General Info

File name

Tftpd32.shtml

Full analysis
https://app.any.run/tasks/6af75bb0-5c92-4c68-8438-5336630b04c5
Verdict
Malicious activity
Analysis date
10/9/2019, 16:37:04
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
text/html
File info:
HTML document, ASCII text, with very long lines
MD5

8a07640e4c7f072c1e5d753bab933edd

SHA1

0c6b5b4a1f0443ab23309007d070bc1c3ee00cb5

SHA256

6c005b91d62ae783c3e0fdbbd59d07ddb736c2697481a9f60899c4461b5488be

SSDEEP

768:wcpfkjdeUhSbXnXwPsjFQp2bIbaOPPiIBGL/Q7QOLY9icU4LJY2AbOFOwAWIzzRo:zdTrXwdiIBGL4kOLY9ipmJY2Ab7hWIZo

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • Tftpd64-4.64-setup.exe (PID: 4012)
  • Tftpd64-4.64-setup.exe (PID: 3620)
Creates files in the program directory
  • Tftpd64-4.64-setup.exe (PID: 4012)
Executable content was dropped or overwritten
  • Tftpd64-4.64-setup.exe (PID: 4012)
  • iexplore.exe (PID: 1388)
  • iexplore.exe (PID: 2836)
Creates a software uninstall entry
  • Tftpd64-4.64-setup.exe (PID: 4012)
Executed via COM
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2740)
Manual execution by user
  • explorer.exe (PID: 3212)
  • Tftpd64-4.64-setup.exe (PID: 4012)
  • Tftpd64-4.64-setup.exe (PID: 3620)
Dropped object may contain Bitcoin addresses
  • Tftpd64-4.64-setup.exe (PID: 4012)
Creates files in the user directory
  • iexplore.exe (PID: 2836)
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2740)
  • iexplore.exe (PID: 1388)
Reads settings of System Certificates
  • iexplore.exe (PID: 2836)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3260)
  • iexplore.exe (PID: 1388)
  • iexplore.exe (PID: 2436)
Reads internet explorer settings
  • iexplore.exe (PID: 1388)
  • iexplore.exe (PID: 3260)
  • iexplore.exe (PID: 2436)
Application launched itself
  • iexplore.exe (PID: 2836)
Changes internet zones settings
  • iexplore.exe (PID: 2836)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.html
|   HyperText Markup Language (100%)
EXIF
HTML
Title:
Download Tftpd32 4.64
language:
english
ContentType:
text/html; charset=utf-8
viewport:
width=980
HTTPEquivXUACompatible:
IE=edge
Description:
Download Tftpd32 - DHCP, TFTP, SNTP and Syslog servers and a TFTP client bundled inside a single package, with advanced configuration options and security settings
Keywords:
Tftpd32, download Tftpd32, Tftpd32 free download, FTP server, Syslog server, TFTP client, FTP, server, syslog, TFTP
msapplicationTileImage:
https://cdnssl.softpedia.com/_img/favicon_512.png?2015

Screenshots

Processes

Total processes
48
Monitored processes
8
Malicious processes
1
Suspicious processes
0

Behavior graph

+
start iexplore.exe iexplore.exe iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs tftpd64-4.64-setup.exe no specs tftpd64-4.64-setup.exe explorer.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2836
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\Tftpd32.shtml.html
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msftedit.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\searchfolder.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\networkexplorer.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\naturallanguage6.dll
c:\windows\system32\nlsdata0009.dll
c:\windows\system32\nlslexicons0009.dll
c:\windows\system32\tquery.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll

PID
3260
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2836 CREDAT:79873
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\credssp.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\jscript.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\msimg32.dll

PID
2436
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2836 CREDAT:79874
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\midimap.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\jscript.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\t2embed.dll
c:\program files\microsoft office\office14\winword.exe
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\d3dim700.dll

PID
1388
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2836 CREDAT:268545
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\audioses.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\jscript.dll
c:\windows\system32\feclient.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\t2embed.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\msxml3.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\d3dim700.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll

PID
2740
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

PID
3620
CMD
"C:\Users\admin\Downloads\Tftpd64-4.64-setup.exe"
Path
C:\Users\admin\Downloads\Tftpd64-4.64-setup.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Description
Version
Modules
Image
c:\users\admin\downloads\tftpd64-4.64-setup.exe
c:\systemroot\system32\ntdll.dll

PID
4012
CMD
"C:\Users\admin\Downloads\Tftpd64-4.64-setup.exe"
Path
C:\Users\admin\Downloads\Tftpd64-4.64-setup.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\downloads\tftpd64-4.64-setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\version.dll
c:\windows\system32\shfolder.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\windows\system32\msls31.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll

PID
3212
CMD
"C:\Windows\explorer.exe"
Path
C:\Windows\explorer.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Windows Explorer
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\explorer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\slc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\actxprxy.dll

Registry activity

Total events
1931
Read events
1708
Write events
221
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
2436
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019092020190921
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E3070A00030009000E0025001B00A501
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
12
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E3070A00030009000E0025001B00E401
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
54
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E3070A00030009000E0025001B001302
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
29
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000094000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2436
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\iexplore
Type
1
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\iexplore
Count
1
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\iexplore
Time
E3070A00030009000E00260009006503
2436
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
Name
iexplore.exe
2436
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
ID
1290246418
2436
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Microsoft Word
2436
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Default MHTML Editor
Last
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "%1"
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019091620190923
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019091620190923
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019091620190923
CachePrefix
:2019091620190923:
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019091620190923
CacheLimit
8192
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019091620190923
CacheOptions
11
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019091620190923
CacheRepair
0
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019100920191010
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019100920191010
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019100920191010
CachePrefix
:2019100920191010:
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019100920191010
CacheLimit
8192
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019100920191010
CacheOptions
11
2436
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019100920191010
CacheRepair
0
2436
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
iexplore.exe
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{4CC85FF7-EAA2-11E9-9A49-5254004A04AF}
0
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
2
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E3070A00030009000E00250015005B03
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
2
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E3070A00030009000E00250015005B03
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
941A742EAF7ED501
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
EE7C762EAF7ED501
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
4
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E3070A00030009000E0026001100C203
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
12
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
4
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E3070A00030009000E0026001100E203
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
48
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
4
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E3070A00030009000E00260012001900
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
25
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
1
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E3070A00030009000E00260013004403
2836
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
2
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E3070A00030009000E0026001900C602
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
3
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E3070A00030009000E00260024005C03
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder
0
43003A005C00500072006F006700720061006D002000460069006C00650073005C0049006E007400650072006E006500740020004500780070006C006F007200650072005C0069006500780070006C006F00720065002E00650078006500000043003A005C00550073006500720073005C00610064006D0069006E005C0044006F0077006E006C006F006100640073000000
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder
MRUListEx
00000000FFFFFFFF
2836
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
NodeSlots
020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
2836
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
MRUListEx
07000000020000000100000009000000080000000000000006000000030000000500000004000000FFFFFFFF
2836
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\Shell
SniffedFolderType
Documents
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU
1
69006500780070006C006F00720065002E00650078006500000014001F44471A0359723FA74489C55595FE6B30EE200000001A00EEBBFE230000100090E24D373F126545916439C4925E467B00000000
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU
MRUListEx
0100000000000000FFFFFFFF
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\exe
0
14001F44471A0359723FA74489C55595FE6B30EE200000001A00EEBBFE230000100090E24D373F126545916439C4925E467B00008000320000000000000000008000546674706436342D342E36342D73657475702E65786500005A0008000400EFBE00000000000000002A0000000000000000000000000000000000000000000000000054006600740070006400360034002D0034002E00360034002D00730065007400750070002E00650078006500000026000000
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\exe
MRUListEx
00000000FFFFFFFF
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*
1
14001F44471A0359723FA74489C55595FE6B30EE200000001A00EEBBFE230000100090E24D373F126545916439C4925E467B00008000320000000000000000008000546674706436342D342E36342D73657475702E65786500005A0008000400EFBE00000000000000002A0000000000000000000000000000000000000000000000000054006600740070006400360034002D0034002E00360034002D00730065007400750070002E00650078006500000026000000
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*
MRUListEx
0100000000000000FFFFFFFF
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
1
69006500780070006C006F00720065002E0065007800650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
1
69006500780070006C006F00720065002E00650078006500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000B1010000BE000000310400009E020000000000000000000000000000000000000100000000000000
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
1
69006500780070006C006F00720065002E0065007800650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000AE010000B000000051030000BA01000000000000000000000000000000000000B1010000BE000000310400009E020000000000000000000000000000000000000100000000000000
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
MRUListEx
0100000000000000FFFFFFFF
2836
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}
Mode
4
2836
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}
LogicalViewMode
1
2836
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}
FFlags
1092616257
2836
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}
IconSize
16
2836
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}
ColInfo
00000000000000000000000000000000FDDFDFFD100000000000000000000000040000001800000030F125B7EF471A10A5F102608C9EEBAC0A0000001001000030F125B7EF471A10A5F102608C9EEBAC0E0000007800000030F125B7EF471A10A5F102608C9EEBAC040000007800000030F125B7EF471A10A5F102608C9EEBAC0C00000050000000
2836
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}
Sort
000000000000000000000000000000000100000030F125B7EF471A10A5F102608C9EEBAC0A00000001000000
2836
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}
GroupView
0
2836
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}
GroupByKey:FMTID
{00000000-0000-0000-0000-000000000000}
2836
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}
GroupByKey:PID
0
2836
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}
GroupByDirection
1
2836
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\53\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}
FFlags
1
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDSave\Modules\GlobalSettings\ProperTreeModuleInner
ProperTreeModuleInner
9C000000980000003153505305D5CDD59C2E1B10939708002B2CF9AE3B0000002A000000004E0061007600500061006E0065005F004300460044005F0046006900720073007400520075006E0000000B000000000000004100000030000000004E0061007600500061006E0065005F00530068006F0077004C00690062007200610072007900500061006E00650000000B000000FFFF00000000000000000000
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Modules\NavPane
ExpandedState
06000000160014001F8080A63C324DC29940B94D446DD2D7249E0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F4225481E03947BC34DB131E946B44C8DD50000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F43983FFBB4EAC18D42A78AD1F5659CBA930000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D0000000000000000002000000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F580D1A2CF021BE504388B07367FC96EF3C0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B00000000000000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F50E04FD020EA3A6910A2D808002B30309D0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
Download Directory
C:\Users\admin\Downloads
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E3070A00030009000E0027000900B20000000000
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E3070A00030009000E0027000900C20000000000
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
NotifyDownloadComplete
yes
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
4
2836
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E3070A00030009000E0027002D008E02
3260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
3260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E3070A00030009000E0025001500C803
3260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
8
3260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
3260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E3070A00030009000E00250016000000
3260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
42
3260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
3260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E3070A00030009000E00250016003E00
3260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
28
3260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000093000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3260
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
LanguageList
en-US
3260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\iexplore
Type
1
3260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\iexplore
Flags
0
3260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\iexplore
Count
1
3260
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\iexplore
Time
E3070A00030009000E00260009006503
3260
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
Name
iexplore.exe
3260
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
ID
1290246418
1388
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
17
1388
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softpedia.com
17
1388
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019100920191010
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019100920191010
1388
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019100920191010
CachePrefix
:2019100920191010:
1388
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019100920191010
CacheLimit
8192
1388
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019100920191010
CacheOptions
11
1388
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019100920191010
CacheRepair
0
1388
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
4012
Tftpd64-4.64-setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Tftpd64
Install_Dir
C:\Program Files\Tftpd64
4012
Tftpd64-4.64-setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tftpd64
DisplayName
Tftpd64 Standalone Edition (remove only)
4012
Tftpd64-4.64-setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tftpd64
UninstallString
"C:\Program Files\Tftpd64\uninstall.exe"
4012
Tftpd64-4.64-setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tftpd64
NoModify
1
4012
Tftpd64-4.64-setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tftpd64
NoRepair
1

Files activity

Executable files
4
Suspicious files
7
Text files
124
Unknown types
29

Dropped files

PID
Process
Filename
Type
4012
Tftpd64-4.64-setup.exe
C:\Program Files\Tftpd64\uninstall.exe
executable
MD5: 078daf9669ef12a368f1aed5a21b1cd1
SHA256: 0a91e2fab1de979c8bd0816c5a709deb7bdb80a198c9163d58a5ce377607fb9d
2836
iexplore.exe
C:\Users\admin\Downloads\Tftpd64-4.64-setup.exe
executable
MD5: 044cc568b52ce2e65eb82d3d3b7ffa2f
SHA256: 525a2eb43f2a4c702213723541335dc0391b42a01177e1faf5873e0cb7540ce0
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XJDHGLFC\Tftpd64-4.64-setup[1].exe
executable
MD5: 044cc568b52ce2e65eb82d3d3b7ffa2f
SHA256: 525a2eb43f2a4c702213723541335dc0391b42a01177e1faf5873e0cb7540ce0
4012
Tftpd64-4.64-setup.exe
C:\Program Files\Tftpd64\tftpd64.exe
executable
MD5: 3c1e3215acc69f06f044802ed4695333
SHA256: 34de53b43c32e3ed5231a57683103acad1aebeef08309cf8e770c27acc90e4e7
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XJDHGLFC\TYPSoft-FTP-Server[1].gif
image
MD5: 80c70779838be61466738145b23d42e9
SHA256: f52a0528ecefbb036a1a03cdf4ee1a09e67e6026f4d5f9f2486ae8eb34c596e4
1388
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\JavaDeployReg.log
text
MD5: de73c4b637cec9bb2626ad2054a2ce94
SHA256: f39028bd32e62a476971d19fcd8402dfcc5dad5cbb37133843676ba4957ead99
3260
iexplore.exe
C:\Users\admin\AppData\Local\Temp\JavaDeployReg.log
text
MD5: 0a60c40b84495b43bdb772eaa86b52b7
SHA256: a54e792753b5985a34b6a6e08b37c2d57c69bec8ab639a1613f6229c91124e26
2836
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF840EFA061E1135A0.TMP
––
MD5:  ––
SHA256:  ––
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{6E4C2A58-EAA2-11E9-9A49-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{A49AF2E4-EAA2-11E9-9A49-5254004A04AF}.dat
binary
MD5: f99bb3582cccccbe647fa23cb4a7025d
SHA256: b9d864f029464ab6f9481b0e97af89d0eda30bf4d7171cd5bce79aa8183c50e9
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{A49AF2E6-EAA2-11E9-9A49-5254004A04AF}.dat
binary
MD5: 01340d4cb567630f4fac032ac389126a
SHA256: 8ed283942cf4b214544aaacc3fd85599f5c705c71b41c766a39064283679dc55
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{4CC85FF8-EAA2-11E9-9A49-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
2836
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF939E977F5DBD2354.TMP
––
MD5:  ––
SHA256:  ––
2836
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF4A3BE3C73869382E.TMP
––
MD5:  ––
SHA256:  ––
2836
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF15C467812A39BB4E.TMP
––
MD5:  ––
SHA256:  ––
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{A49AF2E5-EAA2-11E9-9A49-5254004A04AF}.dat
binary
MD5: a40d4a32a43958f6f7dbcae8a694ee41
SHA256: e889e0890a6c0117df1dfe815fc2d91f382f359e191cac0a1f501050fa17bc05
2836
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF0903D0D16BC5F295.TMP
––
MD5:  ––
SHA256:  ––
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XJDHGLFC\Personal-FTP-Server[1].gif
image
MD5: 644ffc88002f3702a4f5e8253ae724ba
SHA256: 8e1b4573d5ac92b3069c17246e634d2c292d1f461c352bf57dc59cd70c4e4f0a
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PX0R0BWF\jsstore[2].php
text
MD5: 4eace39de1e6def57f931b7340875ee6
SHA256: da6fe0f5c87fcd349fccb61f45794e6710975f86c41c62b000da183fc22fa06f
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6JOK1V23\FtpUse[1].gif
image
MD5: 78403adfd5930dd402de16415bca6ed6
SHA256: c18392d85e046d766bd0b756328cf3c5ab3b73439d8ae9cfa7209d0c17400026
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6JOK1V23\Quick-n-Easy-FTP-Server-Professional[1].gif
image
MD5: a0e185f5c68a6df1b109e9f4e0f4bfb0
SHA256: 1654a6e213fa619d189277b11abb887469942d0b6592d9ee512dfc4868f0a1e9
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PX0R0BWF\Syncplify-me-MicroServer[1].png
image
MD5: 80c0603242b9e026b4db1790c439b4c0
SHA256: 842c476a72b6425e56ab0ec5ab4f1f5a06a441c526ab03cb65038a4d4094abff
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XJDHGLFC\RaidenFTPD[1].gif
image
MD5: 75980d67c9c24ebc0f17c0e3aa07c1cd
SHA256: 444454bea5f8f207ff0842117a2af2adacb15f4ac1be6289a252cfdf119362d9
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XJDHGLFC\Quick-Tftp-Server-Pro[1].gif
image
MD5: c4861e0f107e6f4daaec76d6a9a82568
SHA256: 893d78f19f09d134edd4eea534bb8bb842d0e8847c154a58a4306ac38e46d76e
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9IWUYZFX\freeFTPd[1].gif
image
MD5: fce19751a1f5d8459b801780d73382b6
SHA256: f71803068da10658afee2a98c71a7fdfb89abcf2a6afb0e5bd7b6445362be689
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9IWUYZFX\CyberKiko-FTPSync[1].gif
image
MD5: 7b90f86c259cede37e17fe187658e340
SHA256: 68a8db219d0061e3da5aff1aa0490b818871a2427462960a5d9aabdc4029eb9e
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PX0R0BWF\Rufus-thumb[1].jpg
image
MD5: 2025b1b79f966aa456aa7cf17da404e0
SHA256: abb54e0fb0a3d1240a138d753d4a01ac68c81df1ce9ffdc9dfc41b402d6f25a7
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6JOK1V23\SolarWinds-SFTP-SCP-Server[1].png
image
MD5: 3d1ea40cc77df001f88dce099f59341e
SHA256: 214bdd574cd7eb50c1144cffbe3f26401b1cecc4260ad683a9fde831eb62dc9c
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9IWUYZFX\Rebex-Tiny-SFTP-Server[1].png
image
MD5: 1d82fba6602e046fe17069833e8c0a0f
SHA256: 7faff75fcbc817125e59d7f1db2a371f3b08411636c461fef39c55c9f44f58f5
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6JOK1V23\zFTPServer-Suite[1].gif
image
MD5: 1375057c1d7e3496090d5b4dd0b3469b
SHA256: 91ad9108e17e1ae69c800ca207864e293d4aa43fe53bbce7638f1e3e07096de1
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9IWUYZFX\UTF-8-fixer-plugin-for-Gene6-FTP-Server[1].gif
image
MD5: ac1cc231b16d6bdefee51fdb69470d5b
SHA256: 9f8abc7ee9646d3253dfa93603f712bf0ac8d3d462c7eac8b14474ab09ca466f
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PX0R0BWF\Ability-FTP-Server[1].png
image
MD5: 7593b2d7adc76929a96c89d906f40cf9
SHA256: 0015a911991eba4d5b78ab6b57f8b11e8fe289eece853e0670722855c7ab1d4c
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6JOK1V23\CompleteFTP[1].gif
image
MD5: b84280d99abb6442d6746620c4011263
SHA256: 4419d0ef9d2d19f6d8a32209d27bd233bcc55937f578fb25d146caaf99bb7e5b
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XJDHGLFC\TurboFTP-Server[1].png
image
MD5: 326e0c4ed3c36200410c9d3d66c0bfd3
SHA256: 315cb6a92416edf6d467d5f626f319a4d50852ae81c81920a1d9bbb930a1250d
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PX0R0BWF\Crypto-Notepad-thumb[1].jpg
image
MD5: d3d42932e0f57cde9d1ccaa86cfdd908
SHA256: 1ac0ca0cd8ccfe97c5b16087babe3ed5ece54a804536494e834e5b891e8a100b
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XJDHGLFC\CrushFTP[1].gif
image
MD5: 5375f38e1577331772681f0c176a0797
SHA256: b21dbd227e76dc12890c56489e288fb17d75a7216b2d52651a672c70d6283fe1
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9IWUYZFX\Zemana-AntiMalware-thumb[1].jpg
image
MD5: 82b1b9d81159d2d7e5a6ef55f09e097a
SHA256: ea93fce64ab0eaf9cd4f546bb898bf8b0980683e4f67cc1335e2d89a5f38b809
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PX0R0BWF\IObit-Driver-Booster-thumb[1].jpg
image
MD5: cac35516c1c856dbf8193d31684969d6
SHA256: 9055de38ff15045664ffca475926c0e4d999fec3642ff49cb68cf3388812c25b
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6JOK1V23\Rumpus[1].gif
image
MD5: b367cc67fdd6ce0c2c32a8f35fdb6f60
SHA256: d12ef926a02d559596114282813c493d71e6a335a25f58f3a9ffb8eaaeb0b1bc
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 3d5a42d4204dcd49986cd669291cbcff
SHA256: 5efc6b45f6639ddc47e630d4dae159e74b145634edf4d9418e74596106347cfb
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6JOK1V23\Wise-Folder-Hider-thumb[1].jpg
image
MD5: c2e73e3f77a529c6bc2d5cb2836c75fe
SHA256: a6408ac4b6f4ebb418a036561c9e80b7f925661a28de27bcdf76570ce53b5f54
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9IWUYZFX\TeamViewer-thumb[1].jpg
image
MD5: 5dda8d945abb1ec1b1d17845d971e5b6
SHA256: 2cd8891db63f194c09ce8d6c03d3db608b407d004b9fc9b039ce4473ae87906b
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PX0R0BWF\SUMo-thumb[1].jpg
image
MD5: 9d591223129fdf829d6e026f4f65a97a
SHA256: 5f59a5f3d5699e0c06b302f1f8c0c79ae23fb379ac6a40a7a1b8e2f00faef631
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9IWUYZFX\CyberLink-PowerDirector-thumb[1].jpg
image
MD5: 1f32a2354ba4626e84cbaf2e46af17f3
SHA256: 5593c6a2df1d2533750534d539bc7ed9d812702ccee7f90bcfa649b7066aac9a
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6JOK1V23\Syncplify-me-Server[1].gif
image
MD5: 3334750a4045cb6e47f281c1c6d6f11d
SHA256: 5d64a0c01d3a1778b6b7743493e83794aa35ea466c8d8b8953cfb1a6d6bb10dd
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XJDHGLFC\WebDrive[1].gif
image
MD5: d810e6379d355b752add5f6d22751910
SHA256: 1db6c7bd1cda137645432c8f5468b9dcf87534fff8e1cf72a7dfbcdc8b6ab410
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XJDHGLFC\Xlight-FTP-Server[1].gif
image
MD5: 288a171e83568b3199389c09a14e3029
SHA256: 255c127949c72586aea3a22127ae267770571f5d0297cf21b7cd3e59da18b532
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XJDHGLFC\Robo-FTP-Server[1].gif
image
MD5: 23057701df92a39302d9fcbbdff10c45
SHA256: 14ba31461d10a4a9cd18dfbccebbfc49ec8ae0b5a910102039aeec6f36b00416
1388
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 385de995a59a21273bb7340fd04aae56
SHA256: 58ee02204e291dbc6e73208d9156781b350f61567e51780f318baa1f4c4b1200
1388
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XJDHGLFC\FTP-Servers[1].txt
––
MD5:  ––
SHA256:  ––
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XJDHGLFC\FTP-Servers[1].htm
html
MD5: 66b74e544606bb0121edb75accdd4d60
SHA256: a9eed3abd94a08735e06fbf7d32aae7f5f3a8edce1a2ca7e2acbc07ce0227e7e
2836
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms
binary
MD5: aea79cb509d86f9787a8741ae63c2ef1
SHA256: dafafabdf4d69ae69ae4888e9cf7418f39fde4e9559aa388a335c48e1d9c5a03
4012
Tftpd64-4.64-setup.exe
C:\Program Files\Tftpd64\EUPL-EN.pdf
pdf
MD5: 254b5ddbc15269e72ba3a0508681a70c
SHA256: cd5d9e2a925d8daa92d083fd8c1cea48df1bcfffd857f4f93e2148fddc5001ec
4012
Tftpd64-4.64-setup.exe
C:\Program Files\Tftpd64\tftpd32.ini
text
MD5: c973075d00b0bf2d5c4cb18155ad92fb
SHA256: 0c00cbdae4e3f2f430ca803e2e08bb3cbba4e83cf9024dbb64da212b8034e60d
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{4CC85FF7-EAA2-11E9-9A49-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
4012
Tftpd64-4.64-setup.exe
C:\Program Files\Tftpd64\tftpd32.chm
chm
MD5: de0095e371874836fb50cd3400d7b204
SHA256: 810a0f52703d051b30d5ecd219c72b0599964de34d1c1912367271c87d4725bf
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019100920191010\index.dat
dat
MD5: 3d70fa4837053f756a16c38c2bac4bb5
SHA256: 5316167359d13e680b8f6d41b87d2705620cc29131223786f5c6685b77aa8cc0
2836
iexplore.exe
C:\Users\admin\Downloads\Tftpd64-4.64-setup.exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2836
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF29430048BD95C2C5.TMP
––
MD5:  ––
SHA256:  ––
2836
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DTR954DP5NJSJ447YYO0.temp
––
MD5:  ––
SHA256:  ––
1388
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: e7b612f1a4e7b172df719fc938b11c73
SHA256: b8a2346ee4a16d71053139d3db9630a71c2e7dfa2a5561436948687ff9134463
1388
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XJDHGLFC\1[1].htm
html
MD5: 0b1a4d045c793bb0e4f7a86ff5a55e35
SHA256: 8a86a74f06b791c71b7a6302496cdefb0b42843fce183b4a4e6766296da34c15
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XJDHGLFC\1[1].txt
––
MD5:  ––
SHA256:  ––
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XJDHGLFC\Tftpd64-4.64-setup[1].exe
––
MD5:  ––
SHA256:  ––
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PX0R0BWF\WinFtp-Server[1].gif
image
MD5: 175ee3a8e86f9a81f643d29b4a712e87
SHA256: d6873af630ac9f61495836732ea2491560d3d3168bcb1e6f7e7cc39499488fa2
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9IWUYZFX\jsstore[1].php
text
MD5: c13c592733f9fb909cfbe2d7fc61ebf5
SHA256: d0f72037aeadc5f304ebf2ca7b5c251b615d1b914702ae64605ac4be4d3f8f9a
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6JOK1V23\Fastream-NETFile-FTPWeb-Server[1].gif
image
MD5: 6c564e3dcc2ab81bd8c986b2646bf21c
SHA256: c3cc0b6eb73d604e932f14575000f3b24c15450b4bab8d34152249347e338bc3
1388
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 6318f8e78c60a82ff0570681f1e4d76c
SHA256: 7f6125476a16eb973f30a2937aabc26a96c555aa70bc69c9ac1f4b78099a6eca
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6JOK1V23\1[1].txt
––
MD5:  ––
SHA256:  ––
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6JOK1V23\1[1].htm
html
MD5: 3b8073eb0f83ce96fef35820c4b93965
SHA256: 2057e368cf05036fc885d10506d8addce1241b1cbf1b6459aef2824401b5f34a
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XJDHGLFC\spsecbg[1].png
image
MD5: d76cc7167a5f49121e5a849c9ebaa936
SHA256: d97a9ce0db70af0d6745f6b8558f0b3127fcfee4a1622a859485d6da68272ba2
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PX0R0BWF\idm32[1].png
image
MD5: 78d0f691fdcc989856e80c0f2f0d2353
SHA256: 16a85486e47f6daafbf5585672e1309098a8d7fa0f1a2024b42596bb0940fb6b
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PX0R0BWF\dlinfo[1].php
––
MD5:  ––
SHA256:  ––
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
image
MD5: b542de13dc13e6d1ebaa0fb219754043
SHA256: 24bcc86822290061cc915e2248ef28b8caae6b4ddf6c273ec5657a12dfc1aad7
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9IWUYZFX\Tftpd32_8[1].jpg
image
MD5: 61e54668c535cb17ae3243e3ad221cf9
SHA256: 7adbf9dd2188dea3a3628ba180e77bdbbe39963cbd460118a9e2aea6d8d4e894
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6JOK1V23\BulletProof-FTP-Server[1].gif
image
MD5: f67c6380d97a735f674d10bb8fd6f7b0
SHA256: e64e71c06b49d5c9a13f6a5b1d96d886ef281ba11b77e243697844e8f0031281
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: 7ad383a5e3d9efb2a5c34da994c09fa0
SHA256: 64398d0e898c4b72ea382eab866165a3f1bf00c0095ed7f55e07e7c0ae83511e
1388
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 2498c826ba355751fe1483b1e9dcc12c
SHA256: 08e1811e18e5984b49ff6226797b5f510f60e5cc00964bcc151b4a510716b8a3
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
smt
MD5: 61b41be17643ae91c2ed0a4661e50794
SHA256: b4ffc680c78f3be56d77bcb938b77e18904f7e4150fdf2273329b2f3890789d0
2740
FlashUtil32_26_0_0_131_ActiveX.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PX0R0BWF\Tftpd32_11[1].jpg
image
MD5: 40a2e5986b35b4e8c43bf4c8bc363aee
SHA256: 4109f7046b54a3be1a3685187df8c6b46f750b05ef83017944b05da33e42066f
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9IWUYZFX\Tftpd32_10[1].jpg
image
MD5: c78854d79de3832e9ca4376046a02f99
SHA256: d4a0f1eeff20a274656ecc2d96c1b1774190d01f5f5da630114764ad0e4a7875
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6JOK1V23\Tftpd32_9[1].jpg
image
MD5: 8d95d2ddcc61b6d230fc9bae7fad5ab8
SHA256: 01cf9e1d88357eddff1acc6bfecee72d2968c8d08ce04201be03e7fc761a73e2
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XJDHGLFC\Tftpd32_7[1].jpg
image
MD5: f63d0759d0b7df2eaddba56b542ba212
SHA256: c1381d404741bf612663f3d5231f699b5b77075c5d06a31fcb2664d6ede4bf44
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XJDHGLFC\Tftpd32-thumb[1].png
image
MD5: 66a586b5da55c9c9cae3a3d2ba7d37f0
SHA256: d40fa848c4347ec9c8d1764f3b9e0a02dffedc2bf51895b1826d1eae243b1669
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PX0R0BWF\jsstore[1].php
text
MD5: 8a2c4095aa661e1f56fa92e48ac26abc
SHA256: 3f57f021fa97cbc5c75f9738b609014b992f7a1a84bae3f91930cc9ca3543fd5
1388
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\PE2Z6N0G\www.softpedia[1].xml
text
MD5: 5600616389c75cdc82374d5b330ae4e6
SHA256: bbb0cd5f181994d613d48e0a67478dd3e40221b148feff30e738f9b2ebc830e4
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9IWUYZFX\Core-FTP-Server[1].gif
image
MD5: 986f2c6a61fb1fe1895661b5a024d90e
SHA256: 4b22924df5f00d11932398fc1e67530bb1d7188e8328ed7431d2e125abdf3884
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6JOK1V23\ServU[1].png
image
MD5: ae8f741310e419e2a4d1e75107c4fbea
SHA256: 35304f811a3f3e7fa0636bd4d712761fa7e30951c7663d9855a383566a2f86d0
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PX0R0BWF\Titan-FTP-Server[1].gif
image
MD5: 30cba893d4eb0d6e4cc217df42776c20
SHA256: 150691d34b99c9b53ebce68217339abdf7f87bdea76c23fc7e5433b46bdf1c8c
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9IWUYZFX\Cerberus-FTP-Server[1].gif
image
MD5: bab53dc27e7ed08cd4a03f45735c1131
SHA256: c8a6c62e4519ab64f48d9878ba4da209194359b1cb5377b7887501bd3c41035c
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6JOK1V23\Core-FTP-Mini-SFTP-Server[1].gif
image
MD5: e1a2e33270efe757c764a7b369ac22ae
SHA256: 58eb07c41c2167ee72e50710c548b3e58c428147816984d8fa03d8d01015645f
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XJDHGLFC\fontawesome-webfont[1].eot
eot
MD5: d57c2883af8dcf1b66f42ac9caef2692
SHA256: 93bccf50f77a3b0da459ae715a0cad35522c4853e89d9aa8968c6a4c4cce8354
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
––
MD5:  ––
SHA256:  ––
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PX0R0BWF\FileZilla-Server[1].gif
image
MD5: c2011b2ddd01542ba1d16a99bf40ea32
SHA256: 480d36078aaae4614b88959636e6655512cc3aa3e31d58d698477b3dfada1c8e
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6JOK1V23\museosans_500-webfont[1].eot
eot
MD5: 56da6236c508a5041bb1b43f1e6a2339
SHA256: 69ad68eb84ab336af86ee3f3c6f1e071dd9e3d2fb39e7e642231c8871306ddaf
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9IWUYZFX\analytics[1].js
text
MD5: b66b3b5d54e154c81a50880cdcd7e5f8
SHA256: dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XJDHGLFC\museosanscnd-500-webfont[1].eot
eot
MD5: 1515f94431dff223cecf2d2984d0e6d4
SHA256: c5e23a5967363cc4216259913477a4e9084a139171749af02129606771fd0408
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 39b1d2e1bfe95db00c8b8d796cf4fe2a
SHA256: 4726b9bda1641b7861923e5e5320381d3f9ded747a5d52189e34071717aa93bb
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PX0R0BWF\museosans_700-webfont[1].eot
eot
MD5: 88f05b15b7c6cea23cc41d6c5624f470
SHA256: 7e0a7272b104978857ee05de0a47b4b0c7d6259e2b7b129cbb529ee2fe205ece
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9IWUYZFX\Home-Ftp-Server[1].gif
image
MD5: be6c5a5d20d5d323d8058e39c5f89e8e
SHA256: 7444ab51cf5e18696e987ffa0f6c4daffe3e7fb131fab4b4407f3110a07f770f
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XJDHGLFC\Cesar-FTP[1].gif
image
MD5: 95030475e6d3a3b7b9c0d6cd88c19b45
SHA256: 856cbf548d0efc10f98a32c1bcc1d49118a98b3dfe92e1a8ab1571a95c93e17f
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9IWUYZFX\Tftpd32[1].png
image
MD5: 56079b74f2ba8eb96b1b7bb6619e2615
SHA256: 1dabdd2aa94aecabf7d765afad8f917cc791784c4e484712e41d4e8a707f4016
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6JOK1V23\museo_slab_700-webfont[1].eot
eot
MD5: 756854c88237ab2b09d8dd3d70fd7441
SHA256: 19caf529dba3a5d9aa30da93878d1b2c159021723b90476e7dd21388896bac0e
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6JOK1V23\museosanscnd-700-webfont[1].eot
eot
MD5: a25b83f4478edd27a3f62ac64ed23a8d
SHA256: 1731a79ee32e6608d1c71d8ebc64cf0be771ffced6124e23360f5df2d5aec158
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XJDHGLFC\fonts-mobile[1].css
text
MD5: 916708bfc57f4e60bb28a4bd7c191f7e
SHA256: 84f92e09b708886a14ab1ea655ac7bd6075719082e9b5fcdee221d77730df4b4
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XJDHGLFC\webfont-1.6.26[1].js
text
MD5: 7c96a5f11d9741541d5e3c42ff6380d7
SHA256: 81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
1388
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat
dat
MD5: c3d7ed42b1e30c57bf6d02f144458c14
SHA256: acee8f1cebd2362d13e5ec9aa822470e0d7d30ec4909f496ea9a8c2124bac7c5
1388
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\PE2Z6N0G\www.softpedia[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PX0R0BWF\gpt[1].js
text
MD5: 025396d9174751f8d118310730bc17e2
SHA256: bdecbda040577a2753cfe486e5ee86d87b97ea13f3c7675d738c852935c77ff0
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9IWUYZFX\f[1].txt
text
MD5: 0887c2403e1576be8ffded608499dcd8
SHA256: 635c7f5cc503ac3712172645c90426f5bc5ea85021c68138dd3d1d556a4365b0
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PX0R0BWF\_min[1]
text
MD5: 01f5a8a795fae6f43f525a9c971b5e48
SHA256: 8eb94edff28cf10a9c0543257223ac02538f60c0a4a73b66f109d1b8fbfd5f17
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9IWUYZFX\_min[1].txt
text
MD5: 87db97048e2c68f6e22a6b754da10aa7
SHA256: 0250602e33bb23615142ee87086e401de4310bb43b83d92bdf86693d57045a44
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6JOK1V23\_min[1].txt
text
MD5: 39dac21268caf10bbcecdb984103b673
SHA256: 2c8d2604413894206af1f2d3cbbb465b767d139ebad5049309d9982b17440683
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6JOK1V23\_min[2].txt
text
MD5: eec9cc8971fedc368010e27ce9490e62
SHA256: 78362c16d1b74e1539fb92eff0054ba79cba254a5b4f23bfad8a55aaf67dbe83
2836
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{4CC85FF9-EAA2-11E9-9A49-5254004A04AF}.dat
binary
MD5: c88d9f1661c2391a5eb4e5471ae00963
SHA256: 691f66614b937a9f6c9a4cd0f48181c3dc0e21dc3cdb2b6f4186cbd85ecf6f01
2836
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFA39627020523CEEC.TMP
––
MD5:  ––
SHA256:  ––
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6JOK1V23\Tftpd32[1].shtml
html
MD5: 92ac4bbc626d7f819e860a405d463061
SHA256: 55fb35ce7993f8ed39bc705a8c18ba95965c4e6c55551fd083e537d63f4b4fd3
1388
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: 6cdcb34344d414ec1eed3c4e56767621
SHA256: 7f91f7fd6b299638ed99ff44308e65bb8ac4b71606540aaca6c37c1f7e914f35
1388
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 10431eb1958a3b7258ddb03f5d76fb71
SHA256: 912287e3b5264b7347c92a61f47c4a4ace1e68b5d18837aa851cf340a7c85678
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9IWUYZFX\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PX0R0BWF\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XJDHGLFC\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: fb9b9cc54e09c98ab062ab9bbfc84e4c
SHA256: c847d04cda4ee74796582aafc0a85e6946b73098e3bad2f7dd3bef95fd57678f
1388
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6JOK1V23\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\Tftpd32_11[1].jpg
image
MD5: 40a2e5986b35b4e8c43bf4c8bc363aee
SHA256: 4109f7046b54a3be1a3685187df8c6b46f750b05ef83017944b05da33e42066f
2436
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019100920191010\index.dat
dat
MD5: c943b59743ffd5e3b147ec497ae1df6f
SHA256: 67f3a5e24a214cdc738ea1bae9b5129e8b01706c6e6039ac75d8d445c9ae8671
2436
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019092020190921\index.dat
––
MD5:  ––
SHA256:  ––
2436
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\Titan-FTP-Server[1].gif
image
MD5: 30cba893d4eb0d6e4cc217df42776c20
SHA256: 150691d34b99c9b53ebce68217339abdf7f87bdea76c23fc7e5433b46bdf1c8c
2436
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\Cerberus-FTP-Server[1].gif
image
MD5: bab53dc27e7ed08cd4a03f45735c1131
SHA256: c8a6c62e4519ab64f48d9878ba4da209194359b1cb5377b7887501bd3c41035c
3260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\Tftpd32_10[1].jpg
image
MD5: c78854d79de3832e9ca4376046a02f99
SHA256: d4a0f1eeff20a274656ecc2d96c1b1774190d01f5f5da630114764ad0e4a7875
3260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\Tftpd32_9[1].jpg
image
MD5: 8d95d2ddcc61b6d230fc9bae7fad5ab8
SHA256: 01cf9e1d88357eddff1acc6bfecee72d2968c8d08ce04201be03e7fc761a73e2
3260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\Tftpd32_8[1].jpg
image
MD5: 61e54668c535cb17ae3243e3ad221cf9
SHA256: 7adbf9dd2188dea3a3628ba180e77bdbbe39963cbd460118a9e2aea6d8d4e894
2436
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\BulletProof-FTP-Server[1].gif
image
MD5: f67c6380d97a735f674d10bb8fd6f7b0
SHA256: e64e71c06b49d5c9a13f6a5b1d96d886ef281ba11b77e243697844e8f0031281
3260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\Tftpd32_7[1].jpg
image
MD5: f63d0759d0b7df2eaddba56b542ba212
SHA256: c1381d404741bf612663f3d5231f699b5b77075c5d06a31fcb2664d6ede4bf44
3260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\Tftpd32-thumb[2].png
image
MD5: 66a586b5da55c9c9cae3a3d2ba7d37f0
SHA256: d40fa848c4347ec9c8d1764f3b9e0a02dffedc2bf51895b1826d1eae243b1669
3260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\BulletProof-FTP-Server[1].gif
––
MD5:  ––
SHA256:  ––
2436
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\TYPSoft-FTP-Server[1].gif
image
MD5: 80c70779838be61466738145b23d42e9
SHA256: f52a0528ecefbb036a1a03cdf4ee1a09e67e6026f4d5f9f2486ae8eb34c596e4
3260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\Core-FTP-Mini-SFTP-Server[1].gif
image
MD5: e1a2e33270efe757c764a7b369ac22ae
SHA256: 58eb07c41c2167ee72e50710c548b3e58c428147816984d8fa03d8d01015645f
3260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\Core-FTP-Server[1].gif
image
MD5: 986f2c6a61fb1fe1895661b5a024d90e
SHA256: 4b22924df5f00d11932398fc1e67530bb1d7188e8328ed7431d2e125abdf3884
2436
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\Tftpd32_11[1].jpg
image
MD5: 40a2e5986b35b4e8c43bf4c8bc363aee
SHA256: 4109f7046b54a3be1a3685187df8c6b46f750b05ef83017944b05da33e42066f
2436
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\Tftpd32_10[1].jpg
image
MD5: c78854d79de3832e9ca4376046a02f99
SHA256: d4a0f1eeff20a274656ecc2d96c1b1774190d01f5f5da630114764ad0e4a7875
2436
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\Tftpd32_9[1].jpg
––
MD5:  ––
SHA256:  ––
2436
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\Tftpd32_8[1].jpg
––
MD5:  ––
SHA256:  ––
3260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\museosans_700-webfont[1].eot
eot
MD5: 88f05b15b7c6cea23cc41d6c5624f470
SHA256: 7e0a7272b104978857ee05de0a47b4b0c7d6259e2b7b129cbb529ee2fe205ece
3260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\museosanscnd-500-webfont[1].eot
eot
MD5: 1515f94431dff223cecf2d2984d0e6d4
SHA256: c5e23a5967363cc4216259913477a4e9084a139171749af02129606771fd0408
3260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
dat
MD5: f74220e9774a3ebdf94e3218b10555b3
SHA256: 1a891ed4e0fca825704df44c1e51daac3af60717bc2a99f6321ef8d11cb326b8
3260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\Titan-FTP-Server[1].gif
image
MD5: 30cba893d4eb0d6e4cc217df42776c20
SHA256: 150691d34b99c9b53ebce68217339abdf7f87bdea76c23fc7e5433b46bdf1c8c
2436
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\museosanscnd-700-webfont[1].eot
eot
MD5: a25b83f4478edd27a3f62ac64ed23a8d
SHA256: 1731a79ee32e6608d1c71d8ebc64cf0be771ffced6124e23360f5df2d5aec158
2436
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\Tftpd32_7[1].jpg
––
MD5:  ––
SHA256:  ––
3260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\fontawesome-webfont[2].eot
eot
MD5: d57c2883af8dcf1b66f42ac9caef2692
SHA256: 93bccf50f77a3b0da459ae715a0cad35522c4853e89d9aa8968c6a4c4cce8354
3260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\museo_slab_700-webfont[1].eot
eot
MD5: 756854c88237ab2b09d8dd3d70fd7441
SHA256: 19caf529dba3a5d9aa30da93878d1b2c159021723b90476e7dd21388896bac0e
2436
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\museosans_500-webfont[1].eot
eot
MD5: 56da6236c508a5041bb1b43f1e6a2339
SHA256: 69ad68eb84ab336af86ee3f3c6f1e071dd9e3d2fb39e7e642231c8871306ddaf
3260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\TYPSoft-FTP-Server[1].gif
––
MD5:  ––
SHA256:  ––
2436
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\fontawesome-webfont[1].eot
eot
MD5: d57c2883af8dcf1b66f42ac9caef2692
SHA256: 93bccf50f77a3b0da459ae715a0cad35522c4853e89d9aa8968c6a4c4cce8354
3260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\museosans_500-webfont[1].eot
eot
MD5: 56da6236c508a5041bb1b43f1e6a2339
SHA256: 69ad68eb84ab336af86ee3f3c6f1e071dd9e3d2fb39e7e642231c8871306ddaf
3260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\FileZilla-Server[1].gif
image
MD5: c2011b2ddd01542ba1d16a99bf40ea32
SHA256: 480d36078aaae4614b88959636e6655512cc3aa3e31d58d698477b3dfada1c8e
2436
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\Home-Ftp-Server[1].gif
image
MD5: be6c5a5d20d5d323d8058e39c5f89e8e
SHA256: 7444ab51cf5e18696e987ffa0f6c4daffe3e7fb131fab4b4407f3110a07f770f
2436
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\ServU[1].png
image
MD5: ae8f741310e419e2a4d1e75107c4fbea
SHA256: 35304f811a3f3e7fa0636bd4d712761fa7e30951c7663d9855a383566a2f86d0
2436
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\museosanscnd-500-webfont[1].eot
eot
MD5: 1515f94431dff223cecf2d2984d0e6d4
SHA256: c5e23a5967363cc4216259913477a4e9084a139171749af02129606771fd0408
3260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\ServU[1].png
image
MD5: ae8f741310e419e2a4d1e75107c4fbea
SHA256: 35304f811a3f3e7fa0636bd4d712761fa7e30951c7663d9855a383566a2f86d0
2436
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\museosans_700-webfont[1].eot
eot
MD5: 88f05b15b7c6cea23cc41d6c5624f470
SHA256: 7e0a7272b104978857ee05de0a47b4b0c7d6259e2b7b129cbb529ee2fe205ece
3260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\museosanscnd-700-webfont[1].eot
eot
MD5: a25b83f4478edd27a3f62ac64ed23a8d
SHA256: 1731a79ee32e6608d1c71d8ebc64cf0be771ffced6124e23360f5df2d5aec158
2436
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\museo_slab_700-webfont[1].eot
eot
MD5: 756854c88237ab2b09d8dd3d70fd7441
SHA256: 19caf529dba3a5d9aa30da93878d1b2c159021723b90476e7dd21388896bac0e
2436
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\Core-FTP-Server[1].gif
image
MD5: 986f2c6a61fb1fe1895661b5a024d90e
SHA256: 4b22924df5f00d11932398fc1e67530bb1d7188e8328ed7431d2e125abdf3884
3260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\fonts-mobile[1].css
text
MD5: 916708bfc57f4e60bb28a4bd7c191f7e
SHA256: 84f92e09b708886a14ab1ea655ac7bd6075719082e9b5fcdee221d77730df4b4
2436
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\Core-FTP-Mini-SFTP-Server[1].gif
image
MD5: e1a2e33270efe757c764a7b369ac22ae
SHA256: 58eb07c41c2167ee72e50710c548b3e58c428147816984d8fa03d8d01015645f
3260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\Home-Ftp-Server[1].gif
image
MD5: be6c5a5d20d5d323d8058e39c5f89e8e
SHA256: 7444ab51cf5e18696e987ffa0f6c4daffe3e7fb131fab4b4407f3110a07f770f
2436
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\fonts-mobile[1].css
––
MD5:  ––
SHA256:  ––
2436
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\Tftpd32-thumb[1].png
image
MD5: 66a586b5da55c9c9cae3a3d2ba7d37f0
SHA256: d40fa848c4347ec9c8d1764f3b9e0a02dffedc2bf51895b1826d1eae243b1669
2436
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\Cesar-FTP[1].gif
image
MD5: 95030475e6d3a3b7b9c0d6cd88c19b45
SHA256: 856cbf548d0efc10f98a32c1bcc1d49118a98b3dfe92e1a8ab1571a95c93e17f
2436
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\FileZilla-Server[1].gif
image
MD5: c2011b2ddd01542ba1d16a99bf40ea32
SHA256: 480d36078aaae4614b88959636e6655512cc3aa3e31d58d698477b3dfada1c8e
3260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\Tftpd32[1].png
image
MD5: 56079b74f2ba8eb96b1b7bb6619e2615
SHA256: 1dabdd2aa94aecabf7d765afad8f917cc791784c4e484712e41d4e8a707f4016
3260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\Cerberus-FTP-Server[1].gif
image
MD5: bab53dc27e7ed08cd4a03f45735c1131
SHA256: c8a6c62e4519ab64f48d9878ba4da209194359b1cb5377b7887501bd3c41035c
3260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\Cesar-FTP[1].gif
––
MD5:  ––
SHA256:  ––
2436
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\Tftpd32[1].png
––
MD5:  ––
SHA256:  ––
2436
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\webfont-1.6.26[1].js
text
MD5: 7c96a5f11d9741541d5e3c42ff6380d7
SHA256: 81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
3260
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\webfont-1.6.26[1].js
text
MD5: 7c96a5f11d9741541d5e3c42ff6380d7
SHA256: 81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
2436
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\gpt[1].js
text
MD5: 025396d9174751f8d118310730bc17e2
SHA256: bdecbda040577a2753cfe486e5ee86d87b97ea13f3c7675d738c852935c77ff0
3260</