08fcc6659be419a070c15de4a58254919638994e4b76898bdff2d45184406862

Analysis

max time kernel
56s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
06/09/2024, 19:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PC_Cleaner_setup.exe
Size

7.5MB
MD5

5322033130c651d2b1123710a5451bed
SHA1

227ac8148d980a4c2c6531623f962938a544f914
SHA256

08fcc6659be419a070c15de4a58254919638994e4b76898bdff2d45184406862
SHA512

83b2c926cfee9b4d4bfc94ee478e5d731b7eae915b7131cb489956bba40dcb3af9a67ffb2e423e7195989b25daa97ca451acab588e7cec8cefee49ac831d3264
SSDEEP

196608:D/xIhkEAPhniiBiaEJky7UFsDGMa8rl8c:D/NPhtd/WDGmd

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000\Control Panel\International\Geo\Nation	PCCNotifications.exe

Executes dropped EXE 3 IoCs

pid	Process
4272	PC_Cleaner_setup.tmp
2084	PCCNotifications.exe
2072	PCCleaner.exe

Loads dropped DLL 3 IoCs

pid	Process
2084	PCCNotifications.exe
2072	PCCleaner.exe
2072	PCCleaner.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 44 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\PC Cleaner\is-FBOMK.tmp	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-31L0J.tmp	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-CS2GI.tmp	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-26015.tmp	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-4T4T4.tmp	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-9G1K3.tmp	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-BJE3P.tmp	PC_Cleaner_setup.tmp
File opened for modification	C:\Program Files (x86)\PC Cleaner\net.db	PCCleaner.exe
File created	C:\Program Files (x86)\PC Cleaner\is-AH6IE.tmp	PC_Cleaner_setup.tmp
File opened for modification	C:\Program Files (x86)\PC Cleaner\unins000.dat	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-K0IRV.tmp	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-JUQKJ.tmp	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-3JLP0.tmp	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-3DDB0.tmp	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-D3UUE.tmp	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-KK342.tmp	PC_Cleaner_setup.tmp
File opened for modification	C:\Program Files (x86)\PC Cleaner\PCCleaner.exe	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\unins000.dat	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-SRPP7.tmp	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-P71QG.tmp	PC_Cleaner_setup.tmp
File opened for modification	C:\Program Files (x86)\PC Cleaner\PCCNotifications.exe	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-0IQMR.tmp	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-HVKBS.tmp	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-5V856.tmp	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-9BCVP.tmp	PC_Cleaner_setup.tmp
File opened for modification	C:\Program Files (x86)\PC Cleaner\net.db-journal	PCCleaner.exe
File created	C:\Program Files (x86)\PC Cleaner\is-RAS77.tmp	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-O15ML.tmp	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-H29KO.tmp	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-CLCQ6.tmp	PC_Cleaner_setup.tmp
File opened for modification	C:\Program Files (x86)\PC Cleaner\PlayaSDK.dll	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-HF1LL.tmp	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-COMBJ.tmp	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-HAG54.tmp	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-1BKVJ.tmp	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-0HM8S.tmp	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-GT6UK.tmp	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-QK7O6.tmp	PC_Cleaner_setup.tmp
File opened for modification	C:\Program Files (x86)\PC Cleaner\PCHSUninstaller.exe	PC_Cleaner_setup.tmp
File opened for modification	C:\Program Files (x86)\PC Cleaner\sqlite3.dll	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-S3VLG.tmp	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-AJ67N.tmp	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\is-SBC57.tmp	PC_Cleaner_setup.tmp
File created	C:\Program Files (x86)\PC Cleaner\unins000.msg	PC_Cleaner_setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PC_Cleaner_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PC_Cleaner_setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PCCNotifications.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PCCleaner.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	PCCleaner.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	PCCleaner.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	PCCleaner.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	PCCleaner.exe

Modifies registry class 8 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\pchscleaner\shell\open\command\ = "\"C:\\Program Files (x86)\\PC Cleaner\\PCCleaner.exe\" \"%1\""	PCCleaner.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\pchscleaner	PC_Cleaner_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\pchscleaner	PCCleaner.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\pchscleaner\ = "URL: PC Cleaner Protocol"	PCCleaner.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\pchscleaner\URL Protocol	PCCleaner.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\pchscleaner\shell\open\command	PCCleaner.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\pchscleaner\shell	PCCleaner.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\pchscleaner\shell\open	PCCleaner.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4272	PC_Cleaner_setup.tmp
4272	PC_Cleaner_setup.tmp

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeBackupPrivilege	2084	PCCNotifications.exe
Token: SeBackupPrivilege	2084	PCCNotifications.exe
Token: SeSecurityPrivilege	2084	PCCNotifications.exe
Token: SeSecurityPrivilege	2084	PCCNotifications.exe
Token: SeBackupPrivilege	2084	PCCNotifications.exe
Token: SeSecurityPrivilege	2084	PCCNotifications.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
4272	PC_Cleaner_setup.tmp
2084	PCCNotifications.exe
2084	PCCNotifications.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2084	PCCNotifications.exe
2084	PCCNotifications.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 5028 wrote to memory of 4272	5028	PC_Cleaner_setup.exe	81
PID 5028 wrote to memory of 4272	5028	PC_Cleaner_setup.exe	81
PID 5028 wrote to memory of 4272	5028	PC_Cleaner_setup.exe	81
PID 4272 wrote to memory of 2084	4272	PC_Cleaner_setup.tmp	83
PID 4272 wrote to memory of 2084	4272	PC_Cleaner_setup.tmp	83
PID 4272 wrote to memory of 2084	4272	PC_Cleaner_setup.tmp	83
PID 4272 wrote to memory of 2072	4272	PC_Cleaner_setup.tmp	84
PID 4272 wrote to memory of 2072	4272	PC_Cleaner_setup.tmp	84
PID 4272 wrote to memory of 2072	4272	PC_Cleaner_setup.tmp	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\PC_Cleaner_setup.exe
"C:\Users\Admin\AppData\Local\Temp\PC_Cleaner_setup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5028
- C:\Users\Admin\AppData\Local\Temp\is-0S44D.tmp\PC_Cleaner_setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-0S44D.tmp\PC_Cleaner_setup.tmp" /SL5="$11016E,6905251,831488,C:\Users\Admin\AppData\Local\Temp\PC_Cleaner_setup.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4272
- - C:\Program Files (x86)\PC Cleaner\PCCNotifications.exe
    "C:\Program Files (x86)\PC Cleaner\PCCNotifications.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:2084
- - C:\Program Files (x86)\PC Cleaner\PCCleaner.exe
    "C:\Program Files (x86)\PC Cleaner\PCCleaner"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies registry class
    PID:2072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\PC Cleaner\Cookies.txt

Filesize
245B

MD5
f64c612cf669e719dfabc162fbdd61e5

SHA1
a3018caad39ab800f8f7e5df6b7de136e873e5d6

SHA256
a193f2eba15cef7fe439e4f0292af90bd46eee89730bd390e04c365f3e62deb4

SHA512
62922ce844b4b4285d6eb30b7515fc0f1c6552d5825aaa33d2d9cdc091d68cfd503c2d521bc3e26765df0600652487532f9ce8ab788f9931bf1cdd7bd045cec2

Download Submit
C:\Program Files (x86)\PC Cleaner\English.ini

Filesize
77KB

MD5
c9a4cd35ea087d3b5f2b2b88656bf808

SHA1
d632b34792359471f2362f7453346930e7ca0ed1

SHA256
b267697f6bee6db31d710fd52526492ae47355aaced8ab2a66e28b80e680f313

SHA512
19ff1b973b91ea5aebf0478fabaeab985d274b32d38e22cf5b9686d715e09d966b8efc6a516ce4ebaa504de0b237cf5398f58bbfe58146c9dbeee6d64a95335a

Download Submit
C:\Program Files (x86)\PC Cleaner\GExts.txt

Filesize
349KB

MD5
1276e1dab8f69bf8730fe2598059338c

SHA1
cd8e127e154de44574ab9fe391338e8834ea4c9e

SHA256
c21419fb42dfb8422aa07ebafc1f68ce5bfa51032307f4ab1364bde4af91e2a3

SHA512
b6bab548bc2839be718f2415aed940fe40a634e3710bf1b08aee94a2a6f4e3aa255c7fb87a8a78cf47163cb70b4a50d754de13643103c8c769e9469606076969

Download Submit
C:\Program Files (x86)\PC Cleaner\IDs.txt

Filesize
1KB

MD5
82b0c12afc82bb2ce9fe25055032012a

SHA1
c1686583e644f810495b49ffdde585ab53f5ae1e

SHA256
c1db4573e9d2a9c4fed3af2b14214c2a1a38db79fc72a77bd5239fc2c6c561b6

SHA512
ea825b3e8d3877e94fe3f6d14026e9c45f4f4b4cff7fdda7e935a23456289d8891d234ad0e72a04aced9d0a79610c94c270cc073e82fa2564fac41551c95684b

Download Submit
C:\Program Files (x86)\PC Cleaner\PCCNotifications.exe

Filesize
4.8MB

MD5
a5cf86264aedc0214507fac66a05604f

SHA1
a5d5508ec5fcb27a6648f24a5ccc4e63e0c97e37

SHA256
9b39204aee479f71e7bab60cc3586cf4d307e3c6532be65767fdae8cca54b551

SHA512
3c793ca42dc9cf45d8e2979e2e64952a8706d28fb723cfe9fc44418e7980eb0973a827c1a3ddbdfad6a7a616fe1309949d19e27ce0579586da9d5001b251cd38

Download Submit
C:\Program Files (x86)\PC Cleaner\PCCleaner.exe

Filesize
10.0MB

MD5
bb7eac844f1bbb43d037f3e43dc1706b

SHA1
278fdcc4a24294ccc8304ba7bac7b7eae4dfb709

SHA256
a973371778949eade43fb1f06588e2c5a74872c744f41959536ab1c407812aa3

SHA512
1537fbb9eed3bee1d414e63b6f08430a4ac89dc6a29bfe25c41c5543d8be22a92bab24aa3c420998cb9b3fc8d4127b3abf15e8d8b58a0710396db171d17f3d7e

Download Submit
C:\Program Files (x86)\PC Cleaner\PlayaSDK.dll

Filesize
960KB

MD5
11a813c0972b740937d3a7e2daf9ffcb

SHA1
4245b5a3c97f725c56a29d745767edebb5e3f15d

SHA256
3f933bced2d9f65d48f7c48715bf286fd431341a74e1ce15d39b7c4c96603cf9

SHA512
9a590dcab0cf7051d04743736ea7a6b74fa0f87539580cc41a58ad33a76574201e7b6d54d5100cbcd262266bc55b053243edd4860a2d43deeb1c164395e4a941

Download Submit
C:\Program Files (x86)\PC Cleaner\SList.db

Filesize
1.0MB

MD5
ddbbfda211ed1460d616a48fe1ef9676

SHA1
5306fba67448ab0c1c3e55808d13b1f900e82493

SHA256
b59785f62c26b60ce5d6e30e88946bffc3d7eb8c0f572359d36985ca8ee4bc48

SHA512
28ce666ff970741145b26c7850da551fff4bee95881981637c877e82e10a2aeda2304fe7580ac06fe3cde175bc51c97502060769b7fa358eb2f82126a520ed38

Download Submit
C:\Program Files (x86)\PC Cleaner\SList.txt

Filesize
76KB

MD5
09b6922b17f86efa7aeec676370f7388

SHA1
e24c2f1357eb8b35f2efa4c0fdb81c94b5a0d0f3

SHA256
8483b5889dfd3874901657719770157b528a9b54543fc766e256f983890191fe

SHA512
8e89b647587e6a54b34313d17abfa04f3634ea6cff62c0183cdd4ab6babf86f2da819f725932c298170e5fa521062d2cc84d1447f685f5cea727a7c4a37e684b

Download Submit
C:\Program Files (x86)\PC Cleaner\SchedTasks.txt

Filesize
6KB

MD5
636908c786dfe5783754d4b489ab7d17

SHA1
9024e7f3ac8d9a990398e8362d1fb53b39ad75f5

SHA256
11277ae487362fc06a48174d679f59678d50da4b264a776f491f1e389570bc8c

SHA512
7b472393528e3659106b6ff482061c17c45fabe35956b4e68a294fd4cf1457a75cb3c9c67c4279cd5ba9fd867487a617e668dc26c4c2e893e36b79587c76bf80

Download Submit
C:\Program Files (x86)\PC Cleaner\Services1.txt

Filesize
3KB

MD5
21bc09207f237dd262112401584e3b8f

SHA1
7aa202d5d392e9c3b04c0113381d165a3b12ff61

SHA256
95d33968b745174744e07207e8003b8a615e1bc5e10676a2f4e81f3e5abf4980

SHA512
ef11cefd953fb0fa91931b81400438a4c38c65b05a7581f8343cc3f7ef0fa0aeba9dfec68f7862dca5c06783a104f8fb47852d84ccb4a8a7c9de94799b1a3fb7

Download Submit
C:\Program Files (x86)\PC Cleaner\Services2.txt

Filesize
14KB

MD5
6d885d79c99b9b8d409c4684bcea54d2

SHA1
20eddb02737aad8ec88407e19777534a8ed8e766

SHA256
1923ed5b39d3248fcbc245eb60fc05116fd439e62f2271fb5b7d42fea8545cbd

SHA512
bb17d8901281fc39a2594bae85eb81e161baa74a9a954121a433a37190557580040702e9308b2734cc3b695ae3f8dfe04afbccf88d1aeadb6dc939e07fd54c63

Download Submit
C:\Program Files (x86)\PC Cleaner\SiteNtf.txt

Filesize
4KB

MD5
023938522a2335379044391c1b83656a

SHA1
1761b2dcadb48689c7c052393490043e050e5fea

SHA256
66aae467ef3636628b6eb4c4dc2e210990bb6440653cc3aafb7800b89a8da1ec

SHA512
0f88726ee74a9d51dfd888120d0e0dc1c66949374388ef4a394b4a2cd59056dbada68fe75929f4374b4441cfd8b8100e5edfaaa2982dba9f02d0322f1d1dd389

Download Submit
C:\Program Files (x86)\PC Cleaner\net.db

Filesize
1.4MB

MD5
690573714bfe225ebb010da07753cd61

SHA1
46dae37c65e37979677e552060c042798e82f0b5

SHA256
eb25595b66b58d4ac7980b6b159624b79a76387122f88f5ac554e7ff8fdec902

SHA512
d82a41709eac5a69e32f527c286503701b986bbdee841b66566b29a627c27e45e701c474825fbeb2e67170b82ef93868d2622d17864c107eac71e6a9dcce69ae

Download Submit
C:\Program Files (x86)\PC Cleaner\sqlite3.dll

Filesize
850KB

MD5
97cc21b74d8f314c86bf2ce3d48315f9

SHA1
2b4cf9651b033f19d560d30baad83273dc3d990d

SHA256
13fdc7a5fda77cc02f8d526873f7459f068f359850c994e5be9885a01b4257d8

SHA512
3c61d305ec9482b3ff4146700920d570de27adb2c4e19f4b6ae67c08cc5a23dafd4ac0653aac6f29193873a698b1a956942e39024c839f4e1f0b2131d94b67df

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaner\PC Cleaner on the Web.lnk

Filesize
1KB

MD5
eb1f04e93cb7df3a68ae3752b3c030a6

SHA1
8f8fc75d65cc219bd466b4ba86cc4e1bea2c9cc0

SHA256
de2eeabd98663ad780414cb9cb89835be9eaf903aaba197eee98bd2faaddb46d

SHA512
489f8ef95ce512809496a1adedac43a33120b7f839f0b4e1c41533d32d226d2da314301f873b706ca585c828f729c759fa4cec877532aab54c0f777577f58055

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaner\PC Cleaner.lnk

Filesize
1KB

MD5
91ac57510072ed40d82cbac33eda759e

SHA1
5def94c3969df39b7b2476514253c38bf0b42b41

SHA256
a13a238d28b551ccfaa00d1c75ededbbf20d4c76b2a5ac917c8134067419e6a0

SHA512
16f983c669ca983a459aa2baa00dbe4512559aaf5d21ff60008d03f49f1f05811b8dbd0ffd338d2322211f86a862570a914f452ec646642a663f44513e6991d2

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaner\Uninstall PC Cleaner.lnk

Filesize
1KB

MD5
30685c4eec7cafa322b6a48d87d89953

SHA1
1bca1602efab74e270933bce07985e871d5e80df

SHA256
1d33679da5d01f52b1c42a57ff9d6c37e6087ce0d686adcd6358eb909e01caef

SHA512
cceb85c03fb7a3034eb5e9c8535d8130d8b210237fac104e5d6833cbb184226e97e2f1d77a00e2b2a4c3cb2b7133ce40a128a89b6134fcd06067ca7304aed69d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0S44D.tmp\PC_Cleaner_setup.tmp

Filesize
3.1MB

MD5
52123238a84515dd40965ead13fe7fb6

SHA1
63a8db8af7ddc1a49b77abb83e8d4712df1a4465

SHA256
14ce3b34b2ad35e27951223a1701999c6eed3e3aa5e8eaaec335506f60dbb2af

SHA512
ae1a3bc362087baeddc2396b80c198f1a27570702cff8cd1ad5df6c3f96765303f4721ed16368b4809e9e9be86585fea7eb446920e15fd9d341e5465d5b74d92

Download Submit
C:\Users\Admin\AppData\Roaming\PC Cleaner\Log\Tasks.log

Filesize
635B

MD5
cbb913c28807d371cee84fe86d96bd93

SHA1
7c1d8cb8db3dc18599c291d3b4de8a4f0e3793cd

SHA256
5b3284ebd1051c4cfd35cadf57659ed41816270d086cfd886710a3da046514f0

SHA512
f63df867f45f90e0cceec50d5115363eac3ed12faa579e0081756bdc8bc11ee77ee0aa4bcaa86e5c332682dcd7e5f5e22ce75ca419eaf32eaad9f771216581d6

Download Submit
C:\Users\Admin\Desktop\PC Cleaner.lnk

Filesize
1KB

MD5
d8bcbdeb588275a267e5cd8932917a8d

SHA1
a8b8fb130e5ddd138c44a09e2bafd954d03e1b3c

SHA256
0b0bf3544a095c0f05705233c50da130f41a0c424f7547ac32f4bd73f7ea0a73

SHA512
38c13e40bc534f60a5a74d6b8a5d083c6d2809824a9a5e9449f4af0328f20e1918947832f10018c74a757d00a6e77ce1e7b17fe37b65976a2add8ddc89c6036e

Download Submit
memory/2072-176-0x0000000000400000-0x0000000000E0A000-memory.dmp

Filesize
10.0MB

Download
memory/2072-172-0x0000000000400000-0x0000000000E0A000-memory.dmp

Filesize
10.0MB

Download
memory/2072-214-0x0000000000400000-0x0000000000E0A000-memory.dmp

Filesize
10.0MB

Download
memory/2072-173-0x0000000061E00000-0x0000000061EBE000-memory.dmp

Filesize
760KB

Download
memory/2072-180-0x0000000000400000-0x0000000000E0A000-memory.dmp

Filesize
10.0MB

Download
memory/2072-188-0x0000000000400000-0x0000000000E0A000-memory.dmp

Filesize
10.0MB

Download
memory/2072-192-0x0000000000400000-0x0000000000E0A000-memory.dmp

Filesize
10.0MB

Download
memory/2072-196-0x0000000000400000-0x0000000000E0A000-memory.dmp

Filesize
10.0MB

Download
memory/2072-223-0x0000000000400000-0x0000000000E0A000-memory.dmp

Filesize
10.0MB

Download
memory/2072-204-0x0000000000400000-0x0000000000E0A000-memory.dmp

Filesize
10.0MB

Download
memory/2072-229-0x0000000000400000-0x0000000000E0A000-memory.dmp

Filesize
10.0MB

Download
memory/2084-171-0x0000000061E00000-0x0000000061EBE000-memory.dmp

Filesize
760KB

Download
memory/2084-170-0x0000000000400000-0x00000000008E2000-memory.dmp

Filesize
4.9MB

Download
memory/2084-102-0x0000000000400000-0x00000000008E2000-memory.dmp

Filesize
4.9MB

Download
memory/4272-12-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/4272-6-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/4272-109-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/5028-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/5028-10-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/5028-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/5028-110-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download