobox%i64d% |
Source: CCleaner.exe | String found in binary or memory: http://.domstore:http://domstore:https://:hstsdomstore:https://:hpkp:hsts:hpkppngremoveselfrecursecu |
Source: CCleaner.exe | String found in binary or memory: http://.domstore:http://domstore:https://:hstsdomstore:https://:hsts:hpkp:hpkp101combobox0&%d%i64dta |
Source: CCleaner.exe | String found in binary or memory: http://.domstore:http://domstore:https://:hstsdomstore:https://:hsts:hpkp:hpkppng1100combobox&%i64d% |
Source: CCleaner.exe | String found in binary or memory: http://c |
Source: CCleaner.exe | String found in binary or memory: http://crash-reports.piriform.com/submitproductnameversionerror |
Source: CCleaner.exe | String found in binary or memory: http://crl.com |
Source: CCleaner.exe | String found in binary or memory: http://crl.comodo.net/utn-userfirst-hardware.crl0q |
Source: CCleaner.exe | String found in binary or memory: http://crl.comodoca.com/utn-userfirst-hardware.crl06 |
Source: CCleaner.exe | String found in binary or memory: http://crl.entrust.net/2048ca.crl0 |
Source: CCleaner.exe | String found in binary or memory: http://crl.entrust.net/server1.crl0 |
Source: CCleaner.exe | String found in binary or memory: http://crl.globalsign.com/gs/gsorg |
Source: CCleaner.exe | String found in binary or memory: http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl0 |
Source: CCleaner.exe | String found in binary or memory: http://crl.globalsign.net/root.crl0= |
Source: CCleaner.exe | String found in binary or memory: http://crl.globalsignj |
Source: CCleaner.exe | String found in binary or memory: http://crl.pkioverheid.nl/domorganisatielatestcrl-g2.crl0 |
Source: CCleaner.exe | String found in binary or memory: http://crl.pkioverheid.nl/domovlatestcrl.crl0 |
Source: CCleaner.exe | String found in binary or memory: http://crl.thawte.com/thawtetimestampingca.crl0 |
Source: CCleaner.exe | String found in binary or memory: http://crl.usertrust.com/utn-userfirst-object.crl0) |
Source: CCleaner.exe | String found in binary or memory: http://crt.comod |
Source: CCleaner.exe | String found in binary or memory: http://crt.comodoca.com/ |
Source: CCleaner.exe | String found in binary or memory: http://crt.comodoca.com/utnaddtrustserverca.crt0$ |
Source: CCleaner.exe | String found in binary or memory: http://cybertrust.omniroot.com/repository.cfm0 |
Source: CCleaner.exe | String found in binary or memory: http://domstore:http:// |
Source: CCleaner.exe | String found in binary or memory: http://domstore:http://domstore:https://domstore:https://:hsts:hsts:hpkp:hpkppngrecurseremoveselfcus |
Source: CCleaner.exe | String found in binary or memory: http://domstore:https://domstore:http://:hstsdomstore:https://:hpkp:hsts:hpkppng101combobox0&%d%i64d |
Source: CCleaner.exe | String found in binary or memory: http://domstore:https://domstore:http://:hstsdomstore:https://:hpkp:hsts:hpkppng10combobox10%i64d%d& |
Source: CCleaner.exe | String found in binary or memory: http://java.com/ |
Source: CCleaner.exe, verify[1].htm.0.dr | String found in binary or memory: http://license.piriform.com/verify/?p=ccpro&c=cc&cv=5.33.6162&l=1033&lk=cj9t-j7cu-sp |
Source: CCleaner.exe | String found in binary or memory: http://license.piriform.com/verify/?p=ccpro&c=cc&cv=5.33.6162&l=1033&lk=cj9t-j7cu-spnv-gwmb-wbec&mk= |
Source: CCleaner.exe | String found in binary or memory: http://ocs |
Source: CCleaner.exe | String found in binary or memory: http://ocsp.comodoca.com0 |
Source: CCleaner.exe | String found in binary or memory: http://ocsp.comodoca.com0% |
Source: CCleaner.exe | String found in binary or memory: http://ocsp.comodoca.com0- |
Source: CCleaner.exe | String found in binary or memory: http://ocsp.comodoca.com0/ |
Source: CCleaner.exe | String found in binary or memory: http://ocsp.comodoca.com05 |
Source: CCleaner.exe | String found in binary or memory: http://ocsp.entrust.net03 |
Source: CCleaner.exe | String found in binary or memory: http://ocsp.entrust.net0d |
Source: ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C.0.dr | String found in binary or memory: http://ocsp.globalsign.com/rootr1/mewwsjbimeywrdajbgurdgmcgguabbs3v7w2naf4fimtjpdjkg6%2bmggqmqquyhtm |
Source: CCleaner.exe | String found in binary or memory: http://ocsp.globalsign.com/rootr10 |
Source: CCleaner.exe | String found in binary or memory: http://ocsp.globalsign.com/rootr1http://crl.globalsign.net/root.crl4i |
Source: CCleaner.exe | String found in binary or memory: http://ocsp.thawte.com0 |
Source: CCleaner.exe | String found in binary or memory: http://ocsp2.globalsign.com/gsorganizationvalsha2g20v |
Source: CCleaner.exe | String found in binary or memory: http://piriform.com/go/app_cc_license_agreement |
Source: CCleaner.exe | String found in binary or memory: http://piriform.com/go/app_cc_privacy_policy |
Source: CCleaner.exe | String found in binary or memory: http://s.symcb.com/universal-root.crl0 |
Source: CCleaner.exe | String found in binary or memory: http://s.symcd.com06 |
Source: CCleaner.exe | String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0 |
Source: CCleaner.exe | String found in binary or memory: http://s2.symcb.com0 |
Source: CCleaner.exe | String found in binary or memory: http://secure.globalsign.com/cacert/gsorganizationvals |
Source: CCleaner.exe | String found in binary or memory: http://secure.globalsign.com/cacert/gsorganizationvalsh |
Source: CCleaner.exe | String found in binary or memory: http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt0? |
Source: CCleaner.exe | String found in binary or memory: http://sv.symcb.com/sv.crl0f |
Source: CCleaner.exe | String found in binary or memory: http://sv.symcb.com/sv.crt0 |
Source: CCleaner.exe | String found in binary or memory: http://sv.symcd.com0& |
Source: CCleaner.exe | String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0( |
Source: CCleaner.exe | String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: CCleaner.exe | String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0 |
Source: CCleaner.exe | String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0 |
Source: CCleaner.exe | String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: CCleaner.exe | String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: CCleaner.exe | String found in binary or memory: http://ts-ocsp.ws.symantec.com0; |
Source: CCleaner.exe | String found in binary or memory: http://virtual_check_changed_window_message#httponly_. |
Source: CCleaner.exe | String found in binary or memory: http://www.digicert.com.my/cps.htm02 |
Source: CCleaner.exe | String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0 |
Source: CCleaner.exe | String found in binary or memory: http://www.piriform.com |
Source: CCleaner.exe | String found in binary or memory: http://www.piriform.com/auto |
Source: CCleaner.exe | String found in binary or memory: http://www.piriform.com/ccleaner |
Source: CCleaner.exe | String found in binary or memory: http://www.piriform.com/ccleaner/update |
Source: CCleaner.exe | String found in binary or memory: http://www.piriform.com/go/app_cc_home_helpnllnxgqz |
Source: CCleaner.exe | String found in binary or memory: http://www.piriform.com/go/app_cc_home_icon |
Source: CCleaner.exe | String found in binary or memory: http://www.piriform.com/go/app_cc_home_icon?a=0&v=5.33.6162&l=1033 |
Source: CCleaner.exe | String found in binary or memory: http://www.piriform.com/go/app_cc_home_pear |
Source: CCleaner.exe | String found in binary or memory: http://www.piriform.com/go/app_cc_home_pear?a=0&v=5.33.6162&l=1033 |
Source: CCleaner.exe | String found in binary or memory: http://www.piriform.com/go/app_cc_home_title |
Source: CCleaner.exe | String found in binary or memory: http://www.piriform.com/go/app_cc_home_title?a=0&v=5.33.6162&l=1033 |
Source: CCleaner.exe | String found in binary or memory: http://www.piriform.com/go/app_cc_lock_purchase |
Source: CCleaner.exe | String found in binary or memory: http://www.piriform.com/go/app_cc_privacy_policy?a=%s&v=%s&l=%sthe |
Source: CCleaner.exe | String found in binary or memory: http://www.piriform.com/go/app_cc_reg_purchase |
Source: CCleaner.exe | String found in binary or memory: http://www.piriform.com/go/app_cc_reg_renew |
Source: CCleaner.exe | String found in binary or memory: http://www.piriform.com/go/app_cc_social_facebook |
Source: CCleaner.exe | String found in binary or memory: http://www.piriform.com/go/app_cc_social_googleplus |
Source: CCleaner.exe | String found in binary or memory: http://www.piriform.com/go/app_cc_social_twitter |
Source: CCleaner.exe | String found in binary or memory: http://www.piriform.com/go/app_cc_social_youtube |
Source: CCleaner.exe | String found in binary or memory: http://www.piriform.com/go/app_cc_tracking |
Source: CCleaner.exe | String found in binary or memory: http://www.piriform.com/inapp/notifications |
Source: CCleaner.exe | String found in binary or memory: http://www.piriform.comhttp://www.piriform.com/ccleanerhttp://www.piriform.com/go/app_cc_home_helpht |
Source: CCleaner.exe | String found in binary or memory: http://www.public-trust.com/cgi-bin/crl/2018/cdp.crl0 |
Source: CCleaner.exe | String found in binary or memory: http://www.public-trust.com/cps/omniroot.html0 |
Source: CCleaner.exe | String found in binary or memory: http://www.symauth.com/cps0( |
Source: CCleaner.exe | String found in binary or memory: http://www.symauth.com/rpa00 |
Source: CCleaner.exe | String found in binary or memory: http://www.usertrust.com1 |
Source: CCleaner.exe, verify[1].htm.0.dr | String found in binary or memory: https:// |
Source: CCleaner.exe | String found in binary or memory: https://d.symcb.com/cps0% |
Source: CCleaner.exe | String found in binary or memory: https://d.symcb.com/rpa0 |
Source: CCleaner.exe | String found in binary or memory: https://d.symcb.com/rpa0. |
Source: CCleaner.exe | String found in binary or memory: https://domstore:http:// |
Source: CCleaner.exe | String found in binary or memory: https://domstore:http://:hsts:hstsdomstore:https://:hpkp:hpkppng |
Source: CCleaner.exe | String found in binary or memory: https://domstore:http://domstore:http://:hstsdomstore:https://:hpkp:hpkp:hstswinregwinappwinsyscclea |
Source: CCleaner.exe | String found in binary or memory: https://domstore:https://:hsts:hpkppng1&%i64d%d100comboboxfreetechnicianprofessionalbusinessccccbecc |
Source: CCleaner.exe | String found in binary or memory: https://domstore:https://domstore:http://:hpkp:hsts:hsts:hpkppng101&0combobox%i64d%ddisplaynamesoftw |
Source: CCleaner.exe | String found in binary or memory: https://http://urlsize_kb |
Source: CCleaner.exe | String found in binary or memory: https://license.piriform.com/ |
Source: CCleaner.exe | String found in binary or memory: https://license.piriform.com/activate |
Source: CCleaner.exe | String found in binary or memory: https://license.piriform.com/t |
Source: CCleaner.exe | String found in binary or memory: https://license.piriform.com/update |
Source: CCleaner.exe | String found in binary or memory: https://license.piriform.com/verify |
Source: CCleaner.exe | String found in binary or memory: https://license.piriform.com/verify?p=ccpro&c=cc&cv=5.33.6162&l=1033&lk=cj9t-j7cu-spnv-gwmb-wbec&mk= |
Source: CCleaner.exe | String found in binary or memory: https://secure.comodo.co |
Source: CCleaner.exe | String found in binary or memory: https://secure.comodo.com/cps0 |
Source: CCleaner.exe, ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C0.0.dr | String found in binary or memory: https://www.globalsign.com/repository/0 |
Source: CCleaner.exe | String found in binary or memory: https://www.globalsign.com/repository/03 |
Source: CCleaner.exe | String found in binary or memory: https://www.piriform.com/go/app_cc_be_trialkeya |
Source: CCleaner.exe | String found in binary or memory: https://www.piriform.com/go/app_cc_get_update |
Source: CCleaner.exe | String found in binary or memory: https://www.piriform.com/go/app_cc_inapp_tls_cart |
Source: CCleaner.exe | String found in binary or memory: https://www.piriform.com/go/app_cc_pro_trialkey |
Source: CCleaner.exe | String found in binary or memory: https://www.piriform.com/go/app_cc_pro_trialkey0 |
Source: CCleaner.exe | String found in binary or memory: https://www.piriform.com/go/app_cc_pro_trialkeyq |
Source: CCleaner.exe | String found in binary or memory: https://www.piriform.com/go/app_cc_reg_purchase |
Source: CCleaner.exe | String found in binary or memory: https://www.piriform.com/inapp/ccshop |
Source: CCleaner.exe | String found in binary or memory: https://www.piriform.com/j |
Source: CCleaner.exe | String found in binary or memory: https://www.piriform.com/r |
Source: CCleaner.exe | String found in binary or memory: https://www.ssllabs.com/ssltest/viewmyclient.htmlenter |
Source: CCleaner.exe | String found in binary or memory: https://www.vyt |
Source: C:\Users\user\Desktop\CCleaner.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\22qkc0w7.default\webappsstore.sqlite-wal |
Source: C:\Users\user\Desktop\CCleaner.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\22qkc0w7.default\cookies.sqlite-wal |
Source: C:\Users\user\Desktop\CCleaner.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\22qkc0w7.default\SiteSecurityServiceState.txt |
Source: C:\Users\user\Desktop\CCleaner.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\22qkc0w7.default\webappsstore.sqlite |
Source: C:\Users\user\Desktop\CCleaner.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\22qkc0w7.default\webappsstore.sqlite-shm |
Source: C:\Users\user\Desktop\CCleaner.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\22qkc0w7.default\cookies.sqlite-shm |
Source: C:\Users\user\Desktop\CCleaner.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini |
Source: C:\Users\user\Desktop\CCleaner.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\22qkc0w7.default\cookies.sqlite |
Source: C:\Users\user\Desktop\CCleaner.exe | File opened: HKEY_USERS\Software\Globalscape\CuteFTP 9 |
Source: C:\Users\user\Desktop\CCleaner.exe | File opened: HKEY_LOCAL_MACHINE\SOFTWARE\GlobalSCAPE\CuteFTP 8 Professional |
Source: C:\Users\user\Desktop\CCleaner.exe | File opened: HKEY_LOCAL_MACHINE\SOFTWARE\GPSoftware\Directory Opus |
Source: C:\Users\user\Desktop\CCleaner.exe | File opened: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Globalscape\CuteFTP 9 |
Source: C:\Users\user\Desktop\CCleaner.exe | File opened: HKEY_USERS\Software\SmartFTP |
Source: C:\Users\user\Desktop\CCleaner.exe | File opened: HKEY_LOCAL_MACHINE\SOFTWARE\GlobalSCAPE\CuteFTP 7 Home |
Source: C:\Users\user\Desktop\CCleaner.exe | File opened: HKEY_LOCAL_MACHINE\SOFTWARE\GlobalSCAPE\CuteFTP 7 Professional |
Source: C:\Users\user\Desktop\CCleaner.exe | File opened: HKEY_LOCAL_MACHINE\SOFTWARE\GlobalSCAPE\CuteFTP 8 Home |
Source: CCleaner.exe | Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s; |
Source: CCleaner.exe | Binary or memory string: select url from snapshots;select url from sites;select url from favorites; |
Source: CCleaner.exe | Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q); |
Source: CCleaner.exe | Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger'); |
Source: CCleaner.exe | Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s; |
Source: CCleaner.exe | Binary or memory string: select * from meta where key='last_compatible_version';origin_bound_certsselect host_key, creation_utc from cookies;valueautofillselect host, creation_time from channel_id;channel_idselect origin, creation_time from origin_bound_certs;SELECT pair_id, date_created FROM autofill_dates;SELECT pair_id FROM autofill;autofill_datesSELECT name, value, value_lower, count FROM autofill;SELECT origin_url, action_url, username_element, username_value, password_element, password_value, submit_element, signon_realm, ssl_valid, preferred, date_created, blacklisted_by_user, scheme FROM logins;loginsSELECT url_hash, password_value, date_created FROM ie7_logins;ie7_loginsselect host from HostQuotaTable;HostQuotaTableselect origin from OriginInfoTable;OriginInfoTableselect show_in_default_list, safe_for_autoreplace from keywords;keywordsselect favicon_id from urls;urlsfavorites.dbstash.dbbookmarks.dbBookmarksPRAGMA table_info(%s)%s\QuotaManager%s\Origin Bound Certs%s\cookiesselect host_key,creation_utc, name, value, encrypted_v |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: atlthunk.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: dwmapi.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: atlthunk.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: atlthunk.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: atlthunk.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: atlthunk.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: atlthunk.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: atlthunk.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: atlthunk.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: atlthunk.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: atlthunk.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: msimg32.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: atlthunk.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: atlthunk.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: atlthunk.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: atlthunk.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: atlthunk.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: atlthunk.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: atlthunk.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: atlthunk.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: atlthunk.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: ext-ms-win-kernel32-package-current-l1-1-0.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: sspicli.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: esent.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: atlthunk.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: secur32.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: winhttp.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: webio.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: dnsapi.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: duser.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: dui70.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: apphelp.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: linkinfo.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: ntshrui.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: srvcli.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: nlaapi.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: cscapi.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: slc.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: dhcpcsvc6.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: cryptsp.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: dhcpcsvc.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: rpcrtremote.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: rasadhlp.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: credssp.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: ncrypt.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: bcrypt.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: gpapi.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: cryptnet.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: sensapi.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: winhttp.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: webio.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: wbemcomn.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Section loaded: ntdsapi.dll |
Source: C:\Users\user\Desktop\CCleaner.exe | Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation |
Source: C:\Users\user\Desktop\CCleaner.exe | Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation |
Source: C:\Users\user\Desktop\CCleaner.exe | Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation |
Source: C:\Users\user\Desktop\CCleaner.exe | Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation |
Source: C:\Users\user\Desktop\CCleaner.exe | Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation |
Source: C:\Users\user\Desktop\CCleaner.exe | Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation |
Source: C:\Users\user\Desktop\CCleaner.exe | Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation |
Source: C:\Users\user\Desktop\CCleaner.exe | Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation |
Source: C:\Users\user\Desktop\CCleaner.exe | Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation |
Source: C:\Users\user\Desktop\CCleaner.exe | Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation |
Source: C:\Users\user\Desktop\CCleaner.exe | Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation |
Source: C:\Users\user\Desktop\CCleaner.exe | Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\tmp.edb VolumeInformation |
Source: C:\Users\user\Desktop\CCleaner.exe | Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation |
Source: C:\Users\user\Desktop\CCleaner.exe | Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation |
Source: C:\Users\user\Desktop\CCleaner.exe | Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation |
Source: C:\Users\user\Desktop\CCleaner.exe | Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation |
Source: C:\Users\user\Desktop\CCleaner.exe | Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation |
Source: C:\Users\user\Desktop\CCleaner.exe | Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation |
Source: C:\Users\user\Desktop\CCleaner.exe | Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation |
Source: C:\Users\user\Desktop\CCleaner.exe | Queries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation |
Source: C:\Users\user\Desktop\CCleaner.exe | Queries volume information: C:\ VolumeInformation |
Source: C:\Users\user\Desktop\CCleaner.exe | Queries volume information: C:\Users\user\Desktop\CCleaner.exe VolumeInformation |
Source: C:\Users\user\Desktop\CCleaner.exe | Queries volume information: C:\ VolumeInformation |