General Info

File name

Ghost-Browser.png

Full analysis
https://app.any.run/tasks/7a025d5f-10d4-4746-8bd8-3e95245d290c
Verdict
Malicious activity
Analysis date
4/14/2019, 22:25:35
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
image/png
File info:
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
MD5

5b873230e99dcc727dfae00142327129

SHA1

f553fc44ae3dd8c97c8755c5f03e279cb5c5129e

SHA256

a98874cafa05f9d30ab02bfb58026a483a2aaeb1f5798a274df67d4dfd2189be

SSDEEP

24:h+aH8Hxf0JE53P+7jV58FHGTEgMZpVNpWfLTL1eCWl2mLC2IaW1hB8ZiB:h+28Hx8WejQFHeLMZpV88rAmcHKw

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
on
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO

No malicious indicators.

No suspicious indicators.

Reads settings of System Certificates
  • iexplore.exe (PID: 3720)
Reads internet explorer settings
  • iexplore.exe (PID: 2492)
Changes internet zones settings
  • iexplore.exe (PID: 3720)
Adds / modifies Windows certificates
  • iexplore.exe (PID: 3720)
Creates files in the user directory
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 3568)
  • iexplore.exe (PID: 2492)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2492)
Changes settings of System certificates
  • iexplore.exe (PID: 3720)
Application launched itself
  • iexplore.exe (PID: 3720)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.png
|   Portable Network Graphics (100%)
EXIF
PNG
ImageWidth:
32
ImageHeight:
32
BitDepth:
8
ColorType:
Palette
Compression:
Deflate/Inflate
Filter:
Adaptive
Interlace:
Noninterlaced
Palette:
(Binary data 492 bytes, use -b option to extract)
Transparency:
(Binary data 8 bytes, use -b option to extract)
Composite
ImageSize:
32x32
Megapixels:
0.001

Screenshots

Processes

Total processes
35
Monitored processes
4
Malicious processes
0
Suspicious processes
0

Behavior graph

+
start rundll32.exe no specs iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2512
CMD
"C:\Windows\System32\rundll32.exe" "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\admin\AppData\Local\Temp\Ghost-Browser.png
Path
C:\Windows\System32\rundll32.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\windows photo viewer\photoviewer.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\version.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\slc.dll
c:\windows\system32\windowscodecs.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\windows photo viewer\photobase.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\actxprxy.dll
c:\program files\windows photo viewer\imagingengine.dll
c:\windows\system32\mscms.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\psapi.dll
c:\windows\system32\icm32.dll

PID
3720
CMD
"C:\Program Files\Internet Explorer\iexplore.exe"
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\version.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\naturallanguage6.dll
c:\windows\system32\nlsdata0009.dll
c:\windows\system32\nlslexicons0009.dll
c:\windows\system32\tquery.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\secur32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll

PID
2492
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3720 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\midimap.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\jscript.dll
c:\windows\system32\feclient.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\t2embed.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\d3dim700.dll

PID
3568
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

Registry activity

Total events
879
Read events
788
Write events
89
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
24
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softpedia.com
24
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
49
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softpedia.com
49
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
72
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softpedia.com
72
2492
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
Name
iexplore.exe
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
96
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softpedia.com
96
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
121
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softpedia.com
121
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
146
2492
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softpedia.com
146
2512
rundll32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
rundll32.exe
2512
rundll32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows Photo Viewer\Viewer
MainWndPos
6000000034000000A00400008002000000000000
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{83D0F84B-5EF3-11E9-B63D-5254004A04AF}
0
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307040000000E0014001A000000AB02
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307040000000E0014001A000000BB02
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307040000000E0014001A0000004703
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307040000000E0014001A0000005703
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307040000000E0014001A000000A503
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url1
http://softpedia.com/
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url2
soundcloud.com
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url3
avito.ru
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url4
lk
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url5
google.de
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url6
duyendangvietnam.net.vn
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url7
java.com
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url8
nordstrom.com
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url9
daum.net
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url10
thehill.com
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url11
hm.com
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs
url12
livedoor.jp
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
1
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307040000000E0014001A0018005C00
3720
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3720
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
Blob
0F00000001000000140000000F6AAD4C3FE04619CDC8B2BD655AA1A26042E6500B000000010000005400000053007400610072006600690065006C006400200043006C00610073007300200032002000430065007200740069006600690063006100740069006F006E00200041007500740068006F007200690074007900000053000000010000004800000030463021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C03021060B6086480186FD6E0107170330123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703036200000001000000200000001465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658140000000100000014000000BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E71D000000010000001000000090C4F4233B006B7BFAA6ADCD8F577D77030000000100000014000000AD7E1C28B064EF8F6003402014C3D0E3370EB58A2000000001000000130400003082040F308202F7A003020102020100300D06092A864886F70D01010505003068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479301E170D3034303632393137333931365A170D3334303632393137333931365A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F7269747930820120300D06092A864886F70D01010105000382010D00308201080282010100B732C8FEE971A60485AD0C1164DFCE4DEFC80318873FA1ABFB3CA69FF0C3A1DAD4D86E2B5390FB24A43E84F09EE85FECE52744F528A63F7BDEE02AF0C8AF532F9ECA0501931E8F661C39A74DFA5AB673042566EB777FE759C64A99251454EB26C7F37F19D530708FAFB0462AFFADEB29EDD79FAA0487A3D4F989A5345FDB43918236D9663CB1B8B982FD9C3A3E10C83BEF0665667A9B19183DFF71513C302E5FBE3D7773B25D066CC323569A2B8526921CA702B3E43F0DAF087982B8363DEA9CD335B3BC69CAF5CC9DE8FD648D1780336E5E4A5D99C91E87B49D1AC0D56E1335235EDF9B5F3DEFD6F776C2EA3EBB780D1C42676B04D8F8D6DA6F8BF244A001AB020103A381C53081C2301D0603551D0E04160414BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E73081920603551D2304818A3081878014BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E7A16CA46A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479820100300C0603551D13040530030101FF300D06092A864886F70D01010505000382010100059D3F889DD1C91A55A1AC69F3F359DA9B01871A4F57A9A179092ADBF72FB21ECCC75E6AD88387A197EF49353E7706415862BF8E58B80A673FECB3DD21661FC954FA72CC3D4C40D881AF779E837ABBA2C7F534178ED91140F4FC2C2A4D157FA7625D2E25D3000B201A1D68F917B8F4BD8BED2859DD4D168B1783C8B265C72D7AA5AABC53866DDD57A4CAF820410B68F0F4FB74BE565D7A79F5F91D85E32D95BEF5719043CC8D1F9A000A8729E95522580023EAE31243295B4708DD8C416A6506A8E521AA41B4952195B97DD134AB13D6ADBCDCE23D39CDBD3E7570A1185903C922B48F9CD55E2AD7A5B6D40A6DF8B74011469A1F790E62BF0F97ECE02F1F1794
3720
iexplore.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
3720
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A
Blob
190000000100000010000000FD960962AC6938E0D4B0769AA1A64E260B000000010000005400000053007400610072006600690065006C006400200043006C00610073007300200032002000430065007200740069006600690063006100740069006F006E00200041007500740068006F007200690074007900000053000000010000004800000030463021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C03021060B6086480186FD6E0107170330123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703036200000001000000200000001465FA205397B876FAA6F0A9958E5590E40FCC7FAA4FB7C2C8677521FB5FB658140000000100000014000000BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E71D000000010000001000000090C4F4233B006B7BFAA6ADCD8F577D77030000000100000014000000AD7E1C28B064EF8F6003402014C3D0E3370EB58A2000000001000000130400003082040F308202F7A003020102020100300D06092A864886F70D01010505003068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479301E170D3034303632393137333931365A170D3334303632393137333931365A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F7269747930820120300D06092A864886F70D01010105000382010D00308201080282010100B732C8FEE971A60485AD0C1164DFCE4DEFC80318873FA1ABFB3CA69FF0C3A1DAD4D86E2B5390FB24A43E84F09EE85FECE52744F528A63F7BDEE02AF0C8AF532F9ECA0501931E8F661C39A74DFA5AB673042566EB777FE759C64A99251454EB26C7F37F19D530708FAFB0462AFFADEB29EDD79FAA0487A3D4F989A5345FDB43918236D9663CB1B8B982FD9C3A3E10C83BEF0665667A9B19183DFF71513C302E5FBE3D7773B25D066CC323569A2B8526921CA702B3E43F0DAF087982B8363DEA9CD335B3BC69CAF5CC9DE8FD648D1780336E5E4A5D99C91E87B49D1AC0D56E1335235EDF9B5F3DEFD6F776C2EA3EBB780D1C42676B04D8F8D6DA6F8BF244A001AB020103A381C53081C2301D0603551D0E04160414BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E73081920603551D2304818A3081878014BF5FB7D1CEDD1F86F45B55ACDCD710C20EA988E7A16CA46A3068310B300906035504061302555331253023060355040A131C537461726669656C6420546563686E6F6C6F676965732C20496E632E31323030060355040B1329537461726669656C6420436C61737320322043657274696669636174696F6E20417574686F72697479820100300C0603551D13040530030101FF300D06092A864886F70D01010505000382010100059D3F889DD1C91A55A1AC69F3F359DA9B01871A4F57A9A179092ADBF72FB21ECCC75E6AD88387A197EF49353E7706415862BF8E58B80A673FECB3DD21661FC954FA72CC3D4C40D881AF779E837ABBA2C7F534178ED91140F4FC2C2A4D157FA7625D2E25D3000B201A1D68F917B8F4BD8BED2859DD4D168B1783C8B265C72D7AA5AABC53866DDD57A4CAF820410B68F0F4FB74BE565D7A79F5F91D85E32D95BEF5719043CC8D1F9A000A8729E95522580023EAE31243295B4708DD8C416A6506A8E521AA41B4952195B97DD134AB13D6ADBCDCE23D39CDBD3E7570A1185903C922B48F9CD55E2AD7A5B6D40A6DF8B74011469A1F790E62BF0F97ECE02F1F1794
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
2
3720
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307040000000E0014001A001D005902

Files activity

Executable files
0
Suspicious files
5
Text files
147
Unknown types
19

Dropped files

PID
Process
Filename
Type
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\Process-Hacker-Portable[1].gif
image
MD5: c3c22e828622dcee6130f4d69a6da424
SHA256: e550045b36856b5badac57598c095341818e420cfd6e9ae1e913a6fa7e4c2192
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\Ashampoo-Driver-Updater-thumb[1].png
image
MD5: 6480f5505e96847c9fd000559c826caf
SHA256: 572cf4138d6c16e4efcbe37224a3531460fd2b214d182cf2945493b73e011dc8
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\PC-Agent[1].gif
image
MD5: dc82170d0e6041de2142ce81f6b8d718
SHA256: 53048bc552f9136225f2d933308d0a0c98df9d35f2c88d5580b1df59e7718884
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\Mono[1].gif
image
MD5: f0b6276458e502071f3b7cb85f78b28d
SHA256: dfbf09d6e9efc00bfdf70d94714f11d26d5b2e5708bc6a16d6d7683115955f69
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\jsstore[1].php
text
MD5: ddc6c72114f95e61a1aa1235885da59a
SHA256: cb91473032a423a3876854a4fe0a78f400fcff7cc0e7e44452c7bf1bef8781df
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\Ashampoo-Video-Optimizer-Pro-thumb[1].jpg
image
MD5: abefdc62e13cd9595f35c22a48ad3f8a
SHA256: bc65b4ad87ad12d66e7b1f1e1f43abbcca7b763bc88b5168631b071dfc58eeae
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\CyberLink-PowerDirector-thumb[1].jpg
image
MD5: 1f32a2354ba4626e84cbaf2e46af17f3
SHA256: 5593c6a2df1d2533750534d539bc7ed9d812702ccee7f90bcfa649b7066aac9a
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\Dolphin-emu[1].gif
image
MD5: 22a954cbc777f789c3b3b60c1782ef79
SHA256: 13b004b446f9eba6604466f99f00a9aee954e2b2ea1a536984f9caf8f4472968
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\Smart-List-Pro[1].gif
image
MD5: d067e5ceee04191272c765ca8b31a437
SHA256: 00990d1fedb65e7ed642ecb94fc50df7de9192d5cab3581cf4fa6085b72bb36d
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\VPN-Gate-Client-Plug-in[1].png
image
MD5: dbfdf5795ffaaed44084f4f124ec3878
SHA256: 4d20940aac2447e20784e94d0778ef7f44fbdce4b2ea47061c75b696dc6fcba5
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\Fakin-The-Funk[1].png
image
MD5: 23d3f555bdcd97659809431602dfef5c
SHA256: 381badb93237f85f37f137faeb410450231636be6c7cd66e1e88dcaa044b1564
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\Mini-Key-Log[1].gif
image
MD5: f636f40254fee46f64960359067bdb8e
SHA256: 7bbd2588dddd66820431bd965bd85e3e29aa6c5b48e5a6df1b191fb5c0b78c66
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\Process-Hacker[1].gif
image
MD5: 77a486728e9deec1858f0e152b787bdd
SHA256: 2b90480177a8f56250bf3bcafaf3587409aae464a49aff76dc17bfab9e55f74a
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\4DIAC-IDE[1].gif
image
MD5: 59582df2c5a6ef818ce5ac1993f8978f
SHA256: 39756e236b9e51e40c24a75986b8ca1ecd6ff49966115e468ebb9a21f0595c16
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\Automotive-Wolf[1].gif
image
MD5: e2388cd5fb778c8a8806eb018ab315e9
SHA256: 573f7ebda945c79a55ad03a81b321b189f51f409b033fff04deabe3535c82928
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\findit[1].png
image
MD5: 2a776467d50f43c9f8226c8e6dbdf2b7
SHA256: dfb71ac89266d827bdb2c4ea89a5cff6887bcf931d9ba46c4de193a268c81000
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\ShellMenuView[1].gif
image
MD5: 46285b442f61f2a61dea7a9630a8f60b
SHA256: cac918f3c576f722ccbb039a77e4e4e406dff62560faf813a3f9905ba6eacb81
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\Bluesky-Frame-Rate-Converter-Portable[1].png
image
MD5: ed6daf6ad5f166aeddc0c170620861a6
SHA256: 73a81d09e870bdedecedd34fde2415f10d64b0b7158893e3748b89ad355588b6
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\IObit-Driver-Booster-thumb[1].jpg
image
MD5: 985e5b6851d35a2cde057fafb6bdeaec
SHA256: 83f77443520593c0886e1a14a006dca35679ed5416c5b9059b28b5f05084c211
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: cd87659020605e7757c97ddb349318b8
SHA256: ffb60d02f9ee715de078161c0c7905ce9a583d9552a6a44eba90a9559c146509
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\Ashampoo-Burning-Studio-thumb[1].jpg
image
MD5: 8ab15ddcc7cd362f0f1927aaf88dd048
SHA256: 89077328f8c4093b439bd3548805fc796ae75bca0ab2951bd5223a90d6e18b92
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\MPV-EASY-Player[1].png
image
MD5: d660a00178ddd5a62ae8f1e2f809612e
SHA256: a3af0a3f1a4beab7719ab79aba1dd81d5f9af625d3761eb0ba7c285735534244
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\OpenOffice-org-SDK[1].gif
image
MD5: ffd6ca7f09136d0a0e5ca60812137b43
SHA256: ce472491df318b6b1d00a03f9c3291bd14b8b72c6da1e6c7409020c692ea0674
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\Scribus[1].gif
image
MD5: ab548a8d7ace6d4b07c1649194486f91
SHA256: 274a62db6425181f92481506e3ba6625b1650179f61d5ad9b823bdd48a44ae72
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\Pyxis-Imposed[1].gif
image
MD5: 2a8523a3b15bff0a3f17adbbd1a7e9f6
SHA256: 4fde7c954b490c2f8b484f81789dc9ba4fef8175411a75919955b98f3a94150e
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\Zemana-AntiMalware-thumb[1].jpg
image
MD5: 82b1b9d81159d2d7e5a6ef55f09e097a
SHA256: ea93fce64ab0eaf9cd4f546bb898bf8b0980683e4f67cc1335e2d89a5f38b809
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\CrankWheel-Screen-Sharing[1].png
image
MD5: 7f1659347328da1ed2b10ea1b3c6d001
SHA256: dc4a06ef43dd030033130076b5e63628cb9a9e742b08b917431ad6e1553f17fc
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\Ashampoo-Driver-Updater-thumb[1].jpg
image
MD5: b109ccd0cc2a68aa859011c6c423280d
SHA256: d756b90ddbabb25ccc431652203e30eeceffed800fcc13b2ffa7f6d9ff6b6271
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\Bforartists[1].png
image
MD5: 8c4fe74bed3310bcf8ae0240596bf427
SHA256: 3de440ee96c5b40585e80d6cd66f4d34f1050cd7365de65109a5fcbabd6c1b71
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\SUMo-thumb[1].jpg
image
MD5: 9d591223129fdf829d6e026f4f65a97a
SHA256: 5f59a5f3d5699e0c06b302f1f8c0c79ae23fb379ac6a40a7a1b8e2f00faef631
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\Wise-Folder-Hider-thumb[1].jpg
image
MD5: c2e73e3f77a529c6bc2d5cb2836c75fe
SHA256: a6408ac4b6f4ebb418a036561c9e80b7f925661a28de27bcdf76570ce53b5f54
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\GSA-Website-Contact[1].png
image
MD5: 6ebb213ee24b0cf7e746fcfb2b3218eb
SHA256: 917a1ab3e4e75e68c110301062265e3c1c4648644387a78a940a9634e1481578
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\Imagus-for-Chrome[1].gif
image
MD5: 9d05090c0ac80e7d9a6989da90425fe3
SHA256: 3bfe081f87a9f8a870a3d99b9d1521b506b360c5afa3b859bff05f4e168c9303
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\SliQ-Invoicing-Plus[1].gif
image
MD5: 62b90286983e427b28a6ab0c50fa0308
SHA256: c26aa0798142756e13611b6c74d5bdcedd658a90493f1a5339647e8e576da41c
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\Contact-Wolf[1].gif
image
MD5: 979a4d99a8e9d1ed2174338a9f74c367
SHA256: 6433df663ec140599bab162157758030816a210d8a29ca84f9daae818ec793fa
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\ZennoDroid[1].png
image
MD5: f38eb01251dd54620339e9497c5a0805
SHA256: 591a5fafd29f6d18f43e2ebbaabb45264769301ac9fc8eccbb2f5bae83301146
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\Win-M[1].png
image
MD5: 0faa0686bf404c7620a66450a51fd9c9
SHA256: 2986f781ce74ce7c31c7f60c21a9c1f02d66fbc3fe9496f4b813fd07c712d333
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\MoviePrint[1].png
image
MD5: 0393846676d76d8e5975050ceabc2342
SHA256: d2e6cc8e711b92059a2ca56aa5152e6255fdd9f54346d4acf7fe9788b219db20
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\rssbus-connect[1].png
image
MD5: 65959b6ce85e59094ead228d180e2479
SHA256: b5da5a87d4a70568c9f59bed90ad294e841eb944efbd8270a0379b19a7dba563
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\microsoft-still-exploring-a-surface-pro-model-with-arm-chips-1[1].jpg
image
MD5: d07ae435849a013ece126df09c2efb8d
SHA256: 07050bd9d6dc3dbd95272b1951f32203c9bfdbad6f7b5fc78638fa4372bf4ee4
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\Just-Delete-Me[1].png
image
MD5: b68464809ebcf63ab48e53127b4a31e1
SHA256: 7643433dda209b8c1fbb94ffa22e946f63e1fb0531d7cfb61f5b3d784949cd29
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\LeoMoon-ParsiNegar[1].png
image
MD5: 0f6f40b0d3a427890ecb8138f8a538b6
SHA256: 53f97286eb3cb702da81749edf9995c0657fe30cc8c1a225cb78f13bea1ebdbf
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\avast-confirms-issues-caused-by-windows-updates-kb4493472-and-kb4493448-1[1].jpg
image
MD5: 0a0b71c2e48d786a50895967dc7bdfe5
SHA256: 7e4152f4cdedec65521796b39db046eeb97244e44c31225edd70684b91b44c64
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\Forkle[1].png
image
MD5: 521c4732666c3cb7ed46499fa4ca491c
SHA256: 91922cd609fed64df4822e97209233a904ea79d0bc57a436105720568a8cac53
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\Network-Authenticator[1].png
image
MD5: 20810986e000553c54084346bcbf1b22
SHA256: 7017880e579fdac49164b9fded0887279c552ad184905e843dc74136e52ea04f
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\this-zune-trick-keeps-windows-phone-apps-alive-for-a-few-more-months-525662[1].jpg
image
MD5: cf49b64243c77875fe6be004f5a89897
SHA256: a2ebe4a936165b91be288d65d4bf9bbf1c053734390b8629198d736b50771452
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\microsoft-reveals-email-breach-says-hackers-accessed-user-data-525664[1].jpg
image
MD5: cedda3ca7e3f0aeaa2f081492d6037ae
SHA256: 7c315513dbd8b65b180ef1436598b221c953526553146178a5778bc6b8fd93ea
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\mozilla-firefox-for-windows-10-arm-now-available-for-download-1[1].png
image
MD5: 59f99021633767a94cbc02f8e5a98901
SHA256: 185170435c718e250ae8b2163c83371e297861fdd58137b13e1a84871fbb8aea
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\microsoft-to-update-onenote-with-a-dark-mode-1[1].jpg
image
MD5: 8bad84a7c96199c7fdc0cb8800586411
SHA256: a3776a2e36d66b978382607e8825d21f724b620bff5d204ad8f7815f8559fa8a
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\Altus[1].png
image
MD5: 1aaffc9c90d2b8a4124ec6a30e04a5e6
SHA256: a442ff19463bb72d8d26328a71f023109b00d172fbb898c17d71ae1078a2bed4
2492
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 95dee0d1d289de8e31c0867d43efb480
SHA256: 500d4538b902e7c8cb9acdb64c36ce6aad5e8fc5c96f7ba2ffe709afa208b0a0
2492
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
2492
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\L9W6CVZ0\win.softpedia[1].xml
text
MD5: fa913211480e8eaf1636bd74cbf013fd
SHA256: 450a8641e7869fab6b9b9dfabb38579713d6fffa535fd7bcf6aba6c38862c865
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\f[1].txt
text
MD5: 82bb040bd5729e459f7cc5a09981cc86
SHA256: 0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\f[2].txt
text
MD5: 82bb040bd5729e459f7cc5a09981cc86
SHA256: 0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\win_softpedia_com[1].txt
––
MD5:  ––
SHA256:  ––
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\_min[2].txt
text
MD5: d6f4ef7a19ce190ac62527b4c2f083b0
SHA256: d38319030bbbfa603ac2d17664452c3c3c13592512ca6b55863d6dbc91e0e7eb
2492
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\L9W6CVZ0\win.softpedia[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\win_softpedia_com[1].htm
html
MD5: 57fe23455ececed9a6b3857cfa3182c6
SHA256: 7f337c6baf5bcd06ce4e164134038f97e75a78df408dbea505a1ca87a538a95a
3720
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\favicon[1].ico
image
MD5: b542de13dc13e6d1ebaa0fb219754043
SHA256: 24bcc86822290061cc915e2248ef28b8caae6b4ddf6c273ec5657a12dfc1aad7
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: 9dbcf944e05c771fe93f6f275d209595
SHA256: da1fe9b238cc768473faf59d0c75af9a05986b6dbb21477d7c7220515108a955
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\the-dream-of-a-real-windows-10-phone-could-finally-come-true-1[1].jpg
image
MD5: ca6f54f88a88850941e2a44d0fb2c5b8
SHA256: 20e05951327a867e0b6229a07b67970333b21d97361668ded61cbeec93c23ee4
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\microsoft-will-allow-iphone-android-users-to-share-their-screens-on-skype-1[1].jpg
image
MD5: 2f013cd93ed929a2800c361c8ab3d006
SHA256: 5d2e58ad15a687254aada74a0092a95c8b26038fec213c442c8f4a01d755ff09
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\microsoft-confirms-new-bug-in-windows-10-cumulative-updates-kb4493509-kb4493464-1[1].jpg
image
MD5: 22cb9cd270a8038b343750593a78afd4
SHA256: 2204c2b181f53474248ac345441040794e26dc9244d92f6c601ca55bcede2f76
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: c5fe6f2003eee95dee576f1fb667431f
SHA256: c4888718f8c4a3a35ca48e7b514b39b1a25a9a491c25d6d0e704dc8a64b0b724
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\razer-phone-2-review-525413[1].jpg
image
MD5: 279e42857540d2a3af057ee7784e047c
SHA256: fe7918f5771b438a0ad3aa0be1a09886d2da0af489cf70bdd503a09891748b0c
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\motorola-moto-g7-play-review-525407[1].jpg
image
MD5: 658b4707179d687803b25cc65fb468dd
SHA256: b5bea0b4c51fa7360f7eec9977240580bb8561ba92f00fe560733de636c57374
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\motorola-moto-g7-review-525322[1].jpg
image
MD5: 69e0f13960a70032dfe1cdc9c0a3e8d6
SHA256: ebb9f8be3e6ab176a306996dbc577e58a4e29028a10ca9b39dc955795148d228
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\samsung-galaxy-s10-5g-has-a-hard-time-using-5g-1[1].jpg
image
MD5: df49a857ff7e217b9b031bc93b9b3775
SHA256: 66f4d5571f2b015fd69263b34dd8d3349e2b88411d9b1fba1b4a1282a2396245
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\Ashampoo-WinOptimizer-Platinum-Suite_1[1].png
image
MD5: 867aa7dd2b58990e83194b2600232d1d
SHA256: 502486dc6af9946a3912a17bfb152a104c6c901a379d6ba100939939f4c9eb19
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\how-to-fix-issues-with-windows-updates-kb4493472-and-kb4493446-1[1].jpg
image
MD5: 9e677b96140976fd6e516b179e9a778a
SHA256: 0686a5a14e4387019465fd6be51478e8549c6c60bdd98e90ee20554ea852de6a
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\company-claims-all-iphones-violate-its-wi-fi-patents-1[1].jpg
image
MD5: be771951c0c4f8f7205c20ca09ef2375
SHA256: 95c82ae94eaf7b21f005ea1bf8cb5809902d93ac5718820ea9bfeddc319573e2
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\Jniz[1].gif
image
MD5: 8411e2c8974349de3dd0b25a2e5d6339
SHA256: fd957ba1f19d4d3d8c2c378189708ec91f4526f4d79297a06ddd97887c75bf9a
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\Start-A-Better-New-Tab-for-Chrome[1].png
image
MD5: ea9a61bfaeb9e4c9afc970e6b85e4bea
SHA256: 9fe0e96e501042d21779f31ae648d2a1f03353633dabb76ce77a953edc5c3627
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\Agility-Record-Book[1].gif
image
MD5: d80ed324ad80d850ecafc975d37f9434
SHA256: 94be48f0db751fa8b64c8216bf87aed0c3320d4dc411a9df607fcacdc0bd9015
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\ScanPapyrus[1].gif
image
MD5: 72df6238fe0c11bdeacff0f69c0da91a
SHA256: 1cd48b4c54d231d2caf4b1d797c94c08bd11365bbfa77e9363916092486ec22b
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\this-zune-trick-keeps-windows-phone-apps-alive-for-a-few-more-months-1[1].jpg
image
MD5: e550ebf678d65c63b4b9568c8a70b24c
SHA256: 77af7e7f293a525587f45d03cf0ed1ce0458479da1966270abe8928ad5f899bc
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\microsoft-says-windows-10-cumulative-update-kb4493509-freezes-devices-on-boot-1[1].jpg
image
MD5: 17f754aa7e563582321ac7092b2cc7c3
SHA256: 499e6967d37fe3a062b2da7bb46f462002c2551a4cc518ff52545263a7d466b9
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\ubuntu-19-04-disco-dingo-enters-final-freeze-ahead-of-its-april-18th-release-1[1].jpg
image
MD5: fd890cca24e2b52ab9ea2516c91ba4c2
SHA256: ef81de74b48a30417d406210cd4a6269756bd1706ecc99e4317d231420390f23
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\flatpak-linux-app-sandboxing-gets-new-fuse-based-system-wide-installation-method-1[1].jpg
image
MD5: 59ffedfca14701437fe352d46dbd0f41
SHA256: 2fc2fd328fdeea4317a3a70e64c776ef930e99d0c715aa89ed0b57dd5f8c764a
2492
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: b25416502a5337deb6508e0a963b33df
SHA256: af565d92eceac17ada43b5ee33b6d0b23736f212bff9496f091c007686607b2c
3568
FlashUtil32_26_0_0_131_ActiveX.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\DSpeech[1].gif
image
MD5: bda6891180aac626e010c1e77402032a
SHA256: 02811e5fbc4ee9cff4c7d63361f1b5b8b5559d05317050fdbf5f7f1b38e02013
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\Sniper-Kills[1].gif
image
MD5: 9a3602382f3fe58e38f75a23810ae9a4
SHA256: 73251ec5f59fbb6fd796c932f900e9a574a83dd9df238b8dec69afc5af8125a7
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\tom-clancy-039-s-the-division-2-review-525420[1].jpg
image
MD5: 52f943e68eceb5cae83605f2eee98d61
SHA256: d941a5e95f8159c975b8f10bfb741c5e119866ab9b0850dca1bd97f8a0795f24
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\cmp[1].js
text
MD5: 4b2f080b3561a8dacdc49e75a5aa12d5
SHA256: fc9e5ceaafe699c847c05991329b276b08550561594586405c96af4ab74faee2
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\microsoft-reveals-email-breach-says-hackers-accessed-user-data-1[1].jpg
image
MD5: a2f1be042c62f9c71a9cf8c03b07de3e
SHA256: 09fd0404676692d5c362c03c6ee5311865b48a55638cdca579966ccf69378bb9
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\SUMo-thumb[1].png
image
MD5: d7fc02b2f7249d250e5729802bd963cd
SHA256: 93b0132dc402693339fe666331d35d3940be5505ddc7f9893a4846ecfa08d11a
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\Wise-Folder-Hider-thumb[1].png
image
MD5: 8ac312ba2e4499b655adf2a49e3790e7
SHA256: e7b46200d63885d10af937374918ad49b9b5ecf281d7a410ca8ec8dfeef28fe6
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\Portable-VoiceMacro[1].png
image
MD5: 09da8ffdad42b2286717aa007518501f
SHA256: 2cbf9a05cd5055789fea41f85d4e824a4bcc28ae454a50d32ce30af1af1dbafb
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\Ashampoo-Burning-Studio-thumb[1].png
image
MD5: c95066803299052d4b859809a83220d3
SHA256: c22939ba9a835fcb0162e7930bcff45a5b2a59c63aad6530528db7388e29f529
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\nelke-the-legendary-alchemists-ateliers-of-the-new-world-review-525622[1].jpg
image
MD5: a097de49200174981faec9cce9e09ed6
SHA256: c3f8f7d1e2078195faf58401ef71fb25e762ac31416d13b36281400f24588935
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\Zemana-AntiMalware-thumb[1].png
image
MD5: 39ceee97fe34bfac9476e2c4723cad8f
SHA256: da771c8c3c4d6500f7064ca1b1b62070bb2b4aac1d7156e7305d7f176133e704
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\generation-zero-review-525582[1].jpg
image
MD5: 241558943cac37b2041a7d4ffddf4540
SHA256: 6a16920f01ff7672bde81b3edc62d264fb3d49b0a925867c8e8c546c22f26382
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\one-piece-world-seeker-review-ps4-525575[1].jpg
image
MD5: 9aadb9ef1ad47910d9d814095c699478
SHA256: ef8d38c743d8bcd0060c152860a9056fbc95da63011ebacaf8021cb9a337ab60
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\Dapper-Laurenson[1].png
image
MD5: 9716a218ccf8d9a7aed1afd1b01f348a
SHA256: bedcdf598a75a096b27140c6526a91f2ad61573541b9b59b58786c53731b95ff
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\IObit-Driver-Booster-thumb[1].png
image
MD5: 69f386de8020b4340c6857e576e16333
SHA256: 11a66d183d374e68f9db413cb157117ebe438c8c6e92a156da2d7ee84189a8c0
2492
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: 41f3c9fdf8d14b1c70d742e505322530
SHA256: 8d958650ed1fc9aee62fa6cfc78a183b51766d5bc1ed633fea4609111d90f428
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\aragami-shadow-edition-review-525440[1].jpg
image
MD5: 02730accae5e0526c8d0d15bb2ec9613
SHA256: 62ccdf245169e0ffe37dd66c1815f9d869eacb1b0405a5329c8e933826132e61
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 48ac4a4fc175c2b569c42937e667e534
SHA256: 923975c0fd77de86f7d307befec551be27766c9f3cd38b9d5d36b936fac7a8fa
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\mx-vs-atv-all-out-anniversary-edition-review-525490[1].jpg
image
MD5: 8cb905fbae805cfe5fcce91a933af4c6
SHA256: 138c8395e03899e49d8eb203c3ac4e881f9d26b2c7ce3be6085e14051bd516bc
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\tropico-6-review-525585[1].jpg
image
MD5: f56f16466158d44ee20962daec35b2f3
SHA256: f558974abd2bcd7453e41e21f5e31d787e89fc6c6c5d9558e91d5cbf06e2b0bc
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\Node-js[1].gif
image
MD5: 8e50142086f0b3914281078fdad521fb
SHA256: 6ed7c4827625f2db4ac9e55435344959c436f9dddcaada4359bc597d9418e41d
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\iLok-License-Manager[1].gif
image
MD5: c9785c362f7d14e9a5e90c00ef43e30b
SHA256: 0f53d19182cdc9a973522ec41731efbb5618ad58739ce298204efdcab95e305e
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\Eventzilla[1].png
image
MD5: 084a0b61068490111271563821b0f837
SHA256: f69e892d58518798b0740fd0983f14bb48c5797c935e088118a831aac564a8eb
2492
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\TarE5C3.tmp
––
MD5:  ––
SHA256:  ––
2492
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\CabE5C2.tmp
––
MD5:  ––
SHA256:  ––
2492
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: 04d79a0dc77a8f449cbff6252862d398
SHA256: 4c9c4d831d61c8c38b2513f9b431ef4f4cf6af9fb18a2317cd2178d6e0997822
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\Ashampoo-Video-Optimizer-Pro-thumb[1].png
image
MD5: 055dd16e6c911c759e298ad35ffd3144
SHA256: 043682d20aff8e90531d92da3d1ba34d7b9eb2e547b8f40a38e43110ec83b2b7
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\Flume[1].png
image
MD5: e85335649c5710d3d99421410ec25565
SHA256: eb6bf236f717f4ee38eefd3c54dce2ef30fc3b371456e7264a21620784982746
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\icon_gom-audio[1].png
image
MD5: e5649c46b857a079c747db8844c43beb
SHA256: bc0669c23dab86d0bd0879c326230d29795b542e058fe0d9e50d8a0b9e86d51f
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\CyberLink-PowerDirector-thumb[1].jpg
image
MD5: d6fae301a090dd26d219de540a3bd39b
SHA256: f2588e036bcb6e4ac4ef09347fda5fb03908ab69db848ef91166b4873ab63a20
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\blackwidow-lite-review-an-almost-perfect-keyboard-for-gaming-and-office-525497[1].jpg
image
MD5: fef40fc2cd8393173b1c916303498fa9
SHA256: 628a10fa075292ddd4ab884f6e31ce503f5ede5ce0291c085816a2bd350a1733
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\razer-atheris-review-a-gaming-mouse-fit-for-laptops-525501[1].jpg
image
MD5: 77c92b92f14d70328fd95ee775847ee2
SHA256: d898a4ba01a1e2d25521d0d5bcd3e0ca0a1e0d6498865e0253758028b568bf33
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\Keybase[1].png
image
MD5: d551bd05193fe8e3e9eb69555122e185
SHA256: 098f518870293c17d5b3fd3201d07cffa71be5b66928e2154508e5e3894462ad
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\left-alive-review-525651[1].jpg
image
MD5: 4104ac1ad0105f7b3473db2e90988f41
SHA256: 92d352253d070448fcc053fb4f87a3fe2c1a1e1385df0e8dd073513c610ebc38
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\icon_8fit[1].png
image
MD5: ef4cbec1c4566826ac85c829c4558ba7
SHA256: 5bfcab6111f5b02677a9ba45b826d03d4c86c4d52d982117aa4346891a33a9d1
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\icon_salt[1].png
image
MD5: 733380606d6583bbf5e24fcc5bd3f3b5
SHA256: 1a603febe80d3b3622f22be383f55920fa8aebf70fe4e621a5b3e050104023d2
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\Appy-Pie[1].png
image
MD5: e18f697238435b424a17edddf9bc13c8
SHA256: 95a0c1a0503eb7869d3d924b3a393fc7076c36e0d9a4d1d229ae6fa5ec6c0e79
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\icon_risk-global-domination[1].png
image
MD5: 120f85c85b6176b0942169fd57b3dac3
SHA256: cb5ffc66af05a484c93ee694afaf444cc89671f19284afcf22b54c2faa2282c2
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\icon_daily-life[1].png
image
MD5: 6159556a32b299564caf37fbb07fef60
SHA256: 5a5ec29a1a966f5c3bd046a17c3079273f07a30d83d44d4f4e5632fdf7b3a693
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\Receigen[1].gif
image
MD5: 484fbf4752380246186dd000aebaacb2
SHA256: 57d411af57df245ea9477bd4a9c60426f4ef51b87aa42f71d8a52d894d2de259
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\jsstore[1].php
text
MD5: c59aaf51039fa5d6f8d233f06430a223
SHA256: 0f4dadf0f6698f38ce105d32d9a5c0b7b868226cec7313191154e66ecb305222
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\Wine[1].gif
image
MD5: 60cfade29f66b57bea3a3c6c75e5bc68
SHA256: 4248c21582fbfafcbe9565bb9f04a00ef468afd6e9bdefd81ef4634ab7183c3d
2492
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\TarE4B8.tmp
––
MD5:  ––
SHA256:  ––
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\Notejoy[1].png
image
MD5: f6eaaf59242f3bd1ecf363a330e16115
SHA256: 3942351c0e993ce6f663fd30de239d2a055deb18a975fa304be238ada2591c11
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\GGather[1].png
image
MD5: 2bad6f6d61929908d4007e3b31a397c9
SHA256: fa18aeb462e44fda152cb89b8fe52d6a628dbaa7d89c65f0e7aa00cd5cba574b
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\Synfig[1].gif
image
MD5: a1c68ba54d7d558dbde1833b3498020a
SHA256: 57dae31357bb5d4af3d0ff3db46622634fc6550bbfab8534d08905da080d5a25
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\Opera[1].gif
image
MD5: ae1a8204ce6fbfded08c673945d1349f
SHA256: 445ec753854266685e2fbf06932b004ad72082344bf33c20e4c8f0d60cc7052b
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\Yandere-Simulator[1].gif
image
MD5: a6a57db56351eb3e2b37f1381091c503
SHA256: 3839d60717cb8fea92d4765a53b1272a945be63df556c532018be80bacf90ba9
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\TMetric[1].ico
image
MD5: b0ed0ae19271f5c7849b1f48683f0d12
SHA256: 1d54c1509cf2cc3925e3b18f62f62af55ab87bb5189a3f87c8e2aff2ede65b8e
2492
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\CabE4B7.tmp
––
MD5:  ––
SHA256:  ––
2492
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\TarE496.tmp
––
MD5:  ––
SHA256:  ––
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\analytics[1].js
text
MD5: 0ea40a4cb2873a89cbe597eaea860826
SHA256: 3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\Candy-Crush-Saga[1].png
image
MD5: d1255f639eaa83045de2b41a0157cca1
SHA256: 0b5fcd368402ab72da2afac77947578ce4aa04fbdd56044457c4318f4315bec8
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\openBVE[1].gif
image
MD5: 5b6deafa02b1f6ef0170b8950760f2a9
SHA256: 2e30d13608baf8b090830da2e82d3414462cc80585609d4ce05dcd0336ad02d6
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\Emacs[1].gif
image
MD5: b3d1e80743724da002c5475ea01fc8a5
SHA256: 8acf74f9885c490980cd5f730e8697270f9ed8ffe48b21e1014861109785d81b
2492
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\CabE495.tmp
––
MD5:  ––
SHA256:  ––
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\Dream-Savior-Gakuen-ReDraw[1].gif
image
MD5: fce6914c8ab169d37b441bfd4bf2199e
SHA256: aa7f2d5568d5ad7d0cc1c5c1058220297db49d98c695719d0e7e58b0ec6834e4
2492
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
der
MD5: 55540a230bdab55187a841cfe1aa1545
SHA256: d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
2492
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
binary
MD5: 88a6e06e0711261fd7acfd02c57a2a3a
SHA256: d604cc409497aad0405f1eb61a85325a15fb1b9c2cdcd69f43143758151df2de
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\cogecopeer1-3[1].png
image
MD5: 0c6dc90a4238b9ef17b11f7d06dc69ab
SHA256: 7c7b2129b47e99192bfcb5a2b767a41ed51c64e3de644d5c932e1528255da0ef
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 9ae8a2302f176fa08e2d03414d1c59f1
SHA256: 0b28b6e5a4e4953e304ef04ec76808d6c8e8cc59eaf15fc0bd56a29c070bdcc9
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\museosans_500-webfont[1].eot
eot
MD5: 56da6236c508a5041bb1b43f1e6a2339
SHA256: 69ad68eb84ab336af86ee3f3c6f1e071dd9e3d2fb39e7e642231c8871306ddaf
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\_min[1]
text
MD5: 2912b33286e24924a3e7bc97fdea7f98
SHA256: 69e5ef8a07508afafb72ed445ad713a47bcbd6a69c00b1df9310a1d465209084
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\museosans_700-webfont[1].eot
eot
MD5: 88f05b15b7c6cea23cc41d6c5624f470
SHA256: 7e0a7272b104978857ee05de0a47b4b0c7d6259e2b7b129cbb529ee2fe205ece
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\f[2].txt
text
MD5: 82bb040bd5729e459f7cc5a09981cc86
SHA256: 0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\f[1].txt
text
MD5: 82bb040bd5729e459f7cc5a09981cc86
SHA256: 0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\museo_slab_500_2-webfont[1].eot
eot
MD5: c2bec9da251783b19d4bee9a40e85539
SHA256: 2433fa7de1a30c97b95689b87f86bac8458210776ac558b72ae90a9e848a3913
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\_min[1].txt
text
MD5: eec9cc8971fedc368010e27ce9490e62
SHA256: 78362c16d1b74e1539fb92eff0054ba79cba254a5b4f23bfad8a55aaf67dbe83
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\museosanscnd-700-webfont[1].eot
eot
MD5: ccf610a8479280ce9dadd08f6c1e9f2f
SHA256: dd060e4b6c6e5c1d1eb5acf444ca9cfa5fd268f52787233207f898df45d96da1
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\museosanscnd-500-webfont[1].eot
eot
MD5: 1515f94431dff223cecf2d2984d0e6d4
SHA256: c5e23a5967363cc4216259913477a4e9084a139171749af02129606771fd0408
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\museosanscnd-300-webfont[1].eot
eot
MD5: 92d4fdb1d8fbe7603371f5835385a109
SHA256: 75fdab5ebfa7270df69df613586450eb2180a9715b313cb9566288ba87a297ab
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\museo_slab_700-webfont[1].eot
eot
MD5: 756854c88237ab2b09d8dd3d70fd7441
SHA256: 19caf529dba3a5d9aa30da93878d1b2c159021723b90476e7dd21388896bac0e
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\museo_slab_300-webfont[1].eot
eot
MD5: ed74a7b77f5a7cd8f9f81ac6d7fca179
SHA256: 621986fbbd06b06f52dddd5e0603cf141c68b45dd76ff4d371283a9207e06889
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\_min[1].txt
text
MD5: 87db97048e2c68f6e22a6b754da10aa7
SHA256: 0250602e33bb23615142ee87086e401de4310bb43b83d92bdf86693d57045a44
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\fontawesome-webfont[1].eot
eot
MD5: d57c2883af8dcf1b66f42ac9caef2692
SHA256: 93bccf50f77a3b0da459ae715a0cad35522c4853e89d9aa8968c6a4c4cce8354
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\consent-ie[1].js
text
MD5: 6e202ed140e1167b0a9a783c34b3d3b8
SHA256: fda9568add101a6f03e1e4373791ddf80e23a1d9676d3f5cafe8152e9a2b7552
2492
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\PK5Q77MZ\www.softpedia[1].xml
text
MD5: 55d11a5a3d325771bbb7659f79146c5f
SHA256: c028fd6c8b74b99720235785995f0c64360f3b5771831decedbaedb2c3b59f14
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT
smt
MD5: 60272cba5ad84466b761ccb17bc51037
SHA256: ed2a144c57ac894562da29c3ed8df7a741f5a07e4c053cd366417c3574ec4cae
2492
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat
dat
MD5: 14e12cb2cae3e41230a310728d5a2711
SHA256: 2d318041428a293e01b3b7fd9a2b63f6fd958fb6c3643b4fdb21e5095239c57f
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\f[1].txt
text
MD5: 408c9fdb7ff0dd19e147b83b6c2c4d89
SHA256: 356ed093ada476acb0ed5ae174e7ce47d32401a1acd9ad28af77ff484715eb16
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\_min[1].txt
text
MD5: a690b2119842b01caad373b16662cf02
SHA256: d48c74a01de0c9f27d97f0f05133e045bce1e2f22aa35edc61b118edb1543e23
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\softpedia_com[1].txt
––
MD5:  ––
SHA256:  ––
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\softpedia_com[1].htm
html
MD5: 9ee9d803967a80de3f7c00111d955123
SHA256: 6ab2be61aac12a09c795f87d992fbb057e25e33d2054a8f3e93b2facc1d17a7d
2492
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: d7a1170396afd4d1c8b3e8e3ff7fde07
SHA256: 25c432aed5bbad1aebe2ae4604edfa25d44beec0c2e1357e8f0599f80ba0928f
2492
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: 14c76b2255a166dd8074f29769100358
SHA256: 92e4e837a538df7d8b3da64cb7b9544c5e805646d5441cc4ee8ba2e569f9b494
3720
iexplore.exe
C:\Users\admin\AppData\Local\Temp\StructuredQuery.log
text
MD5: 8cac9849c1e615e04dc09ea858990a09
SHA256: 331bc69c0db2379ef0aa8643f4cd4ce003f87a3cb2541fe46e34f2dc3f410723
3720
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
3720
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
––
MD5:  ––
SHA256:  ––
3720
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: e06c88155521b991b82c988319cbf916
SHA256: 5cbea17e61b1ad49f21cb662948aa6cd7ce7dce9afacd4393224bf0ed7a192c6
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q93G3HKT\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3720
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O67Y2U0O\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNIC19MS\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZVZXNHM\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
2492
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
4
TCP/UDP connections
83
DNS requests
20
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3720 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
2492 iexplore.exe GET 301 64.225.158.189:80 http://softpedia.com/ CA
html
whitelisted
2492 iexplore.exe GET 200 13.32.222.30:80 http://x.ss2.us/x.cer US
der
whitelisted
2492 iexplore.exe GET 200 93.184.221.240:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab US
compressed
whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3720 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
2492 iexplore.exe 64.225.158.189:80 Peer 1 Network (USA) Inc. CA unknown
2492 iexplore.exe 64.225.158.189:443 Peer 1 Network (USA) Inc. CA unknown
2492 iexplore.exe 64.225.158.192:443 Peer 1 Network (USA) Inc. CA unknown
2492 iexplore.exe 69.16.175.42:443 Highwinds Network Group, Inc. US suspicious
2492 iexplore.exe 216.58.205.226:443 Google Inc. US whitelisted
2492 iexplore.exe 172.217.16.162:443 Google Inc. US whitelisted
2492 iexplore.exe 13.32.219.216:443 Amazon.com, Inc. US unknown
2492 iexplore.exe 216.58.207.78:443 Google Inc. US whitelisted
2492 iexplore.exe 13.32.222.30:80 Amazon.com, Inc. US whitelisted
2492 iexplore.exe 69.16.175.10:443 Highwinds Network Group, Inc. US malicious
2492 iexplore.exe 93.184.221.240:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3720 iexplore.exe 69.16.175.42:443 Highwinds Network Group, Inc. US suspicious

DNS requests

Domain IP Reputation
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
softpedia.com 64.225.158.189
unknown
www.softpedia.com 64.225.158.192
64.225.158.189
64.225.158.191
64.225.158.190
unknown
pagead2.googlesyndication.com 216.58.205.226
whitelisted
cdnssl.softpedia.com 69.16.175.42
69.16.175.10
malicious
adservice.google.com 172.217.16.162
whitelisted
adservice.google.es 172.217.16.162
whitelisted
quantcast.mgr.consensu.org 13.32.219.216
13.32.219.181
13.32.219.210
13.32.219.115
whitelisted
www.google-analytics.com 216.58.207.78
whitelisted
x.ss2.us 13.32.222.30
13.32.222.12
13.32.222.51
13.32.222.163
whitelisted
games-cdn.softpedia.com 69.16.175.10
69.16.175.42
whitelisted
windows-cdn.softpedia.com 69.16.175.10
69.16.175.42
whitelisted
mac-cdn.softpedia.com 69.16.175.10
69.16.175.42
whitelisted
linux-cdn.softpedia.com 69.16.175.42
69.16.175.10
whitelisted
webapps-cdn.softpedia.com 69.16.175.10
69.16.175.42
whitelisted
mobile-cdn.softpedia.com 69.16.175.10
69.16.175.42
whitelisted
news-cdn.softpedia.com 69.16.175.42
69.16.175.10
whitelisted
www.download.windowsupdate.com 93.184.221.240
whitelisted
win.softpedia.com 64.225.158.192
64.225.158.190
64.225.158.191
64.225.158.189
unknown
s1.softpedia-static.com 69.16.175.10
69.16.175.42
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.