General Info

File name

FastComputer.exe

Full analysis
https://app.any.run/tasks/25cfc0c3-100e-4c2e-a11a-1f417c864574
Verdict
Malicious activity
Analysis date
9/11/2019, 04:47:33
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

d55d3e846af582881eb20a5a6046438f

SHA1

129c66d35b9111bff240cd319496a264cbb9dbfa

SHA256

576f39fe1e3cc767b7f125014135212241502ad2e723922f123f959ef881c2e8

SSDEEP

196608:m8V026QjFJhYAhAZ5ps77DX0UxHqDA3wpH0Tofcw8lgXuqEG+LGG+un:m52rbA3u77DEUxHqDAg+w8lgedG+qGln

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • OptimAdmin.exe (PID: 2248)
  • Optim.exe (PID: 3312)
Application was dropped or rewritten from another process
  • OptimAdmin.exe (PID: 2804)
  • Optim.exe (PID: 3312)
  • OptimAdmin.exe (PID: 2248)
Starts Internet Explorer
  • OptimAdmin.exe (PID: 2248)
Executable content was dropped or overwritten
  • FastComputer.tmp (PID: 4088)
  • FastComputer.exe (PID: 3700)
  • FastComputer.exe (PID: 3280)
Reads the Windows organization settings
  • FastComputer.tmp (PID: 4088)
Creates files in the user directory
  • OptimAdmin.exe (PID: 2248)
  • Optim.exe (PID: 3312)
  • FastComputer.tmp (PID: 4088)
Reads Windows owner or organization settings
  • FastComputer.tmp (PID: 4088)
Reads internet explorer settings
  • iexplore.exe (PID: 2792)
Creates files in the user directory
  • iexplore.exe (PID: 2792)
Changes settings of System certificates
  • iexplore.exe (PID: 2792)
Reads settings of System Certificates
  • iexplore.exe (PID: 2792)
Creates files in the program directory
  • FastComputer.tmp (PID: 4088)
Loads dropped or rewritten executable
  • FastComputer.tmp (PID: 4088)
Application launched itself
  • iexplore.exe (PID: 2296)
Adds / modifies Windows certificates
  • iexplore.exe (PID: 2792)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2792)
Changes internet zones settings
  • iexplore.exe (PID: 2296)
Creates a software uninstall entry
  • FastComputer.tmp (PID: 4088)
Application was dropped or rewritten from another process
  • FastComputer.tmp (PID: 4088)
  • FastComputer.tmp (PID: 3952)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable Delphi generic (45.2%)
.dll
|   Win32 Dynamic Link Library (generic) (20.9%)
.exe
|   Win32 Executable (generic) (14.3%)
.exe
|   Win16/32 Executable Delphi generic (6.6%)
.exe
|   Generic Win/DOS Executable (6.3%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2012:10:09 10:48:22+02:00
PEType:
PE32
LinkerVersion:
2.25
CodeSize:
60416
InitializedDataSize:
52736
UninitializedDataSize:
null
EntryPoint:
0xf3bc
OSVersion:
5
ImageVersion:
6
SubsystemVersion:
5
Subsystem:
Windows GUI
FileVersionNumber:
0.0.0.0
ProductVersionNumber:
0.0.0.0
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Neutral
CharacterSet:
Unicode
Comments:
This installation was built with Inno Setup.
CompanyName:
AMS Software
FileDescription:
Ускоритель Компьютера Setup
FileVersion:
LegalCopyright:
ProductName:
Ускоритель Компьютера
ProductVersion:
4.0
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
09-Oct-2012 08:48:22
Detected languages
Dutch - Netherlands
English - United States
Comments:
This installation was built with Inno Setup.
CompanyName:
AMS Software
FileDescription:
Ускоритель Компьютера Setup
FileVersion:
null
LegalCopyright:
null
ProductName:
Ускоритель Компьютера
ProductVersion:
4.0
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0050
Pages in file:
0x0002
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x000F
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x001A
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000100
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
8
Time date stamp:
09-Oct-2012 08:48:22
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x0000DE64 0x0000E000 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.45289
.itext 0x0000F000 0x00000B2C 0x00000C00 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 5.68179
.data 0x00010000 0x00000C84 0x00000E00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 2.23598
.bss 0x00011000 0x000056B0 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.idata 0x00017000 0x00000DD0 0x00000E00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.89082
.tls 0x00018000 0x00000008 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rdata 0x00019000 0x00000018 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 0.204488
.rsrc 0x0001A000 0x0000B000 0x0000B000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.15118
Resources
1

2

3

4

4091

4092

4093

4094

4095

4096

11111

CHARTABLE

DVCLAL

PACKAGEINFO

MAINICON

Imports
    oleaut32.dll

    advapi32.dll

    user32.dll

    kernel32.dll

    comctl32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
51
Monitored processes
9
Malicious processes
2
Suspicious processes
2

Behavior graph

+
drop and start start drop and start fastcomputer.exe fastcomputer.tmp no specs fastcomputer.exe fastcomputer.tmp optim.exe no specs optimadmin.exe no specs optimadmin.exe iexplore.exe iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3280
CMD
"C:\Users\admin\AppData\Local\Temp\FastComputer.exe"
Path
C:\Users\admin\AppData\Local\Temp\FastComputer.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
AMS Software
Description
Ускоритель Компьютера Setup
Version
Modules
Image
c:\users\admin\appdata\local\temp\fastcomputer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\is-b47e6.tmp\fastcomputer.tmp

PID
3952
CMD
"C:\Users\admin\AppData\Local\Temp\is-B47E6.tmp\FastComputer.tmp" /SL5="$20134,10937079,114176,C:\Users\admin\AppData\Local\Temp\FastComputer.exe"
Path
C:\Users\admin\AppData\Local\Temp\is-B47E6.tmp\FastComputer.tmp
Indicators
No indicators
Parent process
FastComputer.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.1052.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-b47e6.tmp\fastcomputer.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\version.dll
c:\windows\system32\mpr.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\program files\fast computer\optim.exe

PID
3700
CMD
"C:\Users\admin\AppData\Local\Temp\FastComputer.exe" /SPAWNWND=$2012E /NOTIFYWND=$20134
Path
C:\Users\admin\AppData\Local\Temp\FastComputer.exe
Indicators
Parent process
FastComputer.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
AMS Software
Description
Ускоритель Компьютера Setup
Version
Modules
Image
c:\users\admin\appdata\local\temp\fastcomputer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\is-8isab.tmp\fastcomputer.tmp

PID
4088
CMD
"C:\Users\admin\AppData\Local\Temp\is-8ISAB.tmp\FastComputer.tmp" /SL5="$30136,10937079,114176,C:\Users\admin\AppData\Local\Temp\FastComputer.exe" /SPAWNWND=$2012E /NOTIFYWND=$20134
Path
C:\Users\admin\AppData\Local\Temp\is-8ISAB.tmp\FastComputer.tmp
Indicators
Parent process
FastComputer.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.1052.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-8isab.tmp\fastcomputer.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\version.dll
c:\windows\system32\mpr.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\profapi.dll
c:\users\admin\appdata\local\temp\is-co7jp.tmp\_isetup\_shfoldr.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\imageres.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\fast computer\optimadmin.exe
c:\program files\fast computer\unins000.exe
c:\windows\system32\sxs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\userenv.dll
c:\windows\system32\zipfldr.dll
c:\windows\system32\shdocvw.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\netutils.dll

PID
3312
CMD
"C:\Program Files\Fast Computer\Optim.exe"
Path
C:\Program Files\Fast Computer\Optim.exe
Indicators
No indicators
Parent process
FastComputer.tmp
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
AMS Software
Description
Ускоритель Компьютера
Version
4.0.0.304
Modules
Image
c:\program files\fast computer\optim.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\opengl32.dll
c:\windows\system32\glu32.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\avifil32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\srclient.dll
c:\windows\system32\spp.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\security.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\program files\fast computer\libav\avcodec-52.dll
c:\program files\fast computer\libav\avcore-0.dll
c:\program files\fast computer\libav\avutil-50.dll
c:\program files\fast computer\libav\avformat-52.dll
c:\program files\fast computer\libav\swscale-0.dll
c:\windows\system32\mpr.dll

PID
2804
CMD
"C:\Program Files\Fast Computer\OptimAdmin.exe"
Path
C:\Program Files\Fast Computer\OptimAdmin.exe
Indicators
No indicators
Parent process
Optim.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
AMS Software
Description
Ускоритель Компьютера
Version
4.0.0.304
Modules
Image
c:\program files\fast computer\optimadmin.exe
c:\systemroot\system32\ntdll.dll

PID
2248
CMD
"C:\Program Files\Fast Computer\OptimAdmin.exe"
Path
C:\Program Files\Fast Computer\OptimAdmin.exe
Indicators
Parent process
Optim.exe
User
admin
Integrity Level
HIGH
Version:
Company
AMS Software
Description
Ускоритель Компьютера
Version
4.0.0.304
Modules
Image
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\security.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\program files\fast computer\libav\avcodec-52.dll
c:\program files\fast computer\libav\avcore-0.dll
c:\program files\fast computer\libav\avutil-50.dll
c:\program files\fast computer\libav\avformat-52.dll
c:\program files\fast computer\libav\swscale-0.dll
c:\windows\system32\imageres.dll
c:\program files\fast computer\optimadmin.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\opengl32.dll
c:\windows\system32\glu32.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\avifil32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\srclient.dll
c:\windows\system32\spp.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wbem\wbemdisp.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\program files\common files\java\java update\jusched.exe
c:\windows\system32\psapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\idndl.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll

PID
2296
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
OptimAdmin.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mssprxy.dll

PID
2792
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2296 CREDAT:79873
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msimtf.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\jscript.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll

Registry activity

Total events
1352
Read events
1045
Write events
305
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
4088
FastComputer.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Owner
F80F0000364422514B68D501
4088
FastComputer.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
SessionHash
971623AA99CF5764D55477501C845F9D8DA6AA1997B3FCBF4149599C6FA4AA53
4088
FastComputer.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Sequence
1
4088
FastComputer.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
RegFiles0000
C:\Program Files\Fast Computer\Optim.exe
4088
FastComputer.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
RegFilesHash
715B02926209F16335125DAF6E4C3781BF19B276EFF854749A30F3B33692219E
4088
FastComputer.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB9EE9A7-45C6-4F98-8463-2078E8BDC6E8}_is1
Inno Setup: Setup Version
5.5.2 (u)
4088
FastComputer.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB9EE9A7-45C6-4F98-8463-2078E8BDC6E8}_is1
Inno Setup: App Path
C:\Program Files\Fast Computer
4088
FastComputer.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB9EE9A7-45C6-4F98-8463-2078E8BDC6E8}_is1
InstallLocation
C:\Program Files\Fast Computer\
4088
FastComputer.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB9EE9A7-45C6-4F98-8463-2078E8BDC6E8}_is1
Inno Setup: Icon Group
Ускоритель Компьютера
4088
FastComputer.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB9EE9A7-45C6-4F98-8463-2078E8BDC6E8}_is1
Inno Setup: User
admin
4088
FastComputer.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB9EE9A7-45C6-4F98-8463-2078E8BDC6E8}_is1
Inno Setup: Selected Tasks
desktopicon,pintotaskbar,usetracking
4088
FastComputer.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB9EE9A7-45C6-4F98-8463-2078E8BDC6E8}_is1
Inno Setup: Deselected Tasks
4088
FastComputer.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB9EE9A7-45C6-4F98-8463-2078E8BDC6E8}_is1
Inno Setup: Language
russian
4088
FastComputer.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB9EE9A7-45C6-4F98-8463-2078E8BDC6E8}_is1
DisplayName
Ускоритель Компьютера 4.0
4088
FastComputer.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB9EE9A7-45C6-4F98-8463-2078E8BDC6E8}_is1
DisplayIcon
C:\Program Files\Fast Computer\Optim.exe
4088
FastComputer.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB9EE9A7-45C6-4F98-8463-2078E8BDC6E8}_is1
UninstallString
"C:\Program Files\Fast Computer\unins000.exe"
4088
FastComputer.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB9EE9A7-45C6-4F98-8463-2078E8BDC6E8}_is1
QuietUninstallString
"C:\Program Files\Fast Computer\unins000.exe" /SILENT
4088
FastComputer.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB9EE9A7-45C6-4F98-8463-2078E8BDC6E8}_is1
DisplayVersion
4.0
4088
FastComputer.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB9EE9A7-45C6-4F98-8463-2078E8BDC6E8}_is1
Publisher
AMS Software
4088
FastComputer.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB9EE9A7-45C6-4F98-8463-2078E8BDC6E8}_is1
URLInfoAbout
http://fast-computer.su/
4088
FastComputer.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB9EE9A7-45C6-4F98-8463-2078E8BDC6E8}_is1
HelpLink
http://fast-computer.su/support.php
4088
FastComputer.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB9EE9A7-45C6-4F98-8463-2078E8BDC6E8}_is1
URLUpdateInfo
http://fast-computer.su/download.php
4088
FastComputer.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB9EE9A7-45C6-4F98-8463-2078E8BDC6E8}_is1
NoModify
1
4088
FastComputer.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB9EE9A7-45C6-4F98-8463-2078E8BDC6E8}_is1
NoRepair
1
4088
FastComputer.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB9EE9A7-45C6-4F98-8463-2078E8BDC6E8}_is1
InstallDate
20190911
4088
FastComputer.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB9EE9A7-45C6-4F98-8463-2078E8BDC6E8}_is1
MajorVersion
4
4088
FastComputer.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB9EE9A7-45C6-4F98-8463-2078E8BDC6E8}_is1
MinorVersion
0
4088
FastComputer.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB9EE9A7-45C6-4F98-8463-2078E8BDC6E8}_is1
EstimatedSize
74730
4088
FastComputer.tmp
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
4088
FastComputer.tmp
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Fast Computer\OptimAdmin.exe
Ускоритель Компьютера
4088
FastComputer.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband
Favorites
007C01000014001F80C827341F105C1042AA032EE45287D6685200310000000000454B864A11005461736B426172003C0008000400EFBE454B864A454B864A2A000000603E00000000040000000000000000000000000000005400610073006B00420061007200000016001401320085050000454B864A2000494E5445524E7E312E4C4E4B0000A60008000400EFBE454B864A454B864A2A000000613E000000000400000000000000000056000000000049006E007400650072006E006500740020004500780070006C006F007200650072002E006C006E006B000000400043003A005C00570069006E0064006F00770073005C00530079007300740065006D00330032005C00690065003400750069006E00690074002E006500780065002C002D0037003300310000001C00520000001D00EFBE02004D006900630072006F0073006F00660074002E0049006E007400650072006E00650074004500780070006C006F007200650072002E00440065006600610075006C00740000001C000000007601000014001F80C827341F105C1042AA032EE45287D6685200310000000000454B864A11005461736B426172003C0008000400EFBE454B864A454B864A2A000000603E00000000040000000000000000000000000000005400610073006B00420061007200000016000E013200CC040000EE3AB624200057494E444F577E312E4C4E4B00007E0008000400EFBE454B864A454B864A2A000000673E0000000005000000000000000000540000000000570069006E0064006F007700730020004500780070006C006F007200650072002E006C006E006B00000040007300680065006C006C00330032002E0064006C006C002C002D003200320030003600370000001C00740000001D00EFBE02007B00460033003800420046003400300034002D0031004400340033002D0034003200460032002D0039003300300035002D003600370044004500300042003200380046004300320033007D005C006500780070006C006F007200650072002E0065007800650000001C000000007801000014001F80C827341F105C1042AA032EE45287D6685200310000000000454B864A11005461736B426172003C0008000400EFBE454B864A454B864A2A000000603E00000000040000000000000000000000000000005400610073006B004200610072000000160010013200EB050000743D33AD200057494E444F577E322E4C4E4B0000A80008000400EFBE454B864A454B864A2A0000006B3E00000000050000000000000000005C0000000000570069006E0064006F007700730020004D006500640069006100200050006C0061007900650072002E006C006E006B000000400043003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C0075006E007200650067006D00700032002E006500780065002C002D00340000001C004C0000001D00EFBE02004D006900630072006F0073006F00660074002E00570069006E0064006F00770073002E004D00650064006900610050006C0061007900650072003300320000001C00000000EE00000014001F80C827341F105C1042AA032EE45287D66852003100000000001C4D7D5911005461736B426172003C0008000400EFBE454B864A1C4D7D592A000000603E00000000040000000000000000000000000000005400610073006B0042006100720000001600860032007A0800001C4D59592000474F4F474C457E312E4C4E4B0000500008000400EFBE1C4D7D591C4D7D592A00000097C0000000000100000000000000000000000000000047006F006F0067006C00650020004300680072006F006D0065002E006C006E006B0000001C001A0000001D00EFBE02004300680072006F006D00650000001C000000005201000014001F80C827341F105C1042AA032EE45287D66852003100000000001C4DD15D11005461736B426172003C0008000400EFBE454B864A1C4DD15D2A000000603E00000000040000000000000000000000000000005400610073006B0042006100720000001600EA003200FB0600001C4DD05D20004F50455241317E312E4C4E4B0000540008000400EFBE1C4DD15D1C4DD15D2A000000E6C600000000010000000000000000000000000000004F007000650072006100310032002E0031003500200031003700340038002E006C006E006B0000001C007A0000001D00EFBE02007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C004F0070006500720061005C006F0070006500720061002E0065007800650000001C000000007601000014001F80C827341F105C1042AA032EE45287D66852003100000000002B4F091611005461736B426172003C0008000400EFBE454B864A2B4F09162A000000603E00000000040000000000000000000000000000005400610073006B00420061007200000016000E013200160400002B4F09162000424146327E312E4C4E4B0000600008000400EFBE2B4F09162B4F09162A0000006ECA0000000006000000000000000000000000000000230441043A043E0440043804420435043B044C0420001A043E043C043F044C044E0442043504400430042E006C006E006B0000001A00940000001D00EFBE02007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C004600610073007400200043006F006D00700075007400650072005C004F007000740069006D00410064006D0069006E002E0065007800650000001A000000FF
4088
FastComputer.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband
FavoritesChanges
10
4088
FastComputer.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband
FavoritesVersion
2
4088
FastComputer.tmp
delete key
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
3312
Optim.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib
vga.drv 1280x720x32(BGR 0)
31,31,31,31
3312
Optim.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3312
Optim.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\Fast\Test
Sweestreet
47F20C13E558E540
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewClean_chrome_formss
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewClean_chrome_passwords
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewClean_chrome_cookie
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewClean_chromium_formss
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewClean_chromium_passwords
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewClean_chromium_cookie
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewClean_firefox_forms
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewClean_firefox_passwords
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewClean_firefox_cookie
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewClean_ie_passwords
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewClean_ie_cookie
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewClean_opera_forms
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewClean_opera_passwords
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewClean_opera_cookie
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewClean_yandex_forms
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewClean_yandex_passwords
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewClean_yandex_cookie
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewCleanPlanner_chrome_formss
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewCleanPlanner_chrome_passwords
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewCleanPlanner_chrome_cookie
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewCleanPlanner_chromium_formss
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewCleanPlanner_chromium_passwords
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewCleanPlanner_chromium_cookie
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewCleanPlanner_firefox_forms
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewCleanPlanner_firefox_passwords
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewCleanPlanner_firefox_cookie
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewCleanPlanner_ie_passwords
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewCleanPlanner_ie_cookie
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewCleanPlanner_opera_forms
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewCleanPlanner_opera_passwords
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewCleanPlanner_opera_cookie
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewCleanPlanner_yandex_forms
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewCleanPlanner_yandex_passwords
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewCleanPlanner_yandex_cookie
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewClean_edge_passwords
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewClean_edge_cookie
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewClean_edge_forms
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewCleanPlanner_edge_passwords
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewCleanPlanner_edge_cookie
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewCleanPlanner_edge_forms
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewClean_download_folder
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewCleanPlanner_download_folder
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewClean_cleanall_download_folder
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
TreeViewCleanPlanner_cleanall_download_folder
0
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
AmsNewsRuns
2
2248
OptimAdmin.exe
write
HKEY_CURRENT_USER\Software\AMS Software\AmsOptim
CheckUpdates
4C5BFA13E558E540
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive
{A2A05C33-D43E-11E9-B86F-5254004A04AF}
0
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
2
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307090003000B00020030001E007302
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
2
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307090003000B00020030001E007302
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
FA90FB664B68D501
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2296
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307090003000B00020030001E00FF02
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
8
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307090003000B00020030001E000F03
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
47
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307090003000B00020030001E006D03
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
28
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000093000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2792
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
1
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307090003000B00020030001F007C03
2792
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118
Blob
0400000001000000100000002C8F9F661D1890B147269D8E86828CA90F00000001000000140000001E427A3639CCE4C27E94B1777964CA289A722CAD09000000010000003E000000303C06082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030306082B0601050507030806082B06010505070309620000000100000020000000D8E0FEBC1DB2E38D00940F37D27D41344D993E734B99D5656D9778D4D81436241400000001000000140000006DAA9B0987C4D0D422ED4007374D19F191FFDED31D000000010000001000000096F98B6E79A74810CE7D398A82F977780B000000010000000E000000430065007200740075006D0000000300000001000000140000006252DC40F71143A22FDE9EF7348E064251B181181900000001000000100000000B6CD9778E41AD67FD6BE0A6903710442000000001000000100300003082030C308201F4A0030201020203010020300D06092A864886F70D0101050500303E310B300906035504061302504C311B3019060355040A1312556E697A65746F2053702E207A206F2E6F2E311230100603550403130943657274756D204341301E170D3032303631313130343633395A170D3237303631313130343633395A303E310B300906035504061302504C311B3019060355040A1312556E697A65746F2053702E207A206F2E6F2E311230100603550403130943657274756D20434130820122300D06092A864886F70D01010105000382010F003082010A0282010100CEB1C12ED34F7CCD25CE183E4FC48C6F806A73C85B51F89BD2DCBB005CB1A0FC7503EE81F088EE2352E9E615338DAC2D09C576F92B398089E4974B90A5A878F873437BA461B0D858CCE16C667E9CF3095E556384D5A8EFF3B12E3068B3C43CD8AC6E8D995A904E34DC369A8F818850B76D964209F3D795830D414BB06A6BF8FC0F7E629F67C4ED265F10260F084FF0A45728CE8FB8ED45F66EEE255DAA6E39BEE4932FD947A072EBFAA65BAFCA533FE20EC69656116EF7E966A926D87F9553ED0A8588BA4F29A5428C5EB6FC852000AA680BA11A85019CC446638288B622B1EEFEAA46597ECF352CD5B6DA5DF748331454B6EBD96FCECD88D6AB1BDA963B1D590203010001A3133011300F0603551D130101FF040530030101FF300D06092A864886F70D01010505000382010100B88DCEEFE714BACFEEB044926CB4393EA2846EADB82177D2D4778287E6204181EEE2F811B763D11737BE1976241C041A4CEB3DAA676F2DD4CDFE653170C51BA6020ABA607B6D58C29A49FE63320B6BE33AC0ACAB3BB0E8D309518C1083C634E0C52BE01AB66014276C32778CBCB27298CFCDCC3FB9C8244214D657FCE62643A91DE58090CE0354283EF73FD3F84DED6A0A3A93139B3B142313639C3FD1872779E54C51E301AD855D1A3BB1D57310A4D3F2BC6E64F55A5690A8C70E4C740F2E713BF7C847F4696F15F2115E831E9C7C52AEFD02DA12A8596718DBBC70DD9BB169ED80CE8940486A0E35CA29661521942CE8602A9B854A40F36B8A24EC06162C73
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
2
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307090003000B000200300020000502
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Internet Explorer\DOMStore
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore
CachePrefix
DOMStore
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore
CacheLimit
1000
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore
CacheOptions
8
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore
CacheRepair
0
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
28
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\fast-computer.su
28
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
3
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307090003000B00020030002000E002
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
56
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\fast-computer.su
56
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
75
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\fast-computer.su
75
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
654
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\fast-computer.su
654
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
686
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\fast-computer.su
686
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
122
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\fast-computer.su
122
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019091120190912
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019091120190912
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019091120190912
CachePrefix
:2019091120190912:
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019091120190912
CacheLimit
8192
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019091120190912
CacheOptions
11
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019091120190912
CacheRepair
0
2792
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019032320190324
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
689
2792
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\fast-computer.su
689

Files activity

Executable files
17
Suspicious files
1
Text files
56
Unknown types
31

Dropped files

PID
Process
Filename
Type
3280
FastComputer.exe
C:\Users\admin\AppData\Local\Temp\is-B47E6.tmp\FastComputer.tmp
executable
MD5: f120c361b527a9d090782300aa8f1ce5
SHA256: 9209a83ac4b0127081327b6e03960e2a4325dbb31f0bba2b56dfb785583f9825
4088
FastComputer.tmp
C:\Program Files\Fast Computer\UnistallTracking.exe
executable
MD5: 28c5853346c80e73e20e5253db041584
SHA256: 866bc19d861bae6d3ad26662d42fc890929d8e5141c8811e95e5c06f87c32e34
4088
FastComputer.tmp
C:\Program Files\Fast Computer\OptimAdmin.exe
executable
MD5: fe34553e9d5b12dd06e3a3dbfe8d2fb2
SHA256: 29d6314f2b00a9702f109a277077fafda3945cfaeeb1399e87764021f59b7c46
4088
FastComputer.tmp
C:\Program Files\Fast Computer\ArnMngr.exe
executable
MD5: 354f5435e25566a78099a9646d8f2a5e
SHA256: bdb4fea634e82b34d0a6c1dd0711dd8ceb5134bc21679a52ebdf8d55357e970e
4088
FastComputer.tmp
C:\Program Files\Fast Computer\LibAV\avcodec-52.dll
executable
MD5: 56f4a5f65c0801363b6f13355e59236d
SHA256: 6a3354642a9fd04c98b0146429db2a38cfe56824f725f38f1592f3c76ed6b8ce
4088
FastComputer.tmp
C:\Program Files\Fast Computer\LibAV\SDL.dll
executable
MD5: fd7e7a20a9cb5cca5dbb81ea3d207de1
SHA256: 15537c9176d7e6d5c28c607c4b147c8c2a7c45102b1b8e836b38d2f9449fc8ce
4088
FastComputer.tmp
C:\Program Files\Fast Computer\unins000.exe
executable
MD5: 46d5a7848a6c1861f439f9e8a6a6231a
SHA256: 06d887f31608045e591eb5c0279c97546cc319f883f599fdd4425fc21ea4f9ba
4088
FastComputer.tmp
C:\Program Files\Fast Computer\LibAV\swscale-0.dll
executable
MD5: 703dd08e38be795cd8ae3dc908998add
SHA256: de043f6a8a53264affc2472c527c123db41cf21160ab73da8e0c5450b7f5070b
4088
FastComputer.tmp
C:\Users\admin\AppData\Local\Temp\is-CO7JP.tmp\_isetup\_shfoldr.dll
executable
MD5: 92dc6ef532fbb4a5c3201469a5b5eb63
SHA256: 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
4088
FastComputer.tmp
C:\Program Files\Fast Computer\UninstallUtils.dll
executable
MD5: ebf0ce409a2f90a8b35ba2ebb6746841
SHA256: 9d04e4411e36f7a0180ba2143bb172dd4dbc9085970a0a9c2a8a20a12f1e5746
4088
FastComputer.tmp
C:\Program Files\Fast Computer\LibAV\avutil-50.dll
executable
MD5: abf5f87f9419b2c5d7ee9e5b73f72a7a
SHA256: a612faa207466db4a33868c4c2ef94fb34b700b3c1e8eb94756504ecaadd5a6e
3700
FastComputer.exe
C:\Users\admin\AppData\Local\Temp\is-8ISAB.tmp\FastComputer.tmp
executable
MD5: f120c361b527a9d090782300aa8f1ce5
SHA256: 9209a83ac4b0127081327b6e03960e2a4325dbb31f0bba2b56dfb785583f9825
4088
FastComputer.tmp
C:\Program Files\Fast Computer\LibAV\avcore-0.dll
executable
MD5: 843be18112be148f9817b9f8a7050a10
SHA256: 8ecddb3a72ce3842c237f7cf26d2faa152c31cc3cdd02c79ddff2ff2b0f7c977
4088
FastComputer.tmp
C:\Program Files\Fast Computer\LibAV\avdevice-52.dll
executable
MD5: 7d9c927dd8e1a90cccfc76afaf0f4084
SHA256: 730f3c1106aaac11b3d6acd7a9fb8f138fe5b01fcd62ba347756164251fbb2b4
4088
FastComputer.tmp
C:\Program Files\Fast Computer\LibAV\avfilter-1.dll
executable
MD5: 3c1bce4d0aa5bcd8fe9217079c360b4c
SHA256: 8a6a1bee64b29985398784c8897c6271d5378b3f89f38fe7f728e509bbce6b5e
4088
FastComputer.tmp
C:\Program Files\Fast Computer\LibAV\avformat-52.dll
executable
MD5: cbf8f85d3cbda2e8865499ab0a2bfc78
SHA256: 3de5af5e9d27442395d6495876f5ae4a2a7d37499d731b00a3160a23fa6fa787
4088
FastComputer.tmp
C:\Program Files\Fast Computer\Optim.exe
executable
MD5: 6153d5d70cb2bb8a990c47d3451eb299
SHA256: 3e981b5778adeeac49e115f6b7d60cb41ac21e91ca3c5880943c7d217e3aa55a
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\vCC1KdIDCrQ[1].txt
––
MD5:  ––
SHA256:  ––
2792
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: baa366eb6232fdaf880c3a5c4cef0be7
SHA256: 30db0f30b92c65a8f1f4347ef627dffa0c156c81835e151da52cbc0ae21cd56c
2792
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
dat
MD5: f01d9cf5954339b9015f2ca3c6413626
SHA256: ba28adb95ce7cf5014cd47108d3e7285cffc8a8e3da090e9315853a2f085f56f
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\watch[1].js
text
MD5: 25c032912e7a6f0f869fe2c43ad645d1
SHA256: e757cc78456ed5400a2ab49d9d5142e27a9b8f340b1473af2076b9cbff7020bd
2792
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: d2e3c5c1029515b7c3b1f1a1168d0150
SHA256: 0f962a78427feab41c50e7264d859dee9b498d1a41a80b1485fb55aba381ec76
2792
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\analytics[1].js
text
MD5: b66b3b5d54e154c81a50880cdcd7e5f8
SHA256: dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\support-icon[1].png
image
MD5: 5af78266d5092dbebc92c34804e36975
SHA256: e2cc749de108045929ed41f5347310947ff6325964b0f09ea12e4b17f610f2de
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\footer-clouds[1].jpg
image
MD5: ec40ba37afa57310e242daf6f0ce66e0
SHA256: 72e6147101c94f3d066cde1363280f6db5fceebbffde6aa22b276d5bc2619f04
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\logo[1].png
image
MD5: 160a940a5d457d1a62c1140460f9ec6b
SHA256: 1fad55ffbbb0c70b2fb063347d1ee798dd5e776b302ebf062ffa17c7d4b80766
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\menu-lines[1].png
image
MD5: b2cdf7714914820dd9bd6f7a74cf9d33
SHA256: 3883e17c002d5f1812ee2ed5f60907eab3c535fe26bad1c38f663529d6b9158e
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\jquery.min[1].js
html
MD5: b11ced65f32fedbe9bf81ef9db0f3c94
SHA256: 0fb170f24675c84f8228ad6b61d69bf6705030949cc2fec316b3a006eab282f8
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\js[1]
text
MD5: c0c3704ccb1ff04d534baf2e3ce689a0
SHA256: 45e9386c7dbd4f5f7100d99874f817820a76f682aaed94393bb9d40080b1c0da
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\jquery.placeholder.min[1].js
text
MD5: fee1ee6e9b0f1c8f303f8675f3647d92
SHA256: c748b58773a5bb108cbd0bd50a28a694e541583db8c9873ea077561e62b373b2
2792
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
dat
MD5: 0a90071d1533e1c308ad2de87a3ae2b2
SHA256: 8884df33f66936b2ebb8ccc63b822042b4c2ecc21aad133d7d95d077c2021072
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\main[1].js
text
MD5: 779564aac00f28348ac01bd7fe54eaec
SHA256: e0033e17af823e419619bfbd82959aa12ddae70e1cd9588137424e573e1c70a3
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\mootools-core-1.4.5[1].js
text
MD5: 831bf9233ed2588e364595040b33c49d
SHA256: ff097a23d6444aa4a821ad31594d5613233715512bb70a844af0209d6f1eabca
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\ie[1].css
text
MD5: e69a354b52f13cf5b912f3e05631c9e5
SHA256: a9c3534ef4f76185480de9ba94af1135f7f97526153ca834200d9d838cd2309d
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\ie[1].js
text
MD5: 9aa712dfc42a70dd272e7b90eb5b815e
SHA256: b27c46139ef3b984b6c7c5e177a6be46abb131acd95ad5a86a94471494df0d8e
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\pfdindisplaypro-thinital-webfont[1].eot
eot
MD5: 5dfae071a94c9f6a6a6c1edc123132dd
SHA256: 362f27fa3d3ad7a503a8dd3959e02906c78f811a4f251b4a107fb91cab32d63f
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\pfdindisplaypro-xthinit-webfont[1].eot
pgc
MD5: ca0654b0131c963dca97995fc68a996f
SHA256: 44034158a9fcefefe3eac428c27dd1fa46d62460e8d2a95eeb84aa22fea3ccbb
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\pfdindisplaypro-xthin-webfont[1].eot
eot
MD5: 8e7872ea464785e97c9cb138f9bda92c
SHA256: 4dd6e5ab184180cdbbe0aaed58c01d13d5325385e594a6cd2c46b21d0d526900
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\pfdindisplaypro-thin-webfont[1].eot
eot
MD5: 39edc62d3d21512288cd365807dfb30a
SHA256: d9809ebd065f60389e8bf8ab2815b7f3eb3cf212493fd6c0aa64cd4f4b85f34d
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\pfdindisplaypro-reg-webfont[1].eot
eot
MD5: b8be3a3f330c2a58db63dda9f3a3fa08
SHA256: e19c36b3ccb60ce56a62f541ec1210fd9b758beec3ffd660108ad565b174a149
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\pfdindisplaypro-medital-webfont[1].eot
eot
MD5: 7329ee4720c5a1e3bcea24f3c08429d1
SHA256: ef1f1b3842614383bc8286217667ac8dfef09c9171589f6335e8a81355286567
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\pfdindisplaypro-lightital-webfont[1].eot
eot
MD5: 757da08b75b30903508081a0a32a992d
SHA256: a383a548dc41a8baf611e37b9b94dce747402a9e8381f86c7a63647167285edd
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\pfdindisplaypro-med-webfont[1].eot
gpg
MD5: ebbca66d6c2f27279add97322e67184c
SHA256: 5d5ddd6c6ee814846ede1254d286ba57989dcc1e7b09070c72473fe760ca8a6d
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\pfdindisplaypro-light-webfont[1].eot
eot
MD5: a2605c55641ec90ee919124d90589bdc
SHA256: 00e55eddb9a1fcffb0a2048bd9e650cbb438a3e904d53bd688865a7c6192140c
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\pfdindisplaypro-boldital-webfont[1].eot
eot
MD5: a86fcb1b61187acfd52b3ecc9d109f1b
SHA256: 8596d9cff861968f0d2be9364fb0b0c7707b2b206f8a8091370dbf164991f1d1
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\pfdindisplaypro-italic-webfont[1].eot
eot
MD5: c5c72d2fb51ccbb050e5d76556c80dc7
SHA256: f7806fe60e1c93f176cff10ca6e7076a8ec6afd49927fc2f7b1b90b7a5579a51
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\pfdindisplaypro-bold-webfont[1].eot
vc
MD5: 7163ff8585fa44ba1780966e960456b7
SHA256: fc208425bb4029365663637006787ab13ce2676c9d76718ada44defb3f6607fa
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\Lobster-webfont[1].eot
eot
MD5: eca4933d2c5e429fd2dbd61afa65ec8b
SHA256: 2f370e2af0f2b5f2adfd008f4620928e6f3c3b396dd1f38d6044814fce4e4d72
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\pfdindisplaypro-black-webfont[1].eot
ini
MD5: 25c8da2bfd872d994f26acb067439f46
SHA256: 1376315666d7d107a8a2fa719927a9d4c995c4ad9051bccf89a57edfc8964cd5
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\pfdindisplaypro-blackit-webfont[1].eot
ini
MD5: d7f8020dfb914035e6288738db672e20
SHA256: f46ae6c7b5207c6f29fdf938a3ed1eb9fa6d06624e0403a1b60b619188ca0f43
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\reset[1].css
text
MD5: 5cf6e69a3babeea1d35bb56cd698bb80
SHA256: 36aec8b8dc18a1cc123e3b497261d2ad3c42351eb8265ebe57e875ad137fb28c
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\stylesheet[1].css
text
MD5: 71f3183d2e6ab99fd21ec1e1a41f501b
SHA256: a5d9fa4e6e7465b4405864bcb27f49711d9d6b6b2926155d47320dae634a1f5b
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\media[1].css
text
MD5: f2139f25c45add5097ce0127c99aa750
SHA256: de2f3443a7ed8bdcffb49b4db7f6f060aef3e2bbadea6ffaa9a0d58ee76c2ed9
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\hamburgers.min[1].css
text
MD5: f8073e0422b1331e58c21393078b8883
SHA256: d3c98e0a972b43ebb00e0f1ba19ac28a91678c8e5be168606568b840ba80dc2d
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\styles[1].css
text
MD5: e330aeb55b6c07967ecdeffc48e2e267
SHA256: 6b47eb87f2bb756c4cf645b0a4ee4b6ae5cd217a3ebbd21b6966073005625ebc
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\welcome[1].htm
html
MD5: c4ed2c844c4a62187fcc4c06284c9b81
SHA256: ec1c8bd3bd8a86eb9c390f45efad5a502fdc7d8a3120721ed9b2b0ea0f53987f
2296
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\welcome[1].php
––
MD5:  ––
SHA256:  ––
2296
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2296
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2248
OptimAdmin.exe
C:\Users\admin\AppData\Roaming\Other\Dayly\Emotion.sor
bs
MD5: d5052047c62223826b05f86e3fa2a5b8
SHA256: 1761443d225183df5419a734090d20e19b082ea9a3b101736479c66a05277c59
3312
Optim.exe
C:\Users\admin\AppData\Roaming\AMS Software\AmsOptim\RegList\RegList.dat
text
MD5: f3b25701fe362ec84616a93a45ce9998
SHA256: b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
3312
Optim.exe
C:\Users\admin\AppData\Roaming\AMS Software\AmsOptim\ListOfDelayedStart.dat
binary
MD5: b6fe0274a21f73e9e7cbb49d4a314bad
SHA256: bd1d642a2df6d5824013a6ac954bfd360e3cbc5992337cbb07396dc6ad42d55c
4088
FastComputer.tmp
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Ускоритель Компьютера.lnk
lnk
MD5: 411e6a85b921e98ccb2e6b56baea11f5
SHA256: c82438e3f6defdcb284b7b39bb92c004110979e8aabd30fd6e30134a1c349bbf
4088
FastComputer.tmp
C:\Program Files\Fast Computer\unins000.dat
dat
MD5: 2a505cf3297ddad16f2db07491413688
SHA256: 31104faeacb04c80e586c7c10b474ee102fee4171c4846a254bf06ff803b8e1a
4088
FastComputer.tmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ускоритель Компьютера\Удалить программу.lnk
lnk
MD5: bb0a59e1cebec389724d5c8735acb6fb
SHA256: 9701b6806e49ba11aaba9d5b4198613166d795f31d5b5307cdb1a57c88f18220
4088
FastComputer.tmp
C:\Users\Public\Desktop\Ускоритель Компьютера.lnk
lnk
MD5: 753d746fbc6f6d7aad98cebaaf8da67f
SHA256: de139480138adc74584328726be31403f8f90f45c1f2a521eed33e1b176c03ac
4088
FastComputer.tmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ускоритель Компьютера\Он-лайн учебник.url
text
MD5: a74159a2fcc6269ef855cc3cf132c597
SHA256: 78a4c2ef410a165303aa352295dc289d79a9fe140f4ff96ac39cec7d962bc59a
4088
FastComputer.tmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ускоритель Компьютера\Купить полную версию.url
text
MD5: 7b8bf1a0ed8fa3a7f8567cac65284742
SHA256: d4275a55a93088eba83512fefbb0211ef72eb56e7720567db96880e1a16964f3
4088
FastComputer.tmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ускоритель Компьютера\Ускоритель Компьютера.lnk
lnk
MD5: 13f58c26b5e4dc05bd078befd5a30704
SHA256: 0a6338db68dacde789d7ef6dbfd5627f148911bd228182852a4a7c32e5e2929e
4088
FastComputer.tmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ускоритель Компьютера\Сайт программы.url
text
MD5: 12538ee0e317149fd9a74e2de8888023
SHA256: 02991b8b90cf6b810d791578782fcc67a70365b443fc0d9a9b95e58ee9723d8c
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\29E1BUCK\fast-computer[1].xml
text
MD5: c0078e113581042fed651a5afc0f66ba
SHA256: 93b1bc55eba1af0ae74dd20db09dcd9799adc7d464716badbd18ddab568f9245
4088
FastComputer.tmp
C:\Program Files\Fast Computer\is-VORJS.tmp
––
MD5:  ––
SHA256:  ––
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
image
MD5: e05ccd4ced1f00fc0980b7770aacce7e
SHA256: 336a99222223e3715463b82afc9176510f59649430ee0f18ada6bc5d4101c61e
4088
FastComputer.tmp
C:\Program Files\Fast Computer\LibAV\is-EI5KO.tmp
––
MD5:  ––
SHA256:  ––
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019091120190912\index.dat
dat
MD5: 82ca077f498a926a47c1df90c8d93ffa
SHA256: 0e8246d0030c0de4f3b4c5868a51eeea285e3fff4774424cbafe47ebd1e55188
4088
FastComputer.tmp
C:\Program Files\Fast Computer\LibAV\is-3Q905.tmp
––
MD5:  ––
SHA256:  ––
2792
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
4088
FastComputer.tmp
C:\Program Files\Fast Computer\LibAV\is-V78B3.tmp
––
MD5:  ––
SHA256:  ––
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\KFOmCnqEu92Fr1Mu4mxO[1].eot
eot
MD5: 68889c246da2739681c1065d15a1ab0b
SHA256: 830d75bbf0e1f9289d787422f767b23f9d63fd79dbe75c091a119b6b7155d198
4088
FastComputer.tmp
C:\Program Files\Fast Computer\LibAV\is-KN7K4.tmp
––
MD5:  ––
SHA256:  ––
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\base[1].js
text
MD5: 6ec28204e000a7b0ca22cb74e3347b0f
SHA256: 1951c939120dc9931f908fa56ef4849e27c33740621380940a338bd331cc9468
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\KFOjCnqEu92Fr1Mu51S7ACc6CsA[1].eot
eot
MD5: 3d24765047e383a80652f464d8d8dc34
SHA256: 54412faeb9ed658523d5bac0fdc02a6d59285621062fc5f4fdbecacca2c7dfc4
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\www-player-vfl0mhWG0[1].css
text
MD5: d268561b48a2ce876426eb65e967ea81
SHA256: 39e831f7d1256d2c5ebeefa5b10518095278c4ea33db00446ee8b0b7ae5e134f
4088
FastComputer.tmp
C:\Program Files\Fast Computer\LibAV\is-1KII6.tmp
––
MD5:  ––
SHA256:  ––
4088
FastComputer.tmp
C:\Program Files\Fast Computer\LibAV\is-S6GBI.tmp
––
MD5:  ––
SHA256:  ––
4088
FastComputer.tmp
C:\Program Files\Fast Computer\LibAV\is-OG4NE.tmp
––
MD5:  ––
SHA256:  ––
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\KFOkCnqEu92Fr1Mu51xIIzY[1].eot
eot
MD5: f5c365f29f0193e60cf4927c7ce5b5b5
SHA256: 3e700198012f9480be89bd91e804640bcd3c3e9d9e7be7539393d6ba1b8363d6
4088
FastComputer.tmp
C:\Program Files\Fast Computer\LibAV\is-8CG41.tmp
––
MD5:  ––
SHA256:  ––
4088
FastComputer.tmp
C:\Program Files\Fast Computer\Data\Fonts\pfdindisplaypro-thin.ttf
ttf
MD5: 85fee628ceb4ec80e48e81a02c66546a
SHA256: 01eb817af80022b9efe8bf3c71c6f9c25b8fa63d2939888391c843fb94fcb25e
4088
FastComputer.tmp
C:\Program Files\Fast Computer\Data\Fonts\is-93CLV.tmp
––
MD5:  ––
SHA256:  ––
4088
FastComputer.tmp
C:\Program Files\Fast Computer\Data\Fonts\pfdindisplaypro-reg.ttf
ttf
MD5: e40799be496c5c4018529b366ce506b0
SHA256: ec05511e0d7963ef1981925a2b38dd8ada74b8e5ad351a3cb2317a6b97895c25
4088
FastComputer.tmp
C:\Program Files\Fast Computer\Data\Fonts\pfdindisplaypro-bold.ttf
ttf
MD5: b02b278624f946d313699ee7e6c127d7
SHA256: 1922d796216ddd83aad23e043ded03336d00d2fd2987a700c0aacb9278db6527
4088
FastComputer.tmp
C:\Program Files\Fast Computer\Data\Fonts\is-QRB00.tmp
––
MD5:  ––
SHA256:  ––
4088
FastComputer.tmp
C:\Program Files\Fast Computer\Data\Fonts\is-LEDVF.tmp
––
MD5:  ––
SHA256:  ––
4088
FastComputer.tmp
C:\Program Files\Fast Computer\Data\Fonts\OpenSans-Light.ttf
ttf
MD5: 1bf71be111189e76987a4bb9b3115cb7
SHA256: cf5f5184c1441a1660aa52526328e9d5c2793e77b6d8d3a3ad654bdb07ab8424
4088
FastComputer.tmp
C:\Program Files\Fast Computer\Data\Fonts\OpenSans.ttf
ttf
MD5: 629a55a7e793da068dc580d184cc0e31
SHA256: e64e508b2aa2880f907e470c4550980ec4c0694d103a43f36150ac3f93189bee
4088
FastComputer.tmp
C:\Program Files\Fast Computer\Data\Fonts\is-KO77Q.tmp
––
MD5:  ––
SHA256:  ––
4088
FastComputer.tmp
C:\Program Files\Fast Computer\Data\Fonts\is-D897A.tmp
––
MD5:  ––
SHA256:  ––
4088
FastComputer.tmp
C:\Program Files\Fast Computer\Data\Animation\SysInfo.gif
image
MD5: 9bac12eae123cd8a6a39d770c4922db8
SHA256: 692b16da13fca3650e759e97f7d8f84d64d96f7bda6c2357e3a107e3f2640474
4088
FastComputer.tmp
C:\Program Files\Fast Computer\Data\Animation\is-5PB82.tmp
––
MD5:  ––
SHA256:  ––
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\KFOlCnqEu92Fr1MmEU9fBBc8[1].eot
eot
MD5: 03bb29d6722bf52f7fe88a6ed47d9e6e
SHA256: daa5d6292a35a6dc7e075436d0567dbe02515d5e886731fa5ca230e3d8fe26dd
4088
FastComputer.tmp
C:\Program Files\Fast Computer\is-E1FG2.tmp
––
MD5:  ––
SHA256:  ––
2792
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
text
MD5: 6463c95cb41757ffd5421453aed0beac
SHA256: 163b6b76c7fc3c91c749bde8c84f02e14d96c117197fe5208ded35d25458b5d7
4088
FastComputer.tmp
C:\Program Files\Fast Computer\License.txt
text
MD5: 69a6003d8e152d06b4c8842be10edafc
SHA256: 8ccf459d335797419e3a28f09dc9e5432deb45399c58f471f3de37c1e5318618
4088
FastComputer.tmp
C:\Program Files\Fast Computer\is-U4E7N.tmp
––
MD5:  ––
SHA256:  ––
4088
FastComputer.tmp
C:\Program Files\Fast Computer\is-ENQ1G.tmp
––
MD5:  ––
SHA256:  ––
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\advert[1].gif
image
MD5: df3e567d6f16d040326c7a0ea29a4f41
SHA256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
4088
FastComputer.tmp
C:\Program Files\Fast Computer\is-S911T.tmp
––
MD5:  ––
SHA256:  ––
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\29E1BUCK\fast-computer[1].xml
text
MD5: f23273e89c2bfddb9245a1fb6b237f11
SHA256: 96e5bb6067d4da68cd67314bab29ec33d6ba8025de3706b0ba187630aba8bce4
4088
FastComputer.tmp
C:\Program Files\Fast Computer\is-F4OQL.tmp
––
MD5:  ––
SHA256:  ––
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\www-embed-player[1].js
text
MD5: da47a3b3d02bb3b6a1dcb45ca4270d36
SHA256: 1d400ac6ced0030c53d668ad18d13775952bf3224a46cc201dbf866f0c7e8c45
4088
FastComputer.tmp
C:\Program Files\Fast Computer\is-C7NG1.tmp
––
MD5:  ––
SHA256:  ––
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\29E1BUCK\fast-computer[1].xml
text
MD5: 16f6d0209ea9a7a4ff5aae5de5b6ed9c
SHA256: f1e9add68b1a0f5d81085ac2f5a33af51c56287771f051110b6b0dbdb06b4581
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\vCC1KdIDCrQ[1].htm
html
MD5: c85dfff3606954af3903301be87a5ee2
SHA256: d7b589974037d7de4d7c6a35856bb40ef4b443ceb4c8c7219de4e22907bb0874
2792
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\29E1BUCK\fast-computer[1].xml
text
MD5: 610955407373cae1fee9d6ebd19eb8b6
SHA256: 001b4d09240a232a1a1f24901d86dea2d0deccd6a13cc9eb7a2bd90185a9a3da

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
38
TCP/UDP connections
22
DNS requests
9
Threats
38

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2248 OptimAdmin.exe GET 200 78.46.100.10:80 http://fast-computer.su/updates.txt DE
text
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/welcome.php DE
html
suspicious
2296 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/css/styles.css DE
text
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/css/hamburgers.min.css DE
text
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/css/media.css DE
text
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/css/reset.css DE
text
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/css/font/stylesheet.css DE
text
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/css/font/pfdindisplaypro-black-webfont.eot? DE
ini
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/css/font/pfdindisplaypro-blackit-webfont.eot? DE
ini
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/css/font/Lobster-webfont.eot? DE
eot
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/css/font/pfdindisplaypro-bold-webfont.eot? DE
vc
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/css/font/pfdindisplaypro-boldital-webfont.eot? DE
eot
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/css/font/pfdindisplaypro-italic-webfont.eot? DE
eot
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/css/font/pfdindisplaypro-light-webfont.eot? DE
eot
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/css/font/pfdindisplaypro-lightital-webfont.eot? DE
eot
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/css/font/pfdindisplaypro-med-webfont.eot? DE
gpg
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/css/font/pfdindisplaypro-medital-webfont.eot? DE
eot
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/css/font/pfdindisplaypro-reg-webfont.eot? DE
eot
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/css/font/pfdindisplaypro-thin-webfont.eot? DE
eot
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/css/font/pfdindisplaypro-thinital-webfont.eot? DE
eot
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/css/font/pfdindisplaypro-xthin-webfont.eot? DE
eot
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/css/font/pfdindisplaypro-xthinit-webfont.eot? DE
pgc
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/js/mootools-core-1.4.5.js DE
text
suspicious
2792 iexplore.exe GET 404 78.46.100.10:80 http://fast-computer.su/js/selectivizr-min.js DE
html
suspicious
2792 iexplore.exe GET 404 78.46.100.10:80 http://fast-computer.su/js/jquery.textshadow.js DE
html
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/js/ie.js DE
text
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/css/ie.css DE
text
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/js/jquery.min.js DE
html
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/js/jquery.placeholder.min.js DE
text
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/js/main.js DE
text
suspicious
2792 iexplore.exe GET 404 78.46.100.10:80 http://fast-computer.su/js/scripts.js DE
html
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/img/logo.png DE
image
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/img/menu-lines.png DE
image
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/img/footer-clouds.jpg DE
image
suspicious
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/img/support-icon.png DE
image
suspicious
2792 iexplore.exe GET 301 77.88.21.119:80 http://mc.yandex.ru/metrika/watch.js RU
html
whitelisted
2792 iexplore.exe GET 200 78.46.100.10:80 http://fast-computer.su/favicon.ico DE
image
suspicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2248 OptimAdmin.exe 78.46.100.10:80 Hetzner Online GmbH DE suspicious
2792 iexplore.exe 78.46.100.10:80 Hetzner Online GmbH DE suspicious
2296 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
2792 iexplore.exe 172.217.16.200:443 Google Inc. US whitelisted
2792 iexplore.exe 77.88.21.119:80 YANDEX LLC RU whitelisted
2792 iexplore.exe 172.217.18.14:443 Google Inc. US whitelisted
2792 iexplore.exe 216.58.207.78:443 Google Inc. US whitelisted
2792 iexplore.exe 77.88.21.119:443 YANDEX LLC RU whitelisted
2792 iexplore.exe 172.217.22.110:443 Google Inc. US whitelisted
2792 iexplore.exe 172.217.16.131:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
fast-computer.su 78.46.100.10
suspicious
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
www.googletagmanager.com 172.217.16.200
whitelisted
www.youtube.com 172.217.18.14
172.217.18.174
172.217.23.142
216.58.206.14
216.58.207.46
216.58.207.78
172.217.16.174
216.58.208.46
172.217.16.142
172.217.22.46
172.217.22.78
216.58.210.14
172.217.18.110
172.217.23.174
172.217.21.206
216.58.205.238
whitelisted
mc.yandex.ru 77.88.21.119
93.158.134.119
87.250.251.119
87.250.250.119
whitelisted
www.google-analytics.com 216.58.207.78
whitelisted
fonts.gstatic.com 172.217.16.131
whitelisted
s.ytimg.com 172.217.22.110
whitelisted

Threats

PID Process Class Message
–– –– Potentially Bad Traffic ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2248 OptimAdmin.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
–– –– Potentially Bad Traffic ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2792 iexplore.exe Potentially Bad Traffic ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

Debug output strings

No debug info.