General Info

File name

金山清理.exe

Full analysis
https://app.any.run/tasks/f8cdafb7-8402-47fe-8da5-7a5736459ffc
Verdict
Malicious activity
Analysis date
10/9/2019, 18:13:20
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5

5a56d748f64956349b5c3caf8a0d38fa

SHA1

160b5676c0eaf1206e12322e3cfa296546ccd9ec

SHA256

04c19fc6a56e587fce652f0bcae521d028f0d2e2f4d6d5b86bf03694c9d53944

SSDEEP

98304:tKDJ/fEdK2lgsnlzrjmZx8YcmhuSSAFMYAx:qeblCOSVAx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • kcleaner.exe (PID: 2620)
Loads dropped or rewritten executable
  • kcleaner.exe (PID: 2620)
Application launched itself
  • 金山清理.exe (PID: 2144)
Executable content was dropped or overwritten
  • 金山清理.exe (PID: 2144)
  • kcleaner.exe (PID: 2620)
Creates files in the user directory
  • kcleaner.exe (PID: 2620)
Searches for installed software
  • kcleaner.exe (PID: 2620)
Removes files from Windows directory
  • kcleaner.exe (PID: 2620)
Dropped object may contain Bitcoin addresses
  • 金山清理.exe (PID: 2144)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Generic Win/DOS Executable (50%)
.exe
|   DOS Executable Generic (49.9%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2012:12:30 09:49:49+01:00
PEType:
PE32
LinkerVersion:
8
CodeSize:
49152
InitializedDataSize:
20480
UninitializedDataSize:
90112
EntryPoint:
0x22e50
OSVersion:
4
ImageVersion:
null
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
2016.8.4.16275
ProductVersionNumber:
9.3.24500.16275
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Windows NT 32-bit
ObjectFileType:
Dynamic link library
FileSubtype:
null
LanguageCode:
Neutral
CharacterSet:
Unicode
CompanyName:
Kingsoft Corporation
FileDescription:
垃圾清理
FileVersion:
2016,08,04,16275
InternalName:
KCleaner
LegalCopyright:
Copyright (C) 1998-2016 Kingsoft Corporation
OriginalFileName:
kcleaner.exe
ProductName:
Kingsoft Internet Security
ProductVersion:
9,3,286644,16275
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
30-Dec-2012 08:49:49
Detected languages
Chinese - PRC
CompanyName:
Kingsoft Corporation
FileDescription:
垃圾清理
FileVersion:
2016,08,04,16275
InternalName:
KCleaner
LegalCopyright:
Copyright (C) 1998-2016 Kingsoft Corporation
OriginalFilename:
kcleaner.exe
ProductName:
Kingsoft Internet Security
ProductVersion:
9,3,286644,16275
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0060
Pages in file:
0x0001
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000060
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
3
Time date stamp:
30-Dec-2012 08:49:49
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
UPX0 0x00001000 0x00016000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
UPX1 0x00017000 0x0000C000 0x0000C000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 7.91441
.rsrc 0x00023000 0x00005000 0x00004800 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 6.62619
Resources
1

2

3

128

Imports
    ADVAPI32.dll

    COMCTL32.dll

    GDI32.dll

    KERNEL32.DLL

    MSVCRT.dll

    ole32.dll

    OLEAUT32.dll

    SHELL32.dll

    USER32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
38
Monitored processes
4
Malicious processes
3
Suspicious processes
0

Behavior graph

+
start 金山清理.exe no specs 金山清理.exe 金山清理.exe no specs kcleaner.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3956
CMD
"C:\Users\admin\Desktop\金山清理.exe"
Path
C:\Users\admin\Desktop\金山清理.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Kingsoft Corporation
Description
垃圾清理
Version
2016,08,04,16275
Modules
Image
c:\users\admin\desktop\金山清理.exe
c:\systemroot\system32\ntdll.dll

PID
2144
CMD
"C:\Users\admin\Desktop\金山清理.exe"
Path
C:\Users\admin\Desktop\金山清理.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Version:
Company
Kingsoft Corporation
Description
垃圾清理
Version
2016,08,04,16275
Modules
Image
c:\users\admin\desktop\金山清理.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll

PID
3472
CMD
"C:\Users\admin\Desktop\金山清理.exe" -sfxwaitall:0 "kcleaner.exe"
Path
C:\Users\admin\Desktop\金山清理.exe
Indicators
No indicators
Parent process
金山清理.exe
User
admin
Integrity Level
HIGH
Version:
Company
Kingsoft Corporation
Description
垃圾清理
Version
2016,08,04,16275
Modules
Image
c:\users\admin\desktop\金山清理.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\sspicli.dll
c:\users\admin\appdata\local\temp\7zipsfx.000\kcleaner.exe

PID
2620
CMD
"C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\kcleaner.exe"
Path
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\kcleaner.exe
Indicators
Parent process
金山清理.exe
User
admin
Integrity Level
HIGH
Version:
Company
Kingsoft Corporation
Description
垃圾清理
Version
2016,08,04,16275
Modules
Image
c:\users\admin\appdata\local\temp\7zipsfx.000\kcleaner.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\users\admin\appdata\local\temp\7zipsfx.000\msvcr80.dll
c:\windows\system32\msimg32.dll
c:\users\admin\appdata\local\temp\7zipsfx.000\msvcp80.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\version.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\users\admin\appdata\local\temp\7zipsfx.000\kskinmgr.dll
c:\windows\system32\riched20.dll
c:\users\admin\appdata\local\temp\7zipsfx.000\ktrashscan.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\users\admin\appdata\local\temp\7zipsfx.000\data\clearplugin\ksreng3.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\wship6.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\samlib.dll

Registry activity

Total events
995
Read events
979
Write events
5
Delete events
11

Modification events

PID
Process
Operation
Key
Name
Value
3472
金山清理.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3472
金山清理.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2620
kcleaner.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E1A90C5-52A6-494c-A81F-F38C632C77A2}
Test
0
2620
kcleaner.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
2620
kcleaner.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
2620
kcleaner.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
2620
kcleaner.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
2620
kcleaner.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
2620
kcleaner.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
2620
kcleaner.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
2620
kcleaner.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
2620
kcleaner.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
2620
kcleaner.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
2620
kcleaner.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent

Files activity

Executable files
7
Suspicious files
5
Text files
322
Unknown types
2

Dropped files

PID
Process
Filename
Type
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\clearplugin\ksreng3.dll
executable
MD5: c8faf050931b34d4302df68245de63e4
SHA256: 1269e5d959e312a061493cf0bcc7816ec6972ad1472c755964a4c03cd12bd342
2144
金山清理.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\security\kxescan\ksreng3.dll
executable
MD5: c8faf050931b34d4302df68245de63e4
SHA256: 1269e5d959e312a061493cf0bcc7816ec6972ad1472c755964a4c03cd12bd342
2144
金山清理.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\msvcp80.dll
executable
MD5: 4c8a880eabc0b4d462cc4b2472116ea1
SHA256: 2026f3c4f830dff6883b88e2647272a52a132f25eb42c0d423e36b3f65a94d08
2144
金山清理.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\ktrashscan.dll
executable
MD5: 9c9edebc6f3ca59469b4a19aa381fe72
SHA256: 7a9e36f560b7645a34fb042f9b40bb2ecec60734ead69e556b427c458648c879
2144
金山清理.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\kcleaner.exe
executable
MD5: a98dfa85719e966a0bc67e79b38ba331
SHA256: 7241e288945650610b4514d5f1e5b36ef79e3d0af0935dc8bbfb15d576d73fee
2144
金山清理.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\kskinmgr.dll
executable
MD5: d470d592330fe6bd42f82b9730bc63d8
SHA256: 82279779288af5eb11327dad830c05b859b51840c04c66a05a3ed1cb6cab5de2
2144
金山清理.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\msvcr80.dll
executable
MD5: e4fece18310e23b1d8fee993e35e7a6f
SHA256: 02bdde38e4c6bd795a092d496b8d6060cdbe71e22ef4d7a204e3050c1be44fa9
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\61000078.png
image
MD5: 7a913822a4eace64747e4a4ec4af38e2
SHA256: 73cf40afdf89b777f3f2c0a3fd4a341e839bf588fb0a28a0b8d82a0627b44cc6
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\regbackup.db
sqlite
MD5: c2889f91f733044b4103126153f0d157
SHA256: 927afac5d711fe77e2b25bc59dcb73632ea72d85ec1d138b11ef0aa5351749ed
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\regbackup.db-journal
––
MD5:  ––
SHA256:  ––
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\ktrashud.dat
text
MD5: fb7ebebc7abd79acf55a5c4e21b388f7
SHA256: 8faa75140c4c83d70e9fdb715d2e7cda0fe82261099e92e09ba14e277dfb7476
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\ktrashud.dat
text
MD5: 32a6bea65cfabc93c2ec08daa3e45831
SHA256: 87eda03f7b9cb5d2099d1b62ba5111f2fa188d19fb8967cfe6ab0db97e2660eb
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\ktrashud.dat
text
MD5: fd8bf92bb854536fb242e81a3591dd0a
SHA256: efab31d5ca8bf549d45a12fd246370424deffa4381415dadec8c388d4efdbc44
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\kclearusecfg.dat
text
MD5: 897f884bd61c1417bdaa6ef2cd2907be
SHA256: 543acffc1726689bda66424e3d0a6e8494aaf4068f7a47acfa5f3d21ee885e0e
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\trashtime.dat
text
MD5: 345f6de42f88dc6d2505b1baa652bf56
SHA256: cbafff1f7ec5ba8b87ec9a3a6bd66811d0ec1a27beeef0be9e441d074b2c30c1
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\ktrashud.dat
text
MD5: 9cdf2cdaf79b2a7d24bd21d33370e02f
SHA256: 67c2f1a7d20a71907eeb72facf879c5b9550191fb00837c2a2c6b0f47e6b0546
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\kclearusecfg.dat
text
MD5: 272fe828b968d6291bd45c214c191970
SHA256: d87f8cbc2efa771bfaf104478f4c0b0a51c0a63b5c102b73d9d4fad7628fd7bf
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\kclearusecfg.dat
text
MD5: eddf1c964be87f11761a45570f6f0b46
SHA256: 2c07819fe03793d54d5a0579c408e96b2e1a569930474f3198388ad90c084983
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\kclearusecfg.dat
text
MD5: 0f2ec6676d327cc56e097f0cad569971
SHA256: 7149ef4339a06996f9f9319c58b826c9902bab4c81867c2c339da7fe0fcec1af
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\kclearusecfg.dat
text
MD5: 1008b5b2556b5d87f11be69184913084
SHA256: 981bb5a703ab598a685aad4324c112fc3982df75518cc3ef89d6f20a4a6805ce
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\kclearusecfg.dat
text
MD5: 153add6c33ae301b54437d0a408bfcd3
SHA256: 08e3b4ca5f228c111a3547408da97b45b168471832734290f8148c66474b4c28
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\kclearusecfg.dat
text
MD5: 4b50f862efe71491af4c0534a3d26798
SHA256: 3ce5c29c44b77a2fc97e154027c6d8644a10d0beb753a683990343a785a4f87d
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\kclearusecfg.dat
––
MD5:  ––
SHA256:  ––
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\kclearusecfg.dat
text
MD5: a1075761f10943c476b4314b2b7583bc
SHA256: c599c3dcddab3bb6818b6ba9251ac81adbc772df91fca426719bd5e3ac1cd61f
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\kclearusecfg.dat
text
MD5: 10a7aeab1fd854bfcdee63f9d151a353
SHA256: ccf2efb2deced96bf01aa5657e215ae92760a43f0eb6c5ffa78265067ffe724f
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\kclearusecfg.dat
text
MD5: fc2578a535e20f2c4679e2308cd80f0a
SHA256: 867a975d9045b64307f9ccabf109e7d499c5841641c3340e2148aa49cedcc6a7
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\kclearusecfg.dat
text
MD5: ce29ae4af425749ed2ad472c3908eaf8
SHA256: a0071e82a392ad28fcfc9f761a2ac58fe1c354b55ef20f590dff7c2caa0ada84
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\trashtime.dat
text
MD5: 75efd8ad1ed3b46cec5634019e9ad134
SHA256: ba4eb1e624b68f41d42791dbcd0f60add7447cf005a7fbcc746f80ac0751ab57
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\ktrashud.dat
text
MD5: 7018a3478692f0cf537317af5a493600
SHA256: b45c899597970299b2efa1ab912c909206ede6e66ef96521997b337540c3a67c
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\ktrashud.dat
text
MD5: 3cfed116b4e4dd52e2c833f3d123b40f
SHA256: f64ee0da631e1046b69232d5c259941e5ab1eddb03167f99304782da1726cbab
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\ksofticondownloader.dat
text
MD5: 6565a7227042d878a6f35019de3c35c4
SHA256: 294b9aaf2e3bcd5e4694d164f30e727d5653301887f8f63de5c9e4232115a011
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\91000004.png
image
MD5: e36563a37ae14ca27f24db83574178fd
SHA256: c67599e6b811241716acb7d8ae82324e390efb4f21df5012acf9a3e89f54ceaf
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\91000003.png
image
MD5: cee78d279922c8171641954146d73980
SHA256: 164a723b8266eeaec452ef3f5a3ce1e72a66acf50e82b52c4ea59b8733cc7528
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\91000002.png
image
MD5: 57b45744f5b93291afc471bf97e40d1e
SHA256: 6dbb6e6044382ab29aeff3118f8971f0db9e66c081056f62e5f66002174298fa
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\81000002.png
image
MD5: 150065256d6fac7cad67a6d727dfbd25
SHA256: 5d6a885f3bac97b82bdf40aee630ad43541041871466f00dd1b6d1fcbe9b2c35
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\61000128.png
image
MD5: c3efa97211b342c086b45e388be6a9d4
SHA256: 498ca82fae36d79319a828120c23c9231dbe9217aecf8f96960654f91fe77a9a
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\81000003.png
image
MD5: d278aec302f9aba69b6ffbb77c2b5e60
SHA256: 479a715c228a24cca0f77aaefcc171cb3bdea399bf86e318f3fd5886b5e0ade3
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\91000001.png
image
MD5: e61b9172ebfea303ffd8fd625ca2a6a8
SHA256: e5b841776356da5ba2115bbf2fe8f426c1379b3180f384ea890feffea347ae7a
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\81000001.png
image
MD5: eeb158c12aa92a3edbd8fd6ae2f629e8
SHA256: 23b3ac6119e1990523b45f1d5048dfd2e1a694de0a1552bc47173498cc3178a3
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\61000094.png
image
MD5: 1e732b990aac93d1759c3582ff8f561e
SHA256: 6b435790e3bf24c0d499f24c4a32ee0225a69ecf93129bd9612a184522262372
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\61000093.png
image
MD5: 42fb8d87f4f0bb4c023bc3bcfd424eea
SHA256: 58bed6253c37076dbd6d0731f44d0e7c9835115c34811c15a2439d4a0422c9f9
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\61000095.png
image
MD5: 4006e095f8987baae671ce44134bdc31
SHA256: d90dbf5cb41e51e8249848fb9b00123f57a68f5b0da2b9d8fb5a5495c79bfe32
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\61000092.png
image
MD5: 724df4b003aca5cae2b89663dedce8a3
SHA256: 11df3d3bc88e29f54ce9f08c37e9d5013aa7d331f32e3becd4022aba7eca634f
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\61000087.png
image
MD5: a988298b6b4a2d7739faca68ebe520a5
SHA256: e03c1005cf1500230eb5e6af138ac54ab97bcffbb0c3179b78d1464d38f25736
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\61000090.png
image
MD5: 6acedc514b95dc77a807717f4cbb1c34
SHA256: b3e4a4e6291a55a88bdb0515cde3d47042b0cbc93e90d46662a3bb20386a6925
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\61000091.png
image
MD5: 055a21f8311b5d9274cb11c7fb98dbd0
SHA256: 16510a3ace1f8892c2d15865b864951bc612d6c01ac82a0ed3305f4f4fb78c23
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\61000089.png
image
MD5: d0ed3cd550bf0b3718bc0292bcd6be06
SHA256: f27fa9016faa1888499deafb17db36a2a74da4a414e73e7fc6d4f0aac95446ad
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\61000088.png
image
MD5: ba2883f87f3876e554ba7be2455258b3
SHA256: 9aba2293a0e34e653f9ead1d5657cc85bd563cf6dc6e5e784e64db0d137f509f
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\61000068.png
image
MD5: 7303f349f2490529da0d45a787b8a777
SHA256: 527bde08706af7456cab13fab48833d0bccfc68c5522706e6a7fe18f7f481ad3
2144
金山清理.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\microsoft.vc80.crt.manifest
xml
MD5: 89ca53ae1155058a5f93234b13b17c7d
SHA256: d736c413543b6b168dc59769840ae95b5726d428f69a23af1659dea8fb4236c8
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\61000071.png
image
MD5: 5e78b1faa83e6347a2452b677d9f782f
SHA256: e14ee74dd62dd2b9c891ff546fcf38ac2c27ef6da9d346c4aca9b70a21ce19f4
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\61000067.png
image
MD5: 75ec8134004b3e7a64557bbd3d70de22
SHA256: 3211ea6b388b3802bf110aad0d60aa55e388e380bad71b26fce972d29ebe0ae5
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\61000061.png
image
MD5: 42bc33caf9225197aa3ec53bd42966e7
SHA256: d1fff9379f42403d971b3b28f1348310a915919706c237a764baf320bcd1e38f
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\61000057.png
image
MD5: b250b4409e4bba5893c4ca35e5f1c124
SHA256: e782515591f208cab0f8c9669c26ec3d26f2d24fe5a7a902acd7029198c6173c
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\61000056.png
image
MD5: 3f41dc04a4e550271aab9a1b59c6acf2
SHA256: c7f78cd3b1ca3ea3c98ea0c23b65dbe841091edebe9a2192a8b2d3ab8b1e2a9e
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\61000039.png
image
MD5: 9a41c1bcd8d7b0f38b209f392932fd9b
SHA256: ba7cfa463addee9a29ff91afc8ddc2d45d784e1ad38516ad3f5f6df825ee584b
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\60047637.png
image
MD5: 30a0be4de9722b041bdae575aeb27e63
SHA256: 24b1e1efbe1673846b500eb6a2ecaedb3b85f421391fc1737425c43ebcc464ec
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\60047501.png
image
MD5: 196fba24098721ddb92cd5e46464d602
SHA256: d278b32d92dc860fa0c9e52c7cada38529685138bb6bbeb00158f91bcb674794
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\60045166.png
image
MD5: a4ee114e5729f5f41b22f6b5c575dc23
SHA256: 502c3322893f11a56b57c59d246320dd2976cf23332b9898746f4cc3421edca4
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\ktrashud.dat
text
MD5: e6da87bf704b078a8d8601e9eb8c5151
SHA256: b5cb37108453511ced7ea3e79349f49bc29c5721bde407ae8f031582dec2e30c
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\60040408.png
image
MD5: 397b63798fe6b292d15e8b1651578c17
SHA256: fcc1c8ee76c6a85a78de4722b6576fbf094f7ee30543089b8879105cbbe5b7c1
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\60044347.png
image
MD5: 35f19512a421bd02322fcd5f297355e1
SHA256: b57b11ae68cc229785a61201f5516075d555a8680777e906828469099ee14b61
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\60039769.png
image
MD5: a97084ba235d33c65e54209ed024e75a
SHA256: 8ef19b260f7b9da19d3b8869bd2547eb72949931fa41ac53f2de9e71b52ddb98
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\60038242.png
image
MD5: f15c20c176218b12caded453436b4964
SHA256: 71450955f383b5948fdac6bb51c015ca5aff1b5db3bf1c31428a22c7aedba8ed
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\60039558.png
image
MD5: e3c0eb41b900276317e9412a205ebe90
SHA256: bc3a9f73071becbe3c88dbcb69ec5b2da548273035c464789a9fd4fc3351a8fa
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\60005486.png
image
MD5: 40bf46a0342137472ed0428ba28da4a7
SHA256: a9ae97b77fd6a07f0fad773e204ee2c46592e1e94f9aab6244fe8b4031850aeb
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\60005485.png
image
MD5: 3571e1bb765f6875e7434e6e9762e754
SHA256: e1d319db6f34f9761e9a0286e508e68dc30a32718e7e3e7ac8ba80f35d0bc081
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\60002917.png
image
MD5: 5ad20e60a638199b146531a38c7ee340
SHA256: 91866e10ece95e8b92eb6c6b9985e76138dda7889cff4784b192ac6239413e3b
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\60005482.png
image
MD5: 0b88d5de702c3f633585d40e5929e640
SHA256: e738b2df0ea2145d0adf61d9374cc33eada08844e36175e2f4da4b80debcecdd
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\60002916.png
image
MD5: 281f30f3271954d7d4a6a074ceddfbe6
SHA256: 58dc57fa6ce8bbdbb4021fcebc89d4218c512fee64bd56f990c9d9f2e67706be
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\60000399.png
image
MD5: 02dcdd91283e860d87c2fb29de93f83c
SHA256: 018321a11a893bb0c315f1470b96e47bcb6be4e4c8ef7fb74ad61388d5067fc2
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\60001814.png
image
MD5: 4a760233786e573bc3d98b8e4e59f745
SHA256: 6c17322b9f9b6f62e6608ca8671ec3109ea7065d41f7a530583c39de535d564b
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\60000404.png
image
MD5: 118c5ea2784d6b475487e0e24e8d05e0
SHA256: f147fffb339dd5d71515b6d27dd3da42bfe5bf37c994413dc63f4f543472e3c4
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\60001467.png
image
MD5: cf6490bfa19959a0f9b066c4de42c446
SHA256: 17e0caef064aea220f1b76fcdf838d8026d820c52ec2011d691c0226b206e950
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\60000116.png
image
MD5: b5a7fe3859878db38df48a13ebe9f12e
SHA256: 2bbc23f669b7bb57459ae92193b72bede11b0eb99d041f827c8fe1143d651b8d
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\60000234.png
image
MD5: beb41cee85cc58206bd88cacf408ba5d
SHA256: 605ce2d666b5d9123f82d9922baa53eb6185728b4b91107c93f9370235046a11
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\60000118.png
image
MD5: 548b2eac7b07a687b3c369d619012bf0
SHA256: 69e262bd79105c30577e8dac026872e5939083e9a168c0c83926a8f768b3d2b1
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\60000057.png
image
MD5: 2dc3efcde1bd9a1e6138884857217883
SHA256: 392b6be1e9c51f29b0f35c56a52975a7b53dcf875070331806019c6ea3d7c0ec
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\60000043.png
image
MD5: 7102cd4d6bbb01e484c77edc17070ea1
SHA256: 6637a82d9d6859467bcd607d228dce5b1d6449bdc37e08d60e84206e93d24fb9
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\60000047.png
image
MD5: 430ed416f41849376b6af60c2ac7d3a3
SHA256: ba07e6cbcda605bf05a7f5ee98fe29d411ab08fecb37c63bb6563c14d67d139a
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\60000030.png
image
MD5: 29a8b95300820d48e1fb13913f30e36c
SHA256: 1dbce8ff76e3d95a756508b4ef8246b24cb2b813473451f98afdd4e595694e31
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon\softicon48\60000002.png
image
MD5: de7587ad783f69e8ca5320693329acdf
SHA256: 730d070fb8b9c2a4a654f69e1fbff93da31545322226f05b6c15e2ed4c454a22
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\ksofticondownloader.dat
text
MD5: 92398759eb72a6fdacb82e2ae7a363a6
SHA256: cfba6fe4fbb5edb39b091bdee63f9fe1a395543f3416ae8b7b2a9fa7cc899eff
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\trashtime.dat
text
MD5: 138fe931369de998df9ea2de21dbdc9d
SHA256: e6c7bdd2a401615a7509560c1011a4ad2963d2d6bbccfedf0e1a8e958c2a23b2
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\ktrashud.dat
text
MD5: 699d10cbe6714eb988e2c708b5d4c7f3
SHA256: 5042ae25a14134e26843d5ca9249c409ae2ec4efcb3c0da189ca8903faec62ca
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\optimizecfg.ini
text
MD5: 3ba253a1a5c31f36c3bd41165cddb298
SHA256: c8ef4a6cdfba9129f35bce96f9bf0021ead807b0dfd2ca8a8c285020a49d572d
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\ktrashud.dat
text
MD5: 31304871dfb2cca0724728f76e91986f
SHA256: 547b84ec821addcee657f498fd400ef956d2235dabccfe99bef34fdcd215cf2e
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\ktrashud.dat
text
MD5: 02a72b8130f73a12b22bc20e176dbfc1
SHA256: 1a51f4fd59af89b6c6c9206bf34d49b248fa303971d4b5464a5e0725d95185da
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\ktrashud.dat
text
MD5: 851eeef3d339e590cc4ec6e16205ec67
SHA256: 7ca78030328126ab3f35fce43bbfa7988a10fe203621a85722f569fe3088c2d2
2144
金山清理.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\microsoft.vc80.mfc.manifest
xml
MD5: 7a1160b8c147e8a38747f4f41302fdf9
SHA256: c9b16fe35ce84550b8e933a893dd19cc7d54684a72bb38c71bdb44eb4d133830
2144
金山清理.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\security\kxescan\config3a.dat
binary
MD5: 457d1808def819b70d2d0173402b5883
SHA256: e31a0cab632beda4d88d8b5cfd63533cfdead5d0b3524b8e641227949666a849
2144
金山清理.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\kcleanerselectallrisk.xml
xml
MD5: 2c129d95d102be5f2633fa6fb12d6de4
SHA256: 9fcdf85ffc0808da22b267daeafaa8f8adfb41127c5e26d63ccedc8e51db268e
2144
金山清理.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\kaccclear.dat
binary
MD5: 674b0121e5f07799502a737728965b0a
SHA256: 6ba7d0047729e9026dcdde29a5ee16a1ea12d44946d7970eef6ee1e8ff1e5e22
2144
金山清理.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\softicon.dat
compressed
MD5: 0b2534ca6976b3a68e081ff1b115fdb0
SHA256: 09ad8c6a04dda8ad7a636ed70096e950b354941743825dc9359793f44d4d60fd
2144
金山清理.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\clearplugin\plugin.dat
binary
MD5: 080e9d277da0af257fcbcbee15016c1c
SHA256: 42456485fe3d0a48358ddc91392ccb92eb9ec8925c8f997a72c1ce1478b50b1c
2144
金山清理.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\clearplugin\plugin.nlb
pc1
MD5: 351ad94734ef5b05d925e5adbc623c8d
SHA256: 5ef99cb36183469905265f2dd898818f98ed2ea51cfa3b037a161bd42bf7cbdd
2144
金山清理.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\cleanlist.dat
binary
MD5: f830ee9904c172252ed07e4cc00acfa2
SHA256: 2718b366c6527f58a6baa70192f04c324420c958a939f56e12b99b9f1e84bd1b
2620
kcleaner.exe
C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\data\kclearusecfg.dat
text
MD5: 9ad30bf9a8f57d7e4c7594e9ceab3819
SHA256: 3421d93b5df0a253bc527ad7b011478fb17fe728361ad143cca3dfa5e18577eb

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
2
DNS requests
4
Threats
0

HTTP requests

No HTTP requests.

Connections

PID Process IP ASN CN Reputation
2620 kcleaner.exe 103.104.170.25:80 –– unknown
2620 kcleaner.exe 103.104.170.24:80 –– suspicious

DNS requests

Domain IP Reputation
dl.ijinshan.com 103.104.170.25
103.104.170.24
whitelisted
dns.msftncsi.com 131.107.255.255
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.