Spawned process “cmd.exe” with commandline “/c C:/winclient.au3” (UID: 00009516-00001892) Autoit strings inside maybe this malware is also coded in autoit. Injected into “CCleaner.exe” at 2015-7-2.14:59:47.395 (UID: 00009516-00000996) Contacts very many different hosts “197.85.182.110:8080” “162.144.35.78:8080” “158.255.238.209:8080” “198.1.122.176:8080” “119.59.124.163:8080” “200.159.128.132:8080” “88.208.228.111:8080” “162.144.88.73:8080” “103.245.153.70:8080” “103.228.200.37:8080” POSTs files to a webserver “POST /b215de35/f5665861/ HTTP/1.1 Accept: */* User-Agent: Mozilla/5.0 (compatible;Read more...