General Info

File name

FW Quote 122065 - Thorud Inc.msg

Full analysis
https://app.any.run/tasks/0673524b-5d28-44ee-85ab-6390a9c510b8
Verdict
Malicious activity
Analysis date
11/8/2019, 15:55:45
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/vnd.ms-outlook
File info:
CDFV2 Microsoft Outlook Message
MD5

dcba977c3a505d36196e616da0ea7e20

SHA1

1b21f9606b4844df9a6e14196c1e0d5a6962ebdd

SHA256

3c16901de7b27803d9075315efe2ca55d2f40445b0f60973a2f97379e0dc473d

SSDEEP

3072:xK+yUmH/3lRVw/VUHZ3leHAUpD6FPsLgv4M6FX70lDuXI8:YGN

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Unusual execution from Microsoft Office
  • OUTLOOK.EXE (PID: 1796)
Modifies files in Chrome extension folder
  • chrome.exe (PID: 928)
Creates files in the user directory
  • OUTLOOK.EXE (PID: 1796)
Reads Internet Cache Settings
  • OUTLOOK.EXE (PID: 1796)
Starts Internet Explorer
  • OUTLOOK.EXE (PID: 1796)
Reads the hosts file
  • chrome.exe (PID: 928)
  • chrome.exe (PID: 932)
Adds / modifies Windows certificates
  • iexplore.exe (PID: 3344)
Changes settings of System certificates
  • iexplore.exe (PID: 3344)
Manual execution by user
  • chrome.exe (PID: 928)
Application launched itself
  • chrome.exe (PID: 928)
Reads internet explorer settings
  • iexplore.exe (PID: 2876)
Reads settings of System Certificates
  • iexplore.exe (PID: 3344)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2876)
Reads Microsoft Office registry keys
  • OUTLOOK.EXE (PID: 1796)
Changes internet zones settings
  • iexplore.exe (PID: 3344)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.msg
|   Outlook Message (58.9%)
.oft
|   Outlook Form Template (34.4%)

Screenshots

Processes

Total processes
71
Monitored processes
34
Malicious processes
1
Suspicious processes
0

Behavior graph

+
start outlook.exe iexplore.exe iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1796
CMD
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\AppData\Local\Temp\FW Quote 122065 - Thorud Inc.msg"
Path
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Microsoft Outlook
Version
14.0.6025.1000
Modules
Image
c:\program files\microsoft office\office14\outlook.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
c:\windows\system32\apphelp.dll
c:\program files\common files\microsoft shared\office14\mso.dll
c:\program files\common files\microsoft shared\office14\cultures\office.odf
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\microsoft office\office14\addins\umoutlookaddin.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msimtf.dll
c:\program files\microsoft office\office14\1033\outllibr.dll
c:\program files\common files\microsoft shared\office14\msores.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\program files\common files\microsoft shared\office14\1033\msointl.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppc.dll
c:\program files\common files\microsoft shared\office14\riched20.dll
c:\progra~1\micros~1\office14\olmapi32.dll
c:\progra~1\micros~1\office14\1033\mapir.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\shell32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\dwmapi.dll
c:\progra~1\micros~1\office14\contab32.dll
c:\progra~1\micros~1\office14\omsxp32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\mspst32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\progra~1\micros~1\office14\exsec32.dll
c:\windows\system32\tzres.dll
c:\windows\system32\uxtheme.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\progra~1\micros~1\office14\rtfhtml.dll
c:\windows\system32\mlang.dll
c:\program files\microsoft office\office14\1033\omsintl.dll
c:\program files\microsoft office\office14\wwlib.dll
c:\program files\microsoft office\office14\gfx.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msimg32.dll
c:\program files\microsoft office\office14\oart.dll
c:\program files\microsoft office\office14\1033\wwintl.dll
c:\program files\common files\microsoft shared\office14\msptls.dll
c:\windows\system32\propsys.dll
c:\windows\system32\msxml6.dll
c:\program files\common files\microsoft shared\office14\usp10.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\profapi.dll
c:\program files\microsoft office\office14\omsmain.dll
c:\windows\system32\winmm.dll
c:\program files\microsoft office\office14\addins\colleagueimport.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\program files\microsoft office\office14\onbttnol.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\program files\microsoft office\office14\socialconnector.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\mfc90enu.dll
c:\windows\system32\mapi32.dll
c:\windows\system32\oleacc.dll
c:\program files\microsoft office\office14\1033\umoutlookstrings.dll
c:\program files\microsoft office\office14\sharepointprovider.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\sxs.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\progra~1\micros~1\office14\outlacct.dll
c:\windows\system32\msident.dll
c:\windows\system32\pstorec.dll
c:\windows\system32\atl.dll
c:\windows\system32\winspool.drv
c:\program files\common files\system\ole db\oledb32.dll
c:\windows\system32\msdart.dll
c:\windows\system32\bcrypt.dll
c:\program files\common files\system\ole db\oledb32r.dll
c:\windows\system32\comsvcs.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\tquery.dll
c:\windows\system32\structuredquery.dll
c:\program files\microsoft office\office14\msproof7.dll
c:\program files\common files\microsoft shared\proof\mslid.dll
c:\windows\system32\msoeacct.dll
c:\windows\system32\msoert2.dll
c:\windows\system32\inetcomm.dll
c:\windows\system32\inetres.dll
c:\windows\system32\acctres.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\hlink.dll
c:\program files\internet explorer\iexplore.exe

PID
3344
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" https://floryind-my.sharepoint.com/:o:/g/personal/bpoot_goflory_com/Ek3g3uQoIK5OnWr7IcyzlJQBVHrLFJmmpe1vuGUHb6bWwA?e=5%3aVqldL2&at=9
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
OUTLOOK.EXE
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll

PID
2876
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3344 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\winmm.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\feclient.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\msimg32.dll

PID
928
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe"
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wpc.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\wship6.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\wbem\wmiperfinst.dll
c:\windows\system32\pdh.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\imagehlp.dll
c:\program files\winrar\rarext.dll
c:\program files\common files\microsoft shared\ime14\imekr\imkrtip.dll
c:\program files\microsoft office\office14\olkfstub.dll
c:\program files\common files\microsoft shared\ime14\imejp\imjptip.dll
c:\progra~1\micros~1\office14\mlshext.dll
c:\program files\microsoft office\office14\onfilter.dll
c:\program files\microsoft office\office14\visshe.dll
c:\program files\common files\microsoft shared\office14\msoshext.dll
c:\program files\microsoft office\office14\msohevi.dll
c:\windows\system32\mf.dll
c:\windows\system32\shdocvw.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\syncui.dll
c:\program files\notepad++\nppshell_06.dll
c:\program files\windows sidebar\sbdrop.dll
c:\windows\system32\stobject.dll
c:\windows\system32\cryptext.dll
c:\windows\system32\colorui.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winspool.drv
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\audioses.dll

PID
3172
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x60ffa9d0,0x60ffa9e0,0x60ffa9ec
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
532
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1520 --on-initialized-event-handle=312 --parent-handle=316 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_watcher.dll

PID
940
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1040,7448996386227869860,10274275340318926010,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=11095972038388563683 --mojo-platform-channel-handle=1032 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\75.0.3770.100\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\75.0.3770.100\swiftshader\libegl.dll

PID
932
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1040,7448996386227869860,10274275340318926010,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=8020434283028187055 --mojo-platform-channel-handle=1620 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll
c:\windows\system32\dbghelp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ntmarta.dll

PID
1820
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,7448996386227869860,10274275340318926010,131072 --enable-features=PasswordImport --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3954796236798901624 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3028
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,7448996386227869860,10274275340318926010,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3188935943757270244 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3352
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,7448996386227869860,10274275340318926010,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14410560731063908950 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2468 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3912
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1040,7448996386227869860,10274275340318926010,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=7182737745577289968 --mojo-platform-channel-handle=3056 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2424
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1040,7448996386227869860,10274275340318926010,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=5507571584134042109 --mojo-platform-channel-handle=3348 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2104
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,7448996386227869860,10274275340318926010,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2582610560177502327 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1892
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1040,7448996386227869860,10274275340318926010,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=1758731849897269318 --mojo-platform-channel-handle=3000 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2572
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1040,7448996386227869860,10274275340318926010,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=14639180574805946531 --mojo-platform-channel-handle=3588 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
896
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1040,7448996386227869860,10274275340318926010,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=4670403044257752896 --mojo-platform-channel-handle=3748 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2364
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1040,7448996386227869860,10274275340318926010,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=2611811639411703374 --mojo-platform-channel-handle=2464 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll

PID
2784
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1040,7448996386227869860,10274275340318926010,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=10899048179061981477 --mojo-platform-channel-handle=3000 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2956
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1040,7448996386227869860,10274275340318926010,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=2717175145638829487 --mojo-platform-channel-handle=2392 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1416
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1040,7448996386227869860,10274275340318926010,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=14322479194307652529 --mojo-platform-channel-handle=3336 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2728
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1040,7448996386227869860,10274275340318926010,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=17160052950359173996 --mojo-platform-channel-handle=3232 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1028
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,7448996386227869860,10274275340318926010,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8587120648039667446 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
504
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1040,7448996386227869860,10274275340318926010,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=18228973237644549811 --mojo-platform-channel-handle=4116 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1956
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,7448996386227869860,10274275340318926010,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1887892400905223321 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2896
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1040,7448996386227869860,10274275340318926010,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=6096390900993132083 --mojo-platform-channel-handle=4112 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2576
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1040,7448996386227869860,10274275340318926010,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=9154828308926592488 --mojo-platform-channel-handle=3748 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2328
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1040,7448996386227869860,10274275340318926010,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=8645433175311075042 --mojo-platform-channel-handle=4132 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2916
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,7448996386227869860,10274275340318926010,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4299852947820758626 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2948 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3760
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1040,7448996386227869860,10274275340318926010,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=15469397737046143126 --mojo-platform-channel-handle=2396 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
956
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1040,7448996386227869860,10274275340318926010,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=7091780492877193133 --mojo-platform-channel-handle=3660 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3332
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1040,7448996386227869860,10274275340318926010,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=13551406666055427649 --mojo-platform-channel-handle=2536 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3000
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1040,7448996386227869860,10274275340318926010,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=4547980157800087617 --mojo-platform-channel-handle=2540 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2068
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,7448996386227869860,10274275340318926010,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8402747553943122283 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4456 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

Registry activity

Total events
2177
Read events
1466
Write events
698
Delete events
13

Modification events

PID
Process
Operation
Key
Name
Value
1796
OUTLOOK.EXE
delete key
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
Off
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1041
Off
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1046
Off
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1036
Off
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1031
Off
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1040
Off
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1049
Off
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
3082
Off
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1332215988
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources
UISnapshot
1033;1046;1036;1031;1040;1041;1049;3082;1042;1055
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources
UIFallback
1040;0;1033;1046;1036;1031;1041;1049;3082;1042;1055
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources
HelpFallback
0;1033;1046;1036;1031;1040;1041;1049;3082;1042;1055
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
On
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1046
On
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1036
On
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1031
On
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1040
On
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1041
On
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1049
On
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
3082
On
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1042
On
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1055
On
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
4c?
34633F0004070000010000000000000000000000
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Recognizers\{0C12CF48-451D-45AC-A927-F5FDBFC07C96}
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Recognizers\{9C3CFE2A-537A-479A-A1E2-85728C400F7D}
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Recognizers\{A8716C2B-35ED-4EE7-A138-FBA0A7C9B5B0}
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Recognizers\{AA3BD3AB-AD94-4243-86C5-8AE3D7D829BC}
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\Smart Tag\Recognizers\{BC29864C-2254-4A9E-9F4D-721A388618BB}
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\User Settings\Kosmarttag_SmartTag
Count
1
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook
MTTT
04070000985B14A54496D50100000000
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\SQM
SQMSessionNumber
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\SQM
SQMSessionDate
220294080
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\AutoDiscover\RedirectServers
autodiscover-s.outlook.com
1796
OUTLOOK.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
1796
OUTLOOK.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\mlang.dll,-4608
Unicode
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1332215989
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10021400000000000F01FEC\Usage
StemmerFiles_1042
1332215809
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046
00030429
03000000
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
1200000000000000
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
eh?
65683F0004070000040000000000000096000000010000008E000000430043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C004D006900630072006F0073006F00660074005C00540065006D0070006C0061007400650073005C004E006F0072006D0061006C0045006D00610069006C002E0064006F0074006D00000000000000
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109A10090400000000000F01FEC\Usage
OutlookMAPI2Intl_1033
1332215829
1796
OUTLOOK.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
C:\Windows\system32,@tzres.dll,-260
(UTC) Dublin, Edinburgh, Lisbon, London
1796
OUTLOOK.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
C:\Windows\system32,@tzres.dll,-262
GMT Standard Time
1796
OUTLOOK.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
C:\Windows\system32,@tzres.dll,-261
GMT Daylight Time
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
WORDFiles
1332215870
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046
000b046b
0000
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
1300000000000000
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
1400000000000000
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
hj?
686A3F0004070000020000000000000000010000010000008C0000006800000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0061006400640069006E0073005C0063006F006C006C006500610067007500650069006D0070006F00720074002E0064006C006C0000006D006900630072006F0073006F006600740020007300680061007200650070006F0069006E0074002000730065007200760065007200200063006F006C006C0065006100670075006500200069006D0070006F007200740020006100640064002D0069006E000000
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
wj?
776A3F00040700000200000000000000C000000001000000700000004400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C006F006E006200740074006E006F006C002E0064006C006C0000006F006E0065006E006F007400650020006E006F007400650073002000610062006F007500740020006F00750074006C006F006F006B0020006900740065006D0073000000
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
7k?
376B3F00040700000200000000000000D0000000010000007E0000004600000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0073006F006300690061006C0063006F006E006E006500630074006F0072002E0064006C006C0000006D006900630072006F0073006F006600740020006F00750074006C006F006F006B00200073006F006300690061006C00200063006F006E006E006500630074006F0072000000
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
#k?
236B3F00040700000200000000000000CA000000010000008A0000003400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0061006400640069006E0073005C0075006D006F00750074006C006F006F006B0061006400640069006E002E0064006C006C0000006D006900630072006F0073006F00660074002000650078006300680061006E006700650020006100640064002D0069006E000000
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
OUTLOOKFiles
1332215854
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109A10090400000000000F01FEC\Usage
OUTLOOKFilesIntl_1033
1332215831
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
l?
206C3F00040700000200000000000000C000000001000000700000004400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C006F006E006200740074006E006F006C002E0064006C006C0000006F006E0065006E006F007400650020006E006F007400650073002000610062006F007500740020006F00750074006C006F006F006B0020006900740065006D0073000000
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
l?
206C3F00040700000200000000000000D0000000010000007E0000004600000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0073006F006300690061006C0063006F006E006E006500630074006F0072002E0064006C006C0000006D006900630072006F0073006F006600740020006F00750074006C006F006F006B00200073006F006300690061006C00200063006F006E006E006500630074006F0072000000
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
l?
206C3F00040700000200000000000000CA000000010000008A0000003400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0061006400640069006E0073005C0075006D006F00750074006C006F006F006B0061006400640069006E002E0064006C006C0000006D006900630072006F0073006F00660074002000650078006300680061006E006700650020006100640064002D0069006E000000
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
CleanupFolder
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A56DC338-2316-442B-B430-A6F2FE956095}
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
AlertTypes
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
RestartsSinceAlerts
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
AlertInsertStrings
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
PeoplePaneModeInspector
3
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
WORDFiles
1332215871
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Identities
Identity Ordinal
2
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\68D91219C84C964992535B9AF464ACEE
WriterId
4744375
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\68D91219C84C964992535B9AF464ACEE
LastModification
D0BEC2805A48D401
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\68D91219C84C964992535B9AF464ACEE
MsgEID
00000000EE353A6753D116479D0919B95E8B889A88001000
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046
00030487
406F210D
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\CDF8B6CA10E7FA43A1C921427A3CAFAD
WriterId
4744390
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\CDF8B6CA10E7FA43A1C921427A3CAFAD
LastModification
D02FC5805A48D401
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\CDF8B6CA10E7FA43A1C921427A3CAFAD
MsgEID
00000000EE353A6753D116479D0919B95E8B889AA8001000
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\06E8EA189688B348894D9F0A639F6845
WriterId
4744390
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\06E8EA189688B348894D9F0A639F6845
LastModification
D02FC5805A48D401
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\06E8EA189688B348894D9F0A639F6845
MsgEID
00000000EE353A6753D116479D0919B95E8B889AC8001000
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\FFE18E6B2B43CB4E88C022C5AA06761C
WriterId
4744390
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\FFE18E6B2B43CB4E88C022C5AA06761C
LastModification
D02FC5805A48D401
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\FFE18E6B2B43CB4E88C022C5AA06761C
MsgEID
00000000EE353A6753D116479D0919B95E8B889AE8001000
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\3517490d76624c419a828607e2a54604
001f6000
4E006F004D00610069006C000000
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\FEC6987CA125A1429FD5FB83532D4BDE
WriterId
4744390
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\FEC6987CA125A1429FD5FB83532D4BDE
LastModification
D02FC5805A48D401
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\FEC6987CA125A1429FD5FB83532D4BDE
MsgEID
00000000EE353A6753D116479D0919B95E8B889A08011000
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\48D2759808563A44AAFE636682B8D65C
WriterId
4744390
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\48D2759808563A44AAFE636682B8D65C
LastModification
D02FC5805A48D401
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\48D2759808563A44AAFE636682B8D65C
MsgEID
00000000EE353A6753D116479D0919B95E8B889A28011000
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\DD60ACF661998748B1C982CFF3F41325
WriterId
4744390
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\DD60ACF661998748B1C982CFF3F41325
LastModification
D02FC5805A48D401
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\DD60ACF661998748B1C982CFF3F41325
MsgEID
00000000EE353A6753D116479D0919B95E8B889A48011000
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Ami R
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Arial Unicode MS
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Batang
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@BatangChe
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DFKai-SB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Dotum
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DotumChe
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Expo M
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@FangSong
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gulim
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GulimChe
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gungsuh
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GungsuhChe
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Headline R
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGGothicE
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGGothicM
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGGyoshotai
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGKyokashotai
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGMaruGothicMPRO
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGMinchoB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGMinchoE
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGPGothicE
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGPGothicM
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGPGyoshotai
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGPKyokashotai
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGPMinchoB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGPMinchoE
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGPSoeiKakugothicUB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGPSoeiKakupoptai
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGPSoeiPresenceEB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGSeikaishotaiPRO
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGSGothicE
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGSGothicM
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGSGyoshotai
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGSKyokashotai
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGSMinchoB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGSMinchoE
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGSoeiKakugothicUB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGSoeiKakupoptai
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGSoeiPresenceEB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGSSoeiKakugothicUB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGSSoeiKakupoptai
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HGSSoeiPresenceEB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HYGothic-Extra
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HYGothic-Medium
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HYGraphic-Medium
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HYGungSo-Bold
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HYHeadLine-Medium
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HYMyeongJo-Extra
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HYPMokGak-Bold
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HYPost-Light
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HYPost-Medium
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HYShortSamul-Medium
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@HYSinMyeongJo-Medium
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@KaiTi
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Magic R
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Malgun Gothic
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo UI
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft JhengHei
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft YaHei
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS-ExtB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU-ExtB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MoeumT R
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Gothic
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Mincho
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PGothic
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PMincho
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS UI Gothic
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@New Gulim
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@NSimSun
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU-ExtB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Pyunji R
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimHei
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun-ExtB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Yet R
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Agency FB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aharoni
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Algerian
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ami R
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Andalus
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Angsana New
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
AngsanaUPC
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aparajita
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arabic Typesetting
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Black
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Narrow
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Rounded MT Bold
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Unicode MS
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Baskerville Old Face
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Batang
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BatangChe
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bauhaus 93
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bell MT
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB Demi
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bernard MT Condensed
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Blackadder ITC
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Black
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Condensed
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Poster Compressed
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Book Antiqua
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookman Old Style
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookshelf Symbol 7
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bradley Hand ITC
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Britannic Bold
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Broadway
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Browallia New
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BrowalliaUPC
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Brush Script MT
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Californian FB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calisto MT
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria Math
1
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Candara
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Castellar
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Centaur
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Gothic
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Schoolbook
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Chiller
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Colonna MT
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Comic Sans MS
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Consolas
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Constantia
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cooper Black
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Bold
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Light
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Corbel
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cordia New
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
CordiaUPC
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier New
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Curlz MT
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DaunPenh
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
David
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DFKai-SB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DilleniaUPC
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DokChampa
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Dotum
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DotumChe
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ebrima
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Edwardian Script ITC
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Elephant
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Engravers MT
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Bold ITC
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Demi ITC
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Light ITC
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Medium ITC
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Estrangelo Edessa
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
EucrosiaUPC
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Euphemia
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Expo M
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FangSong
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Felix Titling
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Fixedsys
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Footlight MT Light
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Forte
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Book
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi Cond
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Heavy
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium Cond
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FrankRuehl
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FreesiaUPC
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Freestyle Script
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
French Script MT
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gabriola
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Garamond
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gautami
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Georgia
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gigi
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Condensed
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Ext Condensed Bold
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold Condensed
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gisha
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gloucester MT Extra Condensed
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Old Style
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Stout
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gulim
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GulimChe
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gungsuh
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GungsuhChe
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Haettenschweiler
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harlow Solid Italic
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harrington
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Headline R
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGGothicE
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGGothicM
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGGyoshotai
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGKyokashotai
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGMaruGothicMPRO
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGMinchoB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGMinchoE
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGPGothicE
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGPGothicM
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGPGyoshotai
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGPKyokashotai
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGPMinchoB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGPMinchoE
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGPSoeiKakugothicUB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGPSoeiKakupoptai
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGPSoeiPresenceEB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGSeikaishotaiPRO
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGSGothicE
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGSGothicM
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGSGyoshotai
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGSKyokashotai
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGSMinchoB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGSMinchoE
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGSoeiKakugothicUB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGSoeiKakupoptai
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGSoeiPresenceEB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGSSoeiKakugothicUB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGSSoeiKakupoptai
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HGSSoeiPresenceEB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
High Tower Text
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HYGothic-Extra
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HYGothic-Medium
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HYGraphic-Medium
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HYGungSo-Bold
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HYHeadLine-Medium
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HYMyeongJo-Extra
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HYPMokGak-Bold
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HYPost-Light
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HYPost-Medium
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HYShortSamul-Medium
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
HYSinMyeongJo-Medium
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Impact
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Imprint MT Shadow
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Informal Roman
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
IrisUPC
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Iskoola Pota
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
JasmineUPC
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Jokerman
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Juice ITC
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KaiTi
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kalinga
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kartika
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Khmer UI
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KodchiangUPC
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kokila
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kristen ITC
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kunstler Script
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lao UI
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Latha
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Leelawadee
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Levenim MT
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
LilyUPC
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Bright
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Calligraphy
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Console
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Fax
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Handwriting
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Typewriter
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Unicode
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Magic R
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Magneto
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Maiandra GD
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Malgun Gothic
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mangal
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Marlett
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Matura MT Script Capitals
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo UI
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Himalaya
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft JhengHei
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft New Tai Lue
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft PhagsPa
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Sans Serif
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Tai Le
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Uighur
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft YaHei
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Yi Baiti
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS-ExtB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU-ExtB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam Fixed
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mistral
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Modern No. 20
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MoeumT R
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mongolian Baiti
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Monotype Corsiva
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MoolBoran
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Gothic
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Mincho
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Outlook
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PGothic
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PMincho
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Sans Serif
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Specialty
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Sans Serif
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Serif
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS UI Gothic
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MT Extra
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MV Boli
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Narkisim
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
New Gulim
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Engraved
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Solid
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
NSimSun
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Nyala
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
OCR A Extended
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
OCRB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Old English Text MT
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Onyx
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palace Script MT
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palatino Linotype
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Papyrus
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Parchment
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua Titling MT
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Plantagenet Cherokee
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Playbill
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU-ExtB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Poor Richard
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Pristina
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Pyunji R
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Raavi
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rage Italic
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ravie
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Condensed
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Extra Bold
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rod
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sakkal Majalla
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Script MT Bold
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Print
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Script
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Light
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Semibold
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Symbol
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shonar Bangla
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Showcard Gothic
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shruti
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimHei
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic Fixed
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun-ExtB
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Small Fonts
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Snap ITC
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Stencil
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sylfaen
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Symbol
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
System
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tahoma
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tempus Sans ITC
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Terminal
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Times New Roman
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Traditional Arabic
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Trebuchet MS
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tunga
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed Extra Bold
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Utsaah
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vani
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Verdana
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vijaya
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Viner Hand ITC
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vivaldi
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vladimir Script
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vrinda
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Webdings
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wide Latin
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 2
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 3
0
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Yet R
0
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1332215869
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1332215870
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1332215869
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1332215870
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1332215906
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1332215907
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10061400000000000F01FEC\Usage
SpellingAndGrammarFilesExp1_1046
1332215815
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10061400000000000F01FEC\Usage
SpellingAndGrammarFilesExp1_1046
1332215816
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10031400000000000F01FEC\Usage
SpellingAndGrammarFilesExp1_1043
1332215815
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10031400000000000F01FEC\Usage
SpellingAndGrammarFilesExp1_1043
1332215816
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10070400000000000F01FEC\Usage
SpellingAndGrammarFiles_1031
1332215821
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10070400000000000F01FEC\Usage
SpellingAndGrammarFiles_1031
1332215822
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10010400000000000F01FEC\Usage
SpellingAndGrammarFilesExp1_1025
1332215815
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10010400000000000F01FEC\Usage
SpellingAndGrammarFilesExp1_1025
1332215816
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10001400000000000F01FEC\Usage
SpellingAndGrammarFilesExp1_1040
1332215815
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10001400000000000F01FEC\Usage
SpellingAndGrammarFilesExp1_1040
1332215816
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10022400000000000F01FEC\Usage
SpellingAndGrammarFilesExp2_1058
1332215815
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10022400000000000F01FEC\Usage
SpellingAndGrammarFilesExp2_1058
1332215816
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10091400000000000F01FEC\Usage
SpellingAndGrammarFilesExp1_1049
1332215815
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10091400000000000F01FEC\Usage
SpellingAndGrammarFilesExp1_1049
1332215816
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10065400000000000F01FEC\Usage
SpellingAndGrammarFilesExp2_1110
1332215815
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10065400000000000F01FEC\Usage
SpellingAndGrammarFilesExp2_1110
1332215816
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100D2400000000000F01FEC\Usage
SpellingAndGrammarFilesExp2_1069
1332215815
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100D2400000000000F01FEC\Usage
SpellingAndGrammarFilesExp2_1069
1332215816
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10030400000000000F01FEC\Usage
SpellingAndGrammarFilesExp2_1027
1332215815
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10030400000000000F01FEC\Usage
SpellingAndGrammarFilesExp2_1027
1332215816
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10021400000000000F01FEC\Usage
SpellingAndGrammarFilesExp6_1042
1332215809
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10021400000000000F01FEC\Usage
StemmerFiles_1042
1332215810
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100F1400000000000F01FEC\Usage
SpellingAndGrammarFilesExp1_1055
1332215809
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100F1400000000000F01FEC\Usage
SpellingAndGrammarFilesExp1_1055
1332215810
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1332215871
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1332215872
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1332215871
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1332215872
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1332215908
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1332215909
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10070400000000000F01FEC\Usage
SpellingAndGrammarFiles_1031
1332215823
1796
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10070400000000000F01FEC\Usage
SpellingAndGrammarFiles_1031
1332215824
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Licensing
CFF13DD86EF249EBB265E3BFC6501C1D
01000000270000007B39303134303030302D303033442D303030302D303030302D3030303030303046463143457D005A0000004F00660066006900630065002000310034002C0020004F0066006600690063006500500072006F00660065007300730069006F006E0061006C002D00520065007400610069006C002000650064006900740069006F006E000000
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Search
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
3671654
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\IAM
Server ID
2
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet
UseRWHlinkNavigation
https://floryind-my.sharepoint.com/:o:/g/personal/bpoot_goflory_com/Ek3g3uQoIK5OnWr7IcyzlJQBVHrLFJmmpe1vuGUHb6bWwA?e=5%3aVqldL2&at=9
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet
UseRWOSHlinkNavigation
1
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046
000b0340
0100
1796
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents
LastPurgeTime
26220416
3344
iexplore.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000093000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{E865B881-0237-11EA-AB41-5254004A04AF}
0
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
2
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E3070B00050008000E0038000E00B602
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
2
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E3070B00050008000E0038000E00B602
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
2
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E3070B00050008000E0038000F004500
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
9
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
2
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E3070B00050008000E0038000F007300
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
41
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
2
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E3070B00050008000E0038000F00B200
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
28
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
4ABBB1AE4496D501
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
A41DB4AE4496D501
3344
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
3344
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\p2pcollab.dll,-8042
Peer to Peer Trust
3344
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\qagentrt.dll,-10
System Health Authentication
3344
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\dnsapi.dll,-103
Domain Name System (DNS) Server Trust
3344
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\System32\fveui.dll,-843
BitLocker Drive Encryption
3344
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\System32\fveui.dll,-844
BitLocker Data Recovery Agent
3344
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474
Blob
040000000100000010000000ACB694A59C17E0D791529BB19706A6E40B0000000100000030000000440069006700690043006500720074002000420061006C00740069006D006F0072006500200052006F006F007400000053000000010000006200000030603020060A2B06010401B13E01640130123010060A2B0601040182373C0101030200C0301F06096086480186FD6C020130123010060A2B0601040182373C0101030200C0301B060567810C010130123010060A2B0601040182373C0101030200C00F0000000100000014000000CE0E658AA3E847E467A147B3049191093D055E6F140000000100000014000000E59D5930824758CCACFA085436867B3AB5044DF01D0000000100000010000000918AD43A9475F78BB5243DE886D8103C030000000100000014000000D4DE20D05E66FC53FE1A50882C78DB2852CAE47419000000010000001000000068CB42B035EA773E52EF50ECF50EC52909000000010000003E000000303C06082B0601050507030106082B0601050507030406082B0601050507030206082B0601050507030306082B0601050507030906082B0601050507030862000000010000002000000016AF57A9F676B0AB126095AA5EBADEF22AB31119D644AC95CD4B93DBF3F26AEB20000000010000007B030000308203773082025FA0030201020204020000B9300D06092A864886F70D0101050500305A310B300906035504061302494531123010060355040A130942616C74696D6F726531133011060355040B130A43796265725472757374312230200603550403131942616C74696D6F7265204379626572547275737420526F6F74301E170D3030303531323138343630305A170D3235303531323233353930305A305A310B300906035504061302494531123010060355040A130942616C74696D6F726531133011060355040B130A43796265725472757374312230200603550403131942616C74696D6F7265204379626572547275737420526F6F7430820122300D06092A864886F70D01010105000382010F003082010A0282010100A304BB22AB983D57E826729AB579D429E2E1E89580B1B0E35B8E2B299A64DFA15DEDB009056DDB282ECE62A262FEB488DA12EB38EB219DC0412B01527B8877D31C8FC7BAB988B56A09E773E81140A7D1CCCA628D2DE58F0BA650D2A850C328EAF5AB25878A9A961CA967B83F0CD5F7F952132FC21BD57070F08FC012CA06CB9AE1D9CA337A77D6F8ECB9F16844424813D2C0C2A4AE5E60FEB6A605FCB4DD075902D459189863F5A563E0900C7D5DB2067AF385EAEBD403AE5E843E5FFF15ED69BCF939367275CF77524DF3C9902CB93DE5C923533F1F2498215C079929BDC63AECE76E863A6B97746333BD681831F0788D76BFFC9E8E5D2A86A74D90DC271A390203010001A3453043301D0603551D0E04160414E59D5930824758CCACFA085436867B3AB5044DF030120603551D130101FF040830060101FF020103300E0603551D0F0101FF040403020106300D06092A864886F70D01010505000382010100850C5D8EE46F51684205A0DDBB4F27258403BDF764FD2DD730E3A41017EBDA2929B6793F76F6191323B8100AF958A4D46170BD04616A128A17D50ABDC5BC307CD6E90C258D86404FECCCA37E38C637114FEDDD68318E4CD2B30174EEBE755E07481A7F70FF165C84C07985B805FD7FBE6511A30FC002B4F852373904D5A9317A18BFA02AF41299F7A34582E33C5EF59D9EB5C89E7C2EC8A49E4E08144B6DFD706D6B1A63BD64E61FB7CEF0F29F2EBB1BB7F250887392C2E2E3168D9A3202AB8E18DDE91011EE7E35AB90AF3E30947AD0333DA7650FF5FC8E9E62CF47442C015DBB1DB532D247D2382ED0FE81DC326A1EB5EE3CD5FCE7811D19C32442EA6339A9
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
3344
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2876
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
2876
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019110820191109
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019110820191109
2876
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019110820191109
CachePrefix
:2019110820191109:
2876
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019110820191109
CacheLimit
8192
2876
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019110820191109
CacheOptions
11
2876
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019110820191109
CacheRepair
0
2876
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
19
2876
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sharepoint.com
19
2876
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
0
2876
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sharepoint.com
0
928
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
928
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
01000000
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
928
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13217698585293609
928
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aapocclcgogkmnckokdopfmhonfmgoek
E3422B4AE356860C281BDC1953153F621FB402EC9FF3A2A0D671D6081B983826
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
15B1C3FE35F29528448F36A72A4DFBC58A8083C7190559D25865779166D220A2
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aohghmighlieiainnegkcijnfilokake
295AF99472F082986A9A58E3243330812B21CD9878027C5E6CB2A7DD7A52D11C
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
apdfllckaahabafndbhieahigkjlhalf
4447E35C74BEB88D4620D9CFEEC6961E2FD8C17A1C91D03F553413536FB8DE11
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
blpcfgokakmgnkcojhhkbfbldkacnbeo
C776EC23CDC22AFCC2614F4F8D581C45AD3DFB11CC509C03307054211AB860F0
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
felcaaldnbdncclmgdcncolpebgiejap
DE5A321D47D06C507FEF75471B7863F4A70349BD4CED321B39A34501832EDE4F
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
D6B079666F209503A09486C70AC09307652A0F7F783166A999B27C99D0DA79E2
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
B7709351851DC2D0DE6146CD97BD93D68AC1519D7C7CBD6A3194D233C8C7E060
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
00175B8120231631976CA8B862A3416996C9373BA3D289F0619DDA992973DDFA
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
63355C14E8C7DF9A075F2EDDEA6F2807DC8166B83F96F4C975B9B6554C6324D7
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
0E265BFED6F1C7D5F0A9BD790C50BB30E78E959631D51EEBB8BB0DE73E65763C
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
04A45240BDA55E8777FA04357712CA6DD942253A21323E4C7D3CCF769B34BFED
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
5D58C2FED93EFDED578B006CB02BBB8DEC329128E2D098172E1316CDD15254DC
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
19B0C3C353F76FD4D45F4A1031FCC432202B9363CED95387520AB45B5BC8E67B
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pjkljhegncpnkpknbcohdijeoejaedia
EB46324036A75C7735BDE2E005C01BD4DCB4A2142D8E88D521A339ADDACF0AB9
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
CC7FEBB240D3809D991036CAC81BC005BDF9CE7194544D9CFD67DAF7AB0B0E37
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
F5C5DCDE6519762B36825CCFA0852C74340FFEAD8AECA7204469A235ABCC7501
928
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
73D48703455B062475738E30BF98C08C14F407B90FC845CC090E3C54C0CA9517
532
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
928-13217698584043609
259
932
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US

Files activity

Executable files
0
Suspicious files
22
Text files
263
Unknown types
13

Dropped files

PID
Process
Filename
Type
928
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF3a832f.TMP
text
MD5: a7324796437fbba0df534c7fae4fd0c6
SHA256: f29c45f2dfd8dfe461869a0a6614a05ae6b9516e4f9109531b4957b587727783
2576
chrome.exe
C:\Users\admin\AppData\Local\Temp\scoped_dir928_11046\CRX_INSTALL\_locales\bg\messages.json
text
MD5: 7fd8c905eb48cbfad9297f5095160732
SHA256: 1bdf7f4c73b820712111fcafee6cf24166b1391927d512d2491d372fd02415b5
928
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences~RF3a832f.TMP
text
MD5: 63f0cccd70d09f7bc6ea6f7731d8fd88
SHA256: 7e134379b7d9055c8b6deb84a9240cb600291adca45d97bee18283f55ab5ab1b
928
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
text
MD5: 63f0cccd70d09f7bc6ea6f7731d8fd88
SHA256: 7e134379b7d9055c8b6deb84a9240cb600291adca45d97bee18283f55ab5ab1b
928
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\b9ef0028-d531-440f-ada0-e6d6c16c3f8c.tmp
––
MD5:  ––
SHA256:  ––
928
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\51dfa716-f58a-4a54-96f9-5f37f843ac23.tmp
––
MD5:  ––
SHA256:  ––
928
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
binary
MD5: f50f89a0a91564d0b8a211f8921aa7de
SHA256: b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
928
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF3a67a9.TMP
text
MD5: ea6bca5ab2e59499e896091c756b2c2d
SHA256: 503060bef22ccfc691909eb1eae035f4cdd00fd590f1dee3b059e52d2dd6b4b0
928
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: ea6bca5ab2e59499e896091c756b2c2d
SHA256: 503060bef22ccfc691909eb1eae035f4cdd00fd590f1dee3b059e52d2dd6b4b0
928
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\d9d2424a-cbbe-4823-9595-309da561b498.tmp
––
MD5:  ––
SHA256:  ––
932
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State
text
MD5: 2800881c775077e1c4b6e06bf4676de4
SHA256: 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
932
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\f0c102a7-f92b-4383-bbdb-dea4bfe7af42.tmp
––
MD5:  ––
SHA256:  ––
928
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7519.422.0.3_0\_metadata\computed_hashes.json
text
MD5: 60b11a4c514e82b763fda6c8bca188b8
SHA256: cf23c3ec4b986391e7ada2d4940832a27ec6336a434f75ddf818b5d00e35604d
928
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: f75716ba86da7724d6b7d1497d83171d
SHA256: 47ba83e5b207c229eecc11cdf3e021cc4223d1199f5c45ece7c07ddef9823523
928
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF3a57ca.TMP
text
MD5: f75716ba86da7724d6b7d1497d83171d
SHA256: 47ba83e5b207c229eecc11cdf3e021cc4223d1199f5c45ece7c07ddef9823523
928
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\2824ac82-01ba-41f8-a596-d7c983b28f14.tmp
––
MD5:  ––
SHA256:  ––
932
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 5e9ab2180f6ecf008c383b6dc334a9dd
SHA256: 05cd4841bdefb26484ebe072900b368f925b62f8ab5544c35b9b48e11189ab78
932
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF3a4cae.TMP
text
MD5: 5e9ab2180f6ecf008c383b6dc334a9dd
SHA256: 05cd4841bdefb26484ebe072900b368f925b62f8ab5544c35b9b48e11189ab78
932
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\d3850ca4-2756-43f8-8446-1f7886258fd1.tmp
––
MD5:  ––
SHA256:  ––
928
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences~RF3a4ae9.TMP
text
MD5: 1d0dbe43cd76b4fabf82b4e861f375a4
SHA256: 5a378fb61d2a54d758e9959c1de26ddf5726bc06645603d881952c9ae13ac671
928
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
text
MD5: 1d0dbe43cd76b4fabf82b4e861f375a4
SHA256: 5a378fb61d2a54d758e9959c1de26ddf5726bc06645603d881952c9ae13ac671
928
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\7bf3e5d9-7753-4607-a37b-68561a269213.tmp
––
MD5:  ––
SHA256:  ––
928
chrome.exe<