General Info

File name

6a4e_8016_421f020c_bd80_4a05_9ddc_5080cfd9198f.eml (71.8 KB).msg

Full analysis
https://app.any.run/tasks/ee142021-049b-4c08-9935-d308adf467d2
Verdict
Malicious activity
Analysis date
11/8/2018, 09:19:19
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/vnd.ms-outlook
File info:
CDFV2 Microsoft Outlook Message
MD5

482affa819443f64816ba4b64b22a00a

SHA1

536bd5ef19b3cfdbb55bf5967bfb8fd52098d0de

SHA256

3d7761e9cb3ae42588ee4e7504ed3d4ede033883e737755762cd122d7778b6c1

SSDEEP

1536:xaPWIxyc128S5GxvSt3y83D2hjNxqb8Ni:xaPHxnzKt3R4jXS8N

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Unusual execution from Microsoft Office
  • OUTLOOK.EXE (PID: 3008)
Reads Internet Cache Settings
  • OUTLOOK.EXE (PID: 3008)
Creates files in the user directory
  • OUTLOOK.EXE (PID: 3008)
Starts Internet Explorer
  • OUTLOOK.EXE (PID: 3008)
Reads internet explorer settings
  • iexplore.exe (PID: 3760)
  • iexplore.exe (PID: 3000)
  • iexplore.exe (PID: 2044)
Creates files in the user directory
  • iexplore.exe (PID: 3760)
  • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2936)
  • iexplore.exe (PID: 2400)
  • iexplore.exe (PID: 2044)
  • iexplore.exe (PID: 3000)
Changes settings of System certificates
  • iexplore.exe (PID: 2400)
Adds / modifies Windows certificates
  • iexplore.exe (PID: 2400)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3000)
  • iexplore.exe (PID: 3760)
  • iexplore.exe (PID: 2044)
Reads settings of System Certificates
  • iexplore.exe (PID: 3760)
  • iexplore.exe (PID: 2044)
  • iexplore.exe (PID: 2400)
Changes internet zones settings
  • iexplore.exe (PID: 2400)
Reads Microsoft Office registry keys
  • OUTLOOK.EXE (PID: 3008)
Application launched itself
  • iexplore.exe (PID: 2400)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.msg
|   Outlook Message (38.9%)
.oft
|   Outlook Form Template (22.7%)
.doc
|   Microsoft Word document (17.5%)
.xls
|   Microsoft Excel sheet (16.4%)

Screenshots

Processes

Total processes
39
Monitored processes
6
Malicious processes
1
Suspicious processes
0

Behavior graph

+
start outlook.exe iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs iexplore.exe iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3008
CMD
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\admin\AppData\Local\Temp\6a4e_8016_421f020c_bd80_4a05_9ddc_5080cfd9198f.eml (71.8 KB).msg"
Path
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Microsoft Outlook
Version
14.0.6025.1000
Modules
Image
c:\progra~1\micros~1\office14\outlook.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
c:\windows\system32\apphelp.dll
c:\program files\common files\microsoft shared\office14\mso.dll
c:\program files\common files\microsoft shared\office14\cultures\office.odf
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\microsoft office\office14\addins\umoutlookaddin.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msimtf.dll
c:\program files\microsoft office\office14\1033\outllibr.dll
c:\program files\common files\microsoft shared\office14\msores.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\program files\common files\microsoft shared\office14\1033\msointl.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppc.dll
c:\program files\common files\microsoft shared\office14\riched20.dll
c:\progra~1\micros~1\office14\olmapi32.dll
c:\progra~1\micros~1\office14\1033\mapir.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\dwmapi.dll
c:\progra~1\micros~1\office14\contab32.dll
c:\progra~1\micros~1\office14\omsxp32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\mspst32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\program files\microsoft office\office14\exsec32.dll
c:\windows\system32\uxtheme.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\program files\microsoft office\office14\rtfhtml.dll
c:\windows\system32\mlang.dll
c:\program files\microsoft office\office14\1033\omsintl.dll
c:\program files\microsoft office\office14\wwlib.dll
c:\program files\microsoft office\office14\gfx.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msimg32.dll
c:\program files\microsoft office\office14\oart.dll
c:\program files\microsoft office\office14\1033\wwintl.dll
c:\program files\common files\microsoft shared\office14\msptls.dll
c:\windows\system32\propsys.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\hlink.dll
c:\windows\system32\profapi.dll
c:\program files\common files\microsoft shared\office14\usp10.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\normaliz.dll
c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\wordicon.exe
c:\windows\system32\windowscodecs.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\program files\microsoft office\office14\omsmain.dll
c:\windows\system32\winmm.dll
c:\program files\microsoft office\office14\addins\colleagueimport.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wkscli.dll
c:\program files\microsoft office\office14\onbttnol.dll
c:\windows\system32\secur32.dll
c:\program files\microsoft office\office14\socialconnector.dll
c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\mfc90enu.dll
c:\windows\system32\mapi32.dll
c:\windows\system32\oleacc.dll
c:\program files\microsoft office\office14\1033\umoutlookstrings.dll
c:\program files\microsoft office\office14\sharepointprovider.dll
c:\windows\system32\sxs.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\progra~1\micros~1\office14\outlacct.dll
c:\windows\system32\msident.dll
c:\windows\system32\pstorec.dll
c:\windows\system32\atl.dll
c:\windows\system32\msoeacct.dll
c:\windows\system32\msoert2.dll
c:\windows\system32\inetcomm.dll
c:\windows\system32\inetres.dll
c:\windows\system32\acctres.dll
c:\windows\system32\msxml3.dll
c:\program files\common files\system\ole db\oledb32.dll
c:\windows\system32\msdart.dll
c:\windows\system32\bcrypt.dll
c:\program files\common files\system\ole db\oledb32r.dll
c:\windows\system32\comsvcs.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\tquery.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\winspool.drv
c:\program files\microsoft office\office14\msproof7.dll
c:\program files\internet explorer\iexplore.exe

PID
2400
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.emirates.com/system/aspx/link.aspx?id=tcm:233-194385
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
OUTLOOK.EXE
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll

PID
2044
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2400 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\jscript.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll
c:\program files\common files\adobe\acrobat\activex\acropdf.dll
c:\program files\common files\adobe\acrobat\activex\acropdfimpl.dll
c:\windows\system32\mpr.dll
c:\windows\system32\msvcp120.dll
c:\windows\system32\msvcr120.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll

PID
2936
CMD
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding
Path
C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Adobe Systems Incorporated
Description
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Version
26,0,0,131
Modules
Image
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\riched20.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll

PID
3000
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2400 CREDAT:6403
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msxml3.dll
c:\windows\system32\jscript.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\xmllite.dll
c:\program files\common files\adobe\acrobat\activex\acropdf.dll
c:\program files\common files\adobe\acrobat\activex\acropdfimpl.dll
c:\windows\system32\mpr.dll
c:\windows\system32\msvcp120.dll
c:\windows\system32\msvcr120.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\program files\adobe\acrobat reader dc\reader\plug_ins\accessibility.api
c:\program files\adobe\acrobat reader dc\reader\plug_ins\acroform.api
c:\program files\adobe\acrobat reader dc\reader\plug_ins\annots.api
c:\program files\adobe\acrobat reader dc\reader\plug_ins\checkers.api
c:\program files\adobe\acrobat reader dc\reader\plug_ins\digsig.api
c:\program files\adobe\acrobat reader dc\reader\plug_ins\dropboxstorage.api
c:\program files\adobe\acrobat reader dc\reader\plug_ins\dva.api
c:\program files\adobe\acrobat reader dc\reader\plug_ins\ebook.api
c:\program files\adobe\acrobat reader dc\reader\plug_ins\escript.api
c:\program files\adobe\acrobat reader dc\reader\plug_ins\ia32.api
c:\program files\adobe\acrobat reader dc\reader\plug_ins\makeaccessible.api
c:\program files\adobe\acrobat reader dc\reader\plug_ins\multimedia.api
c:\program files\adobe\acrobat reader dc\reader\plug_ins\pddom.api
c:\program files\adobe\acrobat reader dc\reader\plug_ins\ppklite.api
c:\program files\adobe\acrobat reader dc\reader\plug_ins\readoutloud.api
c:\program files\adobe\acrobat reader dc\reader\plug_ins\reflow.api
c:\program files\adobe\acrobat reader dc\reader\plug_ins\saveasrtf.api
c:\program files\adobe\acrobat reader dc\reader\plug_ins\search.api
c:\program files\adobe\acrobat reader dc\reader\plug_ins\sendmail.api
c:\program files\adobe\acrobat reader dc\reader\plug_ins\spelling.api
c:\program files\adobe\acrobat reader dc\reader\plug_ins\storageconnectors.api
c:\program files\adobe\acrobat reader dc\reader\plug_ins\updater.api
c:\program files\adobe\acrobat reader dc\reader\plug_ins\weblink.api
c:\windows\system32\dxtrans.dll
c:\windows\system32\atl.dll
c:\windows\system32\ddrawex.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dxtmsft.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll

PID
3760
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2400 CREDAT:6406
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\iepeers.dll
c:\windows\system32\winspool.drv
c:\windows\system32\jscript.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\winmm.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll

Registry activity

Total events
2274
Read events
1702
Write events
562
Delete events
10

Modification events

PID
Process
Operation
Key
Name
Value
2400
iexplore.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006A000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{2032CE71-E32F-11E8-BFAB-5254004AAD11}
0
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E2070B00040008000800140013000901
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E2070B00040008000800140013001901
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E2070B00040008000800140013000302
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
12
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E2070B00040008000800140013003202
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
23
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E2070B00040008000800140013005102
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
26
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
2
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E2070B0004000800080014001D000302
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA8A9780-280D-11CF-A24D-444553540000}\iexplore
Type
1
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA8A9780-280D-11CF-A24D-444553540000}\iexplore
Flags
0
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA8A9780-280D-11CF-A24D-444553540000}\iexplore
Count
1
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA8A9780-280D-11CF-A24D-444553540000}\iexplore
Time
E2070B0004000800080014001E009601
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
3
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E2070B0004000800080014001E009002
2400
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
4
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E2070B0004000800080014002000A501
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
13
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
4
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E2070B0004000800080014002000C501
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
29
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
4
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E2070B0004000800080014002000F401
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
4
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E2070B00040008000800140022002202
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA8A9780-280D-11CF-A24D-444553540000}\iexplore
Count
2
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA8A9780-280D-11CF-A24D-444553540000}\iexplore
Time
E2070B00040008000800140023007102
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA8A9780-280D-11CF-A24D-444553540000}\iexplore
Count
3
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA8A9780-280D-11CF-A24D-444553540000}\iexplore
Time
E2070B00040008000800140024005102
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
5
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E2070B0004000800080014002A008C00
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
16
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
5
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E2070B0004000800080014002A00BB00
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
34
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
5
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E2070B0004000800080014002A00DA00
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
25
2400
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6
Blob
0F000000010000001400000007EEABAF80A9EF4AE1B2CB9B4B5FC70D0428E6A953000000010000004800000030463021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C03021060B6086480186FD6E0107170330123010060A2B0601040182373C0101030200C00B000000010000002E00000053007400610072006600690065006C006400200054006500630068006E006F006C006F0067006900650073000000090000000100000016000000301406082B0601050507030406082B06010505070301140000000100000014000000A848B4242FC6EA24A0D78E3CB93C5C78D79833E41D00000001000000100000005959DDBC9C7632BA0A05F06316846FE6030000000100000014000000317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA62000000001000000EB020000308202E730820250020101300D06092A864886F70D01010505003081BB312430220603550407131B56616C69436572742056616C69646174696F6E204E6574776F726B31173015060355040A130E56616C69436572742C20496E632E31353033060355040B132C56616C694365727420436C617373203220506F6C6963792056616C69646174696F6E20417574686F726974793121301F06035504031318687474703A2F2F7777772E76616C69636572742E636F6D2F3120301E06092A864886F70D0109011611696E666F4076616C69636572742E636F6D301E170D3939303632363030313935345A170D3139303632363030313935345A3081BB312430220603550407131B56616C69436572742056616C69646174696F6E204E6574776F726B31173015060355040A130E56616C69436572742C20496E632E31353033060355040B132C56616C694365727420436C617373203220506F6C6963792056616C69646174696F6E20417574686F726974793121301F06035504031318687474703A2F2F7777772E76616C69636572742E636F6D2F3120301E06092A864886F70D0109011611696E666F4076616C69636572742E636F6D30819F300D06092A864886F70D010101050003818D0030818902818100CE3A71CAE5ABC8599255D7ABD8740EF9EED9F655475965470E0555DCEB98363C5C535DD330CF38ECBD4189ED254209246B0A5EB37CDD522D4CE6D4D67D5A59A965D449132D244D1C506FB5C185543BFE71E4D35C42F980E0911A0A5B393667F33F557C1B3FB45F647334E3B412BF8764F8DA12FF3727C1B343BBEF7B6E2E69F70203010001300D06092A864886F70D0101050500038181003B7F506F6F509499496238381F4BF8A5C83EA78281F62BC7E8C5CEE83A1082CB18008E4DBDA8587FA17900B5BBE98DAF41D90F34EE218119A0324928F4C48E56D55233FD50D57E996C03E4C94CFCCB6CAB66B34A218CE5B50C323E10B2CC6CA1DC9A984C025BF3CEB99EA5720E4AB73F3CE61668F8BEED744CBC5BD5621F43DD
2400
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6
Blob
19000000010000001000000044BA5FD9039FC9B56FD8AADCCD597CA653000000010000004800000030463021060B6086480186FD6D0107170330123010060A2B0601040182373C0101030200C03021060B6086480186FD6E0107170330123010060A2B0601040182373C0101030200C00B000000010000002E00000053007400610072006600690065006C006400200054006500630068006E006F006C006F0067006900650073000000090000000100000016000000301406082B0601050507030406082B06010505070301140000000100000014000000A848B4242FC6EA24A0D78E3CB93C5C78D79833E41D00000001000000100000005959DDBC9C7632BA0A05F06316846FE6030000000100000014000000317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA62000000001000000EB020000308202E730820250020101300D06092A864886F70D01010505003081BB312430220603550407131B56616C69436572742056616C69646174696F6E204E6574776F726B31173015060355040A130E56616C69436572742C20496E632E31353033060355040B132C56616C694365727420436C617373203220506F6C6963792056616C69646174696F6E20417574686F726974793121301F06035504031318687474703A2F2F7777772E76616C69636572742E636F6D2F3120301E06092A864886F70D0109011611696E666F4076616C69636572742E636F6D301E170D3939303632363030313935345A170D3139303632363030313935345A3081BB312430220603550407131B56616C69436572742056616C69646174696F6E204E6574776F726B31173015060355040A130E56616C69436572742C20496E632E31353033060355040B132C56616C694365727420436C617373203220506F6C6963792056616C69646174696F6E20417574686F726974793121301F06035504031318687474703A2F2F7777772E76616C69636572742E636F6D2F3120301E06092A864886F70D0109011611696E666F4076616C69636572742E636F6D30819F300D06092A864886F70D010101050003818D0030818902818100CE3A71CAE5ABC8599255D7ABD8740EF9EED9F655475965470E0555DCEB98363C5C535DD330CF38ECBD4189ED254209246B0A5EB37CDD522D4CE6D4D67D5A59A965D449132D244D1C506FB5C185543BFE71E4D35C42F980E0911A0A5B393667F33F557C1B3FB45F647334E3B412BF8764F8DA12FF3727C1B343BBEF7B6E2E69F70203010001300D06092A864886F70D0101050500038181003B7F506F6F509499496238381F4BF8A5C83EA78281F62BC7E8C5CEE83A1082CB18008E4DBDA8587FA17900B5BBE98DAF41D90F34EE218119A0324928F4C48E56D55233FD50D57E996C03E4C94CFCCB6CAB66B34A218CE5B50C323E10B2CC6CA1DC9A984C025BF3CEB99EA5720E4AB73F3CE61668F8BEED744CBC5BD5621F43DD
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
5
2400
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E2070B00040008000800150001009903
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
Off
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
On
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
u}l
757D6C00C00B0000010000000000000000000000
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook
MTTT
C00B0000982C5FCB3B77D40100000000
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\SQM
SQMSessionNumber
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\SQM
SQMSessionDate
219768480
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046
00030429
03000000
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676
{ED475418-B0D6-11D2-8C3B-00104B2A6676}
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
1200000000000000
3008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109A10090400000000000F01FEC\Usage
OutlookMAPI2Intl_1033
1298661397
3008
OUTLOOK.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
OUTLOOKFiles
1298661422
3008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1298661504
3008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
WORDFiles
1298661391
3008
OUTLOOK.EXE
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
@%SystemRoot%\system32\mlang.dll,-4612
Western European (Windows)
3008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1298661505
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
*al
2A616C00C00B0000040000000000000096000000010000008E000000430043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C004D006900630072006F0073006F00660074005C00540065006D0070006C0061007400650073005C004E006F0072006D0061006C0045006D00610069006C002E0064006F0074006D00000000000000
3008
OUTLOOK.EXE
delete key
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046
000b046b
0000
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
1300000000000000
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\9375CFF0413111d3B88A00104B2A6676
LastChangeVer
1400000000000000
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
+dl
2B646C00C00B0000020000000000000000010000010000008C0000006800000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0061006400640069006E0073005C0063006F006C006C006500610067007500650069006D0070006F00720074002E0064006C006C0000006D006900630072006F0073006F006600740020007300680061007200650070006F0069006E0074002000730065007200760065007200200063006F006C006C0065006100670075006500200069006D0070006F007200740020006100640064002D0069006E000000
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
+dl
2B646C00C00B00000200000000000000C000000001000000700000004400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C006F006E006200740074006E006F006C002E0064006C006C0000006F006E0065006E006F007400650020006E006F007400650073002000610062006F007500740020006F00750074006C006F006F006B0020006900740065006D0073000000
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
:dl
3A646C00C00B00000200000000000000D0000000010000007E0000004600000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0073006F006300690061006C0063006F006E006E006500630074006F0072002E0064006C006C0000006D006900630072006F0073006F006600740020006F00750074006C006F006F006B00200073006F006300690061006C00200063006F006E006E006500630074006F0072000000
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
ydl
79646C00C00B00000200000000000000CA000000010000008A0000003400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0061006400640069006E0073005C0075006D006F00750074006C006F006F006B0061006400640069006E002E0064006C006C0000006D006900630072006F0073006F00660074002000650078006300680061006E006700650020006100640064002D0069006E000000
3008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109A10090400000000000F01FEC\Usage
OUTLOOKFilesIntl_1033
1298661399
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
(dl
28646C00C00B00000200000000000000C000000001000000700000004400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C006F006E006200740074006E006F006C002E0064006C006C0000006F006E0065006E006F007400650020006E006F007400650073002000610062006F007500740020006F00750074006C006F006F006B0020006900740065006D0073000000
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
8dl
38646C00C00B00000200000000000000D0000000010000007E0000004600000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0073006F006300690061006C0063006F006E006E006500630074006F0072002E0064006C006C0000006D006900630072006F0073006F006600740020006F00750074006C006F006F006B00200073006F006300690061006C00200063006F006E006E006500630074006F0072000000
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Resiliency\StartupItems
8dl
38646C00C00B00000200000000000000CA000000010000008A0000003400000063003A005C00700072006F006700720061006D002000660069006C00650073005C006D006900630072006F0073006F006600740020006F00660066006900630065005C006F0066006600690063006500310034005C0061006400640069006E0073005C0075006D006F00750074006C006F006F006B0061006400640069006E002E0064006C006C0000006D006900630072006F0073006F00660074002000650078006300680061006E006700650020006100640064002D0069006E000000
3008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
WORDFiles
1298661392
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
CleanupFolder
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{56706AB0-5BBC-4899-90F8-226825F859F0}
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
AlertTypes
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
RestartsSinceAlerts
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
AlertInsertStrings
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\SocialConnector
PeoplePaneModeInspector
3
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Identities
Identity Ordinal
2
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\8B9889F32266C540BFD06A03466B25F4
WriterId
4744375
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\8B9889F32266C540BFD06A03466B25F4
LastModification
D0BEC2805A48D401
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\8B9889F32266C540BFD06A03466B25F4
MsgEID
00000000EE353A6753D116479D0919B95E8B889A88001000
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\33142075944CD048A2305DA447FF12D6
WriterId
4744390
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\33142075944CD048A2305DA447FF12D6
LastModification
D02FC5805A48D401
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\33142075944CD048A2305DA447FF12D6
MsgEID
00000000EE353A6753D116479D0919B95E8B889AA8001000
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\IAM
Server ID
2
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\863DB93E75918346B5E6C34DC880DB5D
WriterId
4744390
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\863DB93E75918346B5E6C34DC880DB5D
LastModification
D02FC5805A48D401
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\863DB93E75918346B5E6C34DC880DB5D
MsgEID
00000000EE353A6753D116479D0919B95E8B889AC8001000
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\2AE97F5355DAEA46B54747635678E605
WriterId
4744390
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\2AE97F5355DAEA46B54747635678E605
LastModification
D02FC5805A48D401
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\2AE97F5355DAEA46B54747635678E605
MsgEID
00000000EE353A6753D116479D0919B95E8B889AE8001000
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\51E6A63C1C84A34398CD8F1DF3CFF32E
WriterId
4744390
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\51E6A63C1C84A34398CD8F1DF3CFF32E
LastModification
D02FC5805A48D401
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\51E6A63C1C84A34398CD8F1DF3CFF32E
MsgEID
00000000EE353A6753D116479D0919B95E8B889A08011000
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\163DC7591C0D46488F4FC86D549F148C
WriterId
4744390
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\163DC7591C0D46488F4FC86D549F148C
LastModification
D02FC5805A48D401
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\163DC7591C0D46488F4FC86D549F148C
MsgEID
00000000EE353A6753D116479D0919B95E8B889A28011000
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\D042D73FAD114A4DBA76B85992DCDE5C
WriterId
4744390
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\D042D73FAD114A4DBA76B85992DCDE5C
LastModification
D02FC5805A48D401
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Perf\RoamingStreamsCache\D042D73FAD114A4DBA76B85992DCDE5C
MsgEID
00000000EE353A6753D116479D0919B95E8B889A48011000
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046
00030487
9368190D
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\3517490d76624c419a828607e2a54604
001f6000
4E006F004D00610069006C000000
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Licensing
CFF13DD86EF249EBB265E3BFC6501C1D
01000000270000007B39303134303030302D303033442D303030302D303030302D3030303030303046463143457D005A0000004F00660066006900630065002000310034002C0020004F0066006600690063006500500072006F00660065007300730069006F006E0061006C002D00520065007400610069006C002000650064006900740069006F006E000000
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Search
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
3662888
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\NoMail\0a0d020000000000c000000000000046
000b0340
0100
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Arial Unicode MS
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Batang
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@BatangChe
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DFKai-SB
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Dotum
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DotumChe
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@FangSong
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gulim
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GulimChe
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gungsuh
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GungsuhChe
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@KaiTi
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Malgun Gothic
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo UI
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft JhengHei
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft YaHei
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS-ExtB
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU-ExtB
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Gothic
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Mincho
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PGothic
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PMincho
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS UI Gothic
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@NSimSun
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU-ExtB
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimHei
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun-ExtB
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Agency FB
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aharoni
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Algerian
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Andalus
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Angsana New
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
AngsanaUPC
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aparajita
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arabic Typesetting
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Black
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Narrow
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Rounded MT Bold
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Unicode MS
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Baskerville Old Face
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Batang
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BatangChe
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bauhaus 93
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bell MT
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB Demi
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bernard MT Condensed
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Blackadder ITC
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Black
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Condensed
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Poster Compressed
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Book Antiqua
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookman Old Style
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookshelf Symbol 7
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bradley Hand ITC
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Britannic Bold
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Broadway
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Browallia New
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BrowalliaUPC
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Brush Script MT
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Californian FB
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calisto MT
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria Math
1
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Candara
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Castellar
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Centaur
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Gothic
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Schoolbook
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Chiller
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Colonna MT
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Comic Sans MS
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Consolas
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Constantia
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cooper Black
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Bold
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Light
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Corbel
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cordia New
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
CordiaUPC
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier New
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Curlz MT
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DaunPenh
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
David
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DFKai-SB
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DilleniaUPC
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DokChampa
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Dotum
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DotumChe
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ebrima
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Edwardian Script ITC
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Elephant
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Engravers MT
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Bold ITC
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Demi ITC
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Light ITC
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Medium ITC
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Estrangelo Edessa
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
EucrosiaUPC
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Euphemia
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FangSong
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Felix Titling
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Fixedsys
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Footlight MT Light
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Forte
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Book
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi Cond
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Heavy
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium Cond
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FrankRuehl
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FreesiaUPC
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Freestyle Script
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
French Script MT
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gabriola
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Garamond
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gautami
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Georgia
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gigi
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Condensed
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Ext Condensed Bold
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold Condensed
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gisha
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gloucester MT Extra Condensed
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Old Style
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Stout
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gulim
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GulimChe
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gungsuh
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GungsuhChe
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Haettenschweiler
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harlow Solid Italic
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harrington
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
High Tower Text
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Impact
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Imprint MT Shadow
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Informal Roman
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
IrisUPC
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Iskoola Pota
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
JasmineUPC
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Jokerman
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Juice ITC
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KaiTi
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kalinga
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kartika
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Khmer UI
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KodchiangUPC
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kokila
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kristen ITC
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kunstler Script
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lao UI
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Latha
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Leelawadee
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Levenim MT
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
LilyUPC
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Bright
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Calligraphy
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Console
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Fax
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Handwriting
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Typewriter
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Unicode
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Magneto
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Maiandra GD
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Malgun Gothic
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mangal
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Marlett
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Matura MT Script Capitals
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo UI
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Himalaya
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft JhengHei
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft New Tai Lue
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft PhagsPa
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Sans Serif
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Tai Le
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Uighur
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft YaHei
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Yi Baiti
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS-ExtB
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU-ExtB
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam Fixed
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mistral
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Modern No. 20
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mongolian Baiti
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Monotype Corsiva
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MoolBoran
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Gothic
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Mincho
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Outlook
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PGothic
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PMincho
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Sans Serif
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Specialty
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Sans Serif
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Serif
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS UI Gothic
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MT Extra
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MV Boli
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Narkisim
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Engraved
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Solid
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
NSimSun
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Nyala
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
OCR A Extended
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Old English Text MT
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Onyx
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palace Script MT
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palatino Linotype
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Papyrus
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Parchment
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua Titling MT
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Plantagenet Cherokee
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Playbill
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU-ExtB
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Poor Richard
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Pristina
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Raavi
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rage Italic
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ravie
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Condensed
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Extra Bold
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rod
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sakkal Majalla
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Script MT Bold
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Print
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Script
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Light
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Semibold
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Symbol
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shonar Bangla
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Showcard Gothic
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shruti
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimHei
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic Fixed
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun-ExtB
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Small Fonts
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Snap ITC
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Stencil
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sylfaen
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Symbol
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
System
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tahoma
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tempus Sans ITC
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Terminal
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Times New Roman
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Traditional Arabic
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Trebuchet MS
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tunga
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed Extra Bold
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Utsaah
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vani
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Verdana
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vijaya
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Viner Hand ITC
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vivaldi
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vladimir Script
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vrinda
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Webdings
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wide Latin
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 2
0
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 3
0
3008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1298661401
3008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1298661402
3008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1298661401
3008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1298661402
3008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1298661418
3008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1298661419
3008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1298661403
3008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC\Usage
SpellingAndGrammarFiles_3082
1298661404
3008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1298661403
3008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC\Usage
SpellingAndGrammarFiles_1036
1298661404
3008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1298661420
3008
OUTLOOK.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC\Usage
SpellingAndGrammarFiles_1033
1298661421
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet
UseRWHlinkNavigation
https://www.emirates.com/system/aspx/link.aspx?id=tcm:233-194385
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet
UseRWOSHlinkNavigation
1
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet
UseRWHlinkNavigation
http://get.adobe.com/uk/reader/
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\IExplore\WWW_OpenURLNewWindow
ProcessName
iexplore.exe
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\IExplore\WWW_OpenURLNewWindow
WindowClassName
DDEMLMom
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents
LastPurgeTime
25694420
3008
OUTLOOK.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet
UseRWHlinkNavigation
https://www.emirates.com/system/aspx/link.aspx?id=tcm:233-194384
2044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
42
2044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\emirates.com
42
2044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
0
2044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\emirates.com
0
2044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\UserData
CachePath
%APPDATA%\Microsoft\Internet Explorer\UserData\Low
2044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\UserData
CachePrefix
UserData
2044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\UserData
CacheLimit
1000
2044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\UserData
CacheOptions
8
2044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\UserData
CacheRepair
0
2044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
14
2044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\emirates.com
14
2044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
10
2044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\emirates.com
10
2044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
136
2044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\emirates.com
136
2044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
142
2044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\emirates.com
142
2044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
215
2044
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\emirates.com
215
3000
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
239
3000
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adobe.com
24
3000
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
215
3000
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adobe.com
0
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
215
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\emirates.com
215
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
221
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\emirates.com
221
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
229
3760
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\emirates.com
229

Files activity

Executable files
0
Suspicious files
3
Text files
192
Unknown types
23

Dropped files

PID
Process
Filename
Type
3760
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\EZXM4CFJ\www.emirates[1].xml
text
MD5: d52ac30c0f8bcb78eb4a5b984e83e08d
SHA256: 41340e012d65a56139a5bcfac7f5dcd39bdfeff759e2e7b80ee24de4bdd4bbe7
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\reset[1].css
text
MD5: 8058750fb8b2a42f413e3d0df5159d30
SHA256: 49c3eb4bfc9445c97f5c0e419f186b403ae05b468d964e6a53bd43459c4779f7
3760
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\EZXM4CFJ\www.emirates[1].xml
text
MD5: dc3eb647a07af4a1f25a5b8a1388419b
SHA256: f217d38699d098cedda9289efa6a1cec0a2c0eb21b9283492e22c503e85ae0da
3760
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: b75801053c9ac6a05468500068ab5daf
SHA256: 467a370e4f6a609dcd551cdda23c62013fa4f0a67d2d5843f72de05338615c25
3760
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
3760
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\bat[1].js
text
MD5: 181c33ab28746d6a6ed42224b99bb365
SHA256: 6226202c1ea75ec89c213d14f9d1b6944e6ba6beec3eac721232a8e66e6d3a95
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\5325[2].js
text
MD5: e96a7f39a3ce780fc328a658d84dc39d
SHA256: 5b90c429b6c94fe26580390079643b05dd84ff5879392f77b7ec7d1f9a762c4c
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\uwt[1].js
text
MD5: b7b33882a4f3ffd5cbf07434f3137166
SHA256: 319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\ld[1].js
text
MD5: c11a9615929bfd9aa8105718c4f8233f
SHA256: 9919af37dc2facefce304973f4684ac3820c558d4ab7c4d87d152ff239160305
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\boxever-min[2].js
text
MD5: 948b22cd8fb33a6c438806deb7d0935b
SHA256: ad3b99a92bd96175a458d96d33014162f01e7564872e28fb0117b0090c08020b
2400
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
text
MD5: 3f70f8a16c22890d899c38df10023c1e
SHA256: ee711c8cfc93645d5d9df5d8949213f08fe8aaef51b5b01d846fac314338d80c
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\analytics[1].js
text
MD5: 45eff9ff7d6c7c1e3c3d4184fdbbed90
SHA256: 8cb05b675fe6419a9e91eb587c60902c7ed1cb6c42b8cff8ce404ef89f635cde
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\eluminate[1].js
text
MD5: 777db31c184405d994f11f2be1b0064d
SHA256: 95bc1291ee9fff6cf30c11088348d610c2bf7e9f481f98f4bd29f1a0359358cb
3760
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\EZXM4CFJ\www.emirates[1].xml
text
MD5: be50dd856f4dd97b4ab8f78557adc22e
SHA256: f03766e2c3cff408fb83e04b48a41e1f3b3ad4538e069235005cb42f263b4258
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\adrum-4.5.0.773[2].js
text
MD5: 7cf69f5b9e01418b5f7a050c5ba12e8b
SHA256: 14a806b8e455dcc19500055370d9972233470b28bd0cd5c81ece4bd115267faa
3760
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 35f1fabe3e30f672fd7f7114c000c396
SHA256: ef1a466defefcd36e09fae29c92e513e2a27f1c84f275be2bcfae0cc992983a8
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\gtm[1].js
text
MD5: c3b160d36486ab4d8e9a527759d9b982
SHA256: 362b3189fc99e186881b4da25cefeb1dd681ad90a15d905753a77dcffeacf64b
3760
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: dacd63dd63441be198a206e9031771c9
SHA256: 365ed7c2bb90aa32a7366efa775c37b560da3dff1d2d5550667e9e4fcdbc9801
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\ieVl2ZhZI2eCN5jzbjEETS9weq8-59Q[1].eot
eot
MD5: f89702f699ffdac1594d6f777276495f
SHA256: 40c49d9a9a8d517eee94584cbae80629cf1432b2e24d60b172c9b1cc9a004c24
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\Footer_Logo_global_tcm233-4139304[1].svg
––
MD5:  ––
SHA256:  ––
3760
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\skytrax_badge_2018_tcm233-4231454[1].svg
––
MD5:  ––
SHA256:  ––
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\tripadvisor-badge_tcm233-4231455[1].svg
––
MD5:  ––
SHA256:  ––
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\english[2]
text
MD5: 44abf46636212b8bb3c5e16f0c279e13
SHA256: 137326eed6d8dbc06ed54d7bfab15c035932054d17af25733a905ca4de44806a
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\Google_EN_tcm233-4143606[1].svg
––
MD5:  ––
SHA256:  ––
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\icon-clear[1].png
image
MD5: 50a3d8a2be3a1c2333adc406529d5231
SHA256: 0b10233265935fae41b0834a783f828cf9518edcc66e7c0252fbcbfe7424fdcc
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 210172347a6d2a7dcf1bb16b519e4750
SHA256: fba6e618f4c376e57f23cbce2fdca0aa0b3fbad874f08a5478d24c458fc62f0b
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\bg-map[1].png
image
MD5: 15fdcdd85605f60268cb1833ac858a5a
SHA256: 33cb12ddc6e86d62fba5445c2190d6e9008d3ca2d3edb9ab61f11bc7d2bbdd32
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\Apple_EN_tcm233-4143604[1].svg
––
MD5:  ––
SHA256:  ––
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\[email protected][1].png
image
MD5: 562b05428e10d8e8c107f19f8675c75e
SHA256: a7495eb6082efb2f3923be33b3bbda8ba420c64d02e11ddc290e2028cb2dafc3
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\Inline_Logo_global_tcm233-4096794[1].svg
––
MD5:  ––
SHA256:  ––
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\chevron_down_red[1].svg
image
MD5: 62df4a07819eab7f43af5c01122b6e3f
SHA256: e7f2a86bdb11d8cd095489a8d2ccdc7b32c0adbbef4f483c04c04663e04534f0
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\flags[1].svg
––
MD5:  ––
SHA256:  ––
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\icon-call-us[1].png
image
MD5: 76fb6e88a18f201b990293323ace9caf
SHA256: 8706edb5e2c14fbcfaef9dc234068e28d8a78eb9f1c6a393d9fe319040c0886b
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\Badge_Logo_global_tcm233-4139303[1].svg
––
MD5:  ––
SHA256:  ––
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\css[1].txt
text
MD5: 0fe40c4082735575fa2f8f60db4cb5e3
SHA256: 0a4c53986fa3a1cb36f5cb0c811a8afaca99cfaadade1a68d417c26ac7ef0585
3760
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 6c86764f3309c30d216f918c9b055c95
SHA256: 5ebd1260369c1c2adc74011bce4b2975b3077d1f5c1676191a3b45769e3a6827
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\fuse.library[1].js
text
MD5: b5fc8157aa527cdceb89e2ebda25c2d5
SHA256: f4f2ee73f905e07e9976c22a95129a7706f1707186292f82957b2cd67725d731
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\html5shiv.min[1].js
html
MD5: 3044234175ac91f49b03ff999c592b85
SHA256: e0eac80838c161f29e7c46d54fbc044d12cd164baae13255e562c6be3aa91809
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\respond.min[2].js
html
MD5: afc1984a3d17110449dc90cf22de0c27
SHA256: 83a8807ef669fa70d0d9375347f5552897f76c6ae8e2e6f97ef592595462d8d1
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\eol-elements[1].css
text
MD5: fb4c8db80c6b282d9f8d40c7f12cb907
SHA256: 8995fe3da9ec197b84af71af053752d5dd8bff1db5ccd17a115141da1f58d6f7
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\contact-us[1].js
text
MD5: d631196907f99094bc6bd315d6cfb9cf
SHA256: dcb67e460a0a583fa17fa9c5d94653ff71705c54732c762808ecca7c08aff542
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\contact-us[1].css
text
MD5: 6fbf66e0f74c1b54ff98e7adca295c28
SHA256: cc912fc3a1729201570aec5374e9841f5a9f09db54b77f5bc3f01cdbf4c98311
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\emirates.core[2].css
text
MD5: da6126dbf8207734dfdbb23a89db12fd
SHA256: 99488bc7eef155614c03d5425ed94cd80e9e76b5f089cb2fae091d2e930c5ece
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\help[1].txt
––
MD5:  ––
SHA256:  ––
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\help[1].htm
html
MD5: b353e3194ef296c91071836aba2a4597
SHA256: 803ad24a8e83946cca8c332ffd060e2d0a3745484067b1379d7996e2b3d53f0a
3760
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: cff2b641f8953d1223932bfa22829bad
SHA256: 6c9d2719208b0ee59381533753aa515f57736151229c234f34b06a1dd99178fb
3760
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 9d3a93f796f4187b1fee533cba07d0a8
SHA256: 4bee99e5c3918ea0deef45c4ed10c65c0347f5563a33fab647c7f2759f608c4a
3000
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 7039e90f9086d33b18b40627d36d9df2
SHA256: 8594d693803e613ed9bcfe40dddeaa60d0072d6e744dbf0a9582560de034862b
3000
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\TarC09C.tmp
––
MD5:  ––
SHA256:  ––
3000
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\CabC09B.tmp
––
MD5:  ––
SHA256:  ––
3000
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Tar85F2.tmp
––
MD5:  ––
SHA256:  ––
3000
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Cab85F1.tmp
––
MD5:  ––
SHA256:  ––
3000
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Tar85E1.tmp
––
MD5:  ––
SHA256:  ––
3000
iexplore.exe
C:\Users\admin\AppData\Local\Temp\Low\Cab85D0.tmp
––
MD5:  ––
SHA256:  ––
3000
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
binary
MD5: 6723b142f14cbae0629772d964c820f7
SHA256: b41c86943aeda98ae52014f98188317b7624c160b4516976e107967a44265b6b
3000
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
der
MD5: 55540a230bdab55187a841cfe1aa1545
SHA256: d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\checkboxes[1].png
image
MD5: c7c51e94a5caf6432409625cd47e6867
SHA256: f1555095dd6df76965261af25ab8fea343a8457ad475f823b02c3d386736eabf
3000
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: e5a6b94cad10460896fc79d04e9d507f
SHA256: c0825ed957320da1d275266aa6a73e783fc09f785e985798ddfd4d1815521c5e
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\double_offer[1].png
image
MD5: 7482b97f9dfc23146472615203d72112
SHA256: 8c5d9b9e7755ac70695561f1220fc0989d30a2794a665ad9dbed65d676421eff
3000
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
3000
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
text
MD5: 0951b8582baa0aa4e1fb74a927c12b61
SHA256: 72fdd560e4dc90899b1d152189f4b5176f8d366d4195d121c092ffc4925ef9be
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\adbr[1]
––
MD5:  ––
SHA256:  ––
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\dest5[1].htm
html
MD5: c4cfbeeecf2116c47acc61dc46349b18
SHA256: 5d8dd7fa7c561f4f5975b59a07081ef7480d82c85cc755b4a237864232cbd816
3000
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\39PFCQTO\get3.adobe[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\jquery-1.7.1.min[1].js
html
MD5: ddb84c1587287b2df08966081ef063bf
SHA256: 88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\read[1].htm
html
MD5: d4d59777ead8041e3b10a987b10c4db0
SHA256: e46d0b4f17049355ed359f640e1384e22557eb17529a7e8dee444d4059327070
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\read[1].txt
––
MD5:  ––
SHA256:  ––
3000
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 7039e90f9086d33b18b40627d36d9df2
SHA256: 8594d693803e613ed9bcfe40dddeaa60d0072d6e744dbf0a9582560de034862b
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\id[1]
text
MD5: d5ec824f7b99b4ecaf8a39f0a8c1c273
SHA256: d720449fd4254b9064678f6fd67f747f8541c89eb982e9e5cb9a1ed1989da57b
3000
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
text
MD5: 5a8811d9422f162473f2d303e6727eb8
SHA256: 0ca23c771004055414e3a975c311373728c727de863c8f17cb50b99c8882291f
3000
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
2400
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\favicon[1].ico
image
MD5: cf66f5f7a409291395b0789b8d7f586f
SHA256: 27cc73f4218225ede728aa1d55b15bbf8ad8abfbc00ed15d06c4fd20fadda92e
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\p[1].gif
image
MD5: 81144d75b3e69e9aa2fa3e9d83a64d03
SHA256: 9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
3000
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
text
MD5: 52eadda4e3a2b43e21b66e75f205bf94
SHA256: 5ce7e8b82c911fbaaae91a1f0d9c5afde54078bd21a091eb44a509472adc89b9
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\rd[1]
text
MD5: 240244bf5ceb9ba57b9c5f9bbea71c24
SHA256: b6edb6cc7009cb9c5982a3fff06d6d440b54544f8bacf59e9f9d0f454a92f177
3000
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 1b7af01436814d4f0eec7b83fea9577a
SHA256: 0ee2d37ab500a5f7825eb09f38eefe96557d179a543eacd6c7132778a58456be
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\close[1].png
image
MD5: aa2d89dd0672240c075dfd52166c8428
SHA256: 645ca65430f63743471400b112f25d4582bbf57a2d517582314c2df3e9a5fb59
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\region[1].png
image
MD5: 4ea34d74b6d7f080f6e63c4fe952f2a2
SHA256: e139542367b0c20802632cad23a9548b68d97182be4d7711110c3d7c9f0b768c
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\logo[1].png
image
MD5: c1650ca2560fae927569486121db8ec9
SHA256: 437732c13947ebcfbc91f7a808671fbdb87f2b697cadf3833c44682e942e19e9
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\reader_windows[1].gif
image
MD5: a0ab4eea8df0b81328c004660150b808
SHA256: 4b8a910a073cf70cbbe76d6ac67e65b4fece42b5e9d3ab64df062dad28e629b7
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\background[1].png
image
MD5: 8a773c19e305414ad08d0662fbcfbb35
SHA256: 33fd87b99bae954ecf2e832f622521849a172d2a278a679545ca05caceb79868
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\vt12ABArW5HNOhlT-y66pKclFe7aZdp7zKs2RL0diT3ffwrpgsMZeMI6MK6f5Mb[1].eot
eot
MD5: 51e4b19d0d143f15dcead6ab027f9ad5
SHA256: 2efcfbcd2df5bd8858d7c6fe17ba7f4b103d77e5c4a3c24934b05a2c5825c764
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\wXgYHHPdzg-eD4sR0bqelbFmapgW1pvw90LmrCRtLy6ffwhpgsMZeMI6MK6f5Mw[1].eot
eot
MD5: 40a54222812a14a879356d02f6971280
SHA256: 7d7f873c4a318fa05980435cba679eacecd9352029763038b7aa530b97af4fb3
3000
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
text
MD5: cc50a8852857c1f101504efd382e1cba
SHA256: 70eae8bf3c5036988a34113cba592ba1a174a2929c34297682be38f1690e6cf5
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\8gC0kOLxVgA0P8YQAfTzeevZch1B52UlVtA1Pw1zDsSffFepgsMZeMI6MK6f5MS[1].eot
eot
MD5: bb6e4b5f0f74907ad0f7f6f3ff938bdd
SHA256: ff34a4851ecb49111175868b7da2a8cfbd0fe9cf76f1cc4faf909ace68965c4c
3000
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\0WKK2IDY\get.adobe[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\FDc5uCO11RE5U283tqazmJrjQBQGkvD96cpWqln3_RbffFfpgsMZeMI6MK6f5Mt[1].eot
vc
MD5: 6019610778bbe8b6599e7f60752084bc
SHA256: bed56cd747a74ecac6c734bad9cff709a10693639e141ac1e3e3ffa7fb4d8b4b
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\yoe7ink-i[1].css
text
MD5: 16f8561e8aa53e1829362e58befaab31
SHA256: 977e289c352f3a8c41367415f2c81f4443d2e10f813bf086a1e5e2480a9426bd
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\yoe7ink[1].js
text
MD5: df0747f44038d7873b665ab47e34a3b7
SHA256: 38ec80ca3d57db31dd47c921998deaf9ad690202cf8b383d85a9ed40bcd0ff89
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\satelliteLib-7123a14bc11ffd1ad43be190a593a8932494dcb0[1].js
text
MD5: 0bcbcfa051c99fa77d73d821406b7813
SHA256: d1b7244640fa956169e5cd118e3cc62c520b3021201f509c824c0cf255f0995d
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\polarbear[1].js
text
MD5: aabf5e8f734b6225b97df4242e13adcf
SHA256: 9279aa721b4be8d5f906b9e57e576ef8dae9e6d6aa2d5c2fcbffdaab8c2829f9
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\html5shiv[1].js
html
MD5: d6a214a5a003e446e22be6e600ad6b25
SHA256: 12f607f13f14134dcbca5a81aaacfe331707053abc179aba0e567e9e11aabc0d
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\reader_detection[1].js
text
MD5: 6c9cb3a212b62831a4e05f2e7566e393
SHA256: 05b5f861bb363cc19c5a4776e5c0dba3d74473c910eb1ad06af8d5629610638a
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\modal[1].js
text
MD5: 7119eff8dc6d37a4bbd7c2605fdca2d5
SHA256: 4e9d4dda0d9d4f682db1437b243289f6b6a7521fc6af29497cdcb90aaf118660
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\core[1].js
text
MD5: 0c95cc539315160d031bde3529f86dda
SHA256: e1cb6e4182e6d8d47942391fa116cd356013e94f0f975781e18f9c8d69888381
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\swfobject[1].js
text
MD5: bab3b6216c5cad97b8612ead2aba5381
SHA256: 4a4a1d5888c6e020e4198c9d4ced4044e9637afe6f49a50de3d79261a193579d
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\string[1].js
text
MD5: 76bbcbac9dbd94c6dd84e74565d0bfdc
SHA256: 577179405b67b7fb670407f53fe1113f4a293a1d634c12ffd49db47415293b9b
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\selectBox[1].js
text
MD5: cc197c7051a5d1afb6d8039089474d55
SHA256: bdd7bc051b2db2786e4fae0cb8de1e068cfaa5524d61788942200e2c9200c5d3
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\jquery-ui.min[1].js
text
MD5: 3e6acb1e6426ef90d2e786a006a4ea28
SHA256: 16089a42741acc5fd00ab17da92be9458e8f0029fd645f159e582a7ea0f52ec1
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\outside[1].js
text
MD5: fbea5c6f381b03253b28126952b0bc59
SHA256: d49467174c920eee061a032acdb416b64497a8140a4a6eb7212e96f10acb4da1
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\bxslider[1].js
text
MD5: 8fe4c71995e4887a26dbf8a946e3dc27
SHA256: 9ccfd5f5b24894c159994ffbb33f7f43f3baff3d282bc7eb98ace627408b9e23
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\cookies[1].js
text
MD5: 811ee6fe61328857c7406082c927a632
SHA256: 404b4fc8714f3cdded978550105eb1711188504eb7399f884b60c0f49b5ac10f
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\jquery.min[1].js
text
MD5: 0b6ecf17e30037994d3ffee51b525914
SHA256: f554d2f09272c6f71447ebfe4532d3b1dd1959bce669f9a5ccc99e64ef511729
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\ie_fix[1].css
text
MD5: 334edd445df7098324eda10b783acc24
SHA256: a02f730cd1029218360800f62a930618e2a53f802b77d6d3c808ebbcb2dd39fb
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\core[1].css
text
MD5: 74e2840f54a24d44ffbbfeb38982bd14
SHA256: bcaf82197aced5a87da6c945a3f999c5ba3b323843b0ab7e0b3090b86af818c0
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\jquery-ui[1].css
text
MD5: 4c8be965d3ccbae0b90fe96bd4fd896a
SHA256: 7ca849a75c4c802358bea3d04e7ca9bcab4ecf3eb1e64094a152291d127e2752
3760
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\event[1]
text
MD5: d26c7b4c29aec3335ba6bf155b9e73a3
SHA256: 411b38a4e86389e7b9ca3176e87a168e3ba1ab58b9b543ab4ea0959c87fc5cba
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\reader[1].txt
––
MD5:  ––
SHA256:  ––
3000
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\reader[1].htm
html
MD5: a5ce611e4de7b753d7a3eef81095ba91
SHA256: 459ad4ff5dff569632d06a3cf56a26aaf59889ff7fde185c6f308606ee058fbe
3000
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 9bb12270b8fbd90c3b2d0e8a6e30dd83
SHA256: 678d92a7deccd4579d79f7e6d8c54a0ede97349d105e6a8262937b4a1889aefd
2044
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\EZXM4CFJ\www.emirates[1].xml
text
MD5: e5028076b3d03e8175083c89b3dc435d
SHA256: 84b4d03963b2a9f2e34cca035f5172dd46c3ada3332cc9cc96bbe557337df774
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\s[1].gif
image
MD5: 776f5f447e5e03b50f3bc4d4ec78daaa
SHA256: 853b983923a033223e4f391790e6e86619b31d542b40e7e1e8221fb0d6957ab1
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\u[1].gif
image
MD5: 776f5f447e5e03b50f3bc4d4ec78daaa
SHA256: 853b983923a033223e4f391790e6e86619b31d542b40e7e1e8221fb0d6957ab1
2400
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: e8c443cf40299ffe4ad0bc17cebc9ba6
SHA256: 16a4293e3227fcd26f11ad292f9c71e4a1d51942a713bb375792820b8f80dc52
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\event[1]
text
MD5: d26c7b4c29aec3335ba6bf155b9e73a3
SHA256: 411b38a4e86389e7b9ca3176e87a168e3ba1ab58b9b543ab4ea0959c87fc5cba
2400
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\E02357FC7708441D4B0BE5F371F4B28961870F70
binary
MD5: da6c793fb0533af0139a6d76c9956547
SHA256: bcec4bffd8ee03e0fdf1c1577ef4635ac08db1f94cf07b0c406a6b3a171e9e1d
2044
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\EZXM4CFJ\www.emirates[1].xml
text
MD5: 8e73c31bf874bce08ff79e5b15b8ce15
SHA256: 743ecc94032c7beb6b0008c7e8d8ef02fbc3896ba2124cc0b9115cad3ebe30c6
2044
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: b773ce44fe0fe059855f6f2c7ffb0ccf
SHA256: 9fd0e40aa0715e02a51eda47b75267b17a5488b4235d6bb3814a8b29de507ed9
2044
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\5325[1].js
text
MD5: e96a7f39a3ce780fc328a658d84dc39d
SHA256: 5b90c429b6c94fe26580390079643b05dd84ff5879392f77b7ec7d1f9a762c4c
2044
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: e1cb04692ae68ebe6d08f6ad7ced7c07
SHA256: 5c9b99dac95e7a80838d4c45390feef8ebe570fdc4dbd9ef8ad78ec56594da4f
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\bat[1].js
text
MD5: 181c33ab28746d6a6ed42224b99bb365
SHA256: 6226202c1ea75ec89c213d14f9d1b6944e6ba6beec3eac721232a8e66e6d3a95
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\uwt[1].js
text
MD5: b7b33882a4f3ffd5cbf07434f3137166
SHA256: 319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\ld[1].js
text
MD5: c11a9615929bfd9aa8105718c4f8233f
SHA256: 9919af37dc2facefce304973f4684ac3820c558d4ab7c4d87d152ff239160305
2044
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\EZXM4CFJ\www.emirates[1].xml
text
MD5: 7ecb3410dba5a6802aa38548b563d0dd
SHA256: 2540676fe2f11d01b37747ce6f97f93769b474d9ee24fc1cf596d6fe1b8cd030
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\adrum-ext.f1b9622831c5f758b69f8c4fafbe9659[1].js
text
MD5: 0dfd2e5ae5078a4590072fa05f64443d
SHA256: af2c4b1a82033adc5b5270c573dc5b2e7a074ecb37bc342d58196f2d6ab07a90
2044
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 74c6d6292566df8be4fb2d727a659523
SHA256: 7c67d1e83ed5359edd1455c7afc32335890aef58e992d1cab60a26d8e9e4df5a
2044
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\12E4PXRJ\oXMLStore[1].xml
text
MD5: 1ad1b8fc25c2fe1a0049de89c8e162ea
SHA256: 1ffdfc84490d8306574a31d3047ac045ed33a1d8b71ba139315753523c4b10ef
2044
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\index.dat
dat
MD5: c0d40dbd66e4ebc227998b872d7db4d2
SHA256: 3b8cb5da04caa98b9badef84ef91f73e2717cd50d68d011aaa07ef6c77772b64
2936
FlashUtil32_26_0_0_131_ActiveX.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\boxever-min[1].js
text
MD5: 948b22cd8fb33a6c438806deb7d0935b
SHA256: ad3b99a92bd96175a458d96d33014162f01e7564872e28fb0117b0090c08020b
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\analytics[1].js
text
MD5: 45eff9ff7d6c7c1e3c3d4184fdbbed90
SHA256: 8cb05b675fe6419a9e91eb587c60902c7ed1cb6c42b8cff8ce404ef89f635cde
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\eluminate[1].js
text
MD5: 777db31c184405d994f11f2be1b0064d
SHA256: 95bc1291ee9fff6cf30c11088348d610c2bf7e9f481f98f4bd29f1a0359358cb
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\adrum-4.5.0.773[1].js
text
MD5: 7cf69f5b9e01418b5f7a050c5ba12e8b
SHA256: 14a806b8e455dcc19500055370d9972233470b28bd0cd5c81ece4bd115267faa
2044
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: ebfa3f72f098875d1d12d15913378bbb
SHA256: f794bb2f5b9921ded720374ffbe6e1205cabfb395920cdbf1c3a8aed4ab91a65
2044
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\EZXM4CFJ\www.emirates[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
2044
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat
dat
MD5: 75c52a3c1aba674750204af588072fee
SHA256: ff795400a91093cb3674658665bcabc822d410fe6987526481897a7737c32b16
2044
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\gtm[1].js
text
MD5: c3b160d36486ab4d8e9a527759d9b982
SHA256: 362b3189fc99e186881b4da25cefeb1dd681ad90a15d905753a77dcffeacf64b
2044
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
text
MD5: 63ce66e1824ec41c0d7f4309bb55e4a9
SHA256: 20aaa80435052f61bf212e24ba6071611e2bd3a84cbca90c654bc75152f5dcd4
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\banner_tcm233-2770881[1].png
image
MD5: 27794eb37e8ca2038ed3b182dc81eaf7
SHA256: b1ad86b81c3018fe9ceaaa8370b611805db0e5572d03dad5f1c0989f89fc00f8
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\abd-1-30[1]
text
MD5: 95d0cff484b2ae80fa2a0df39c4c10c3
SHA256: 2dd42af252b85be303db754dd37c9f145dd655d8e8714cf2fd1ec068f625ab38
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\logo_tcm233-2770883[1].png
image
MD5: 672174b94e91b22c94e68eca695ee4d9
SHA256: 6f60766f1562b7aeee58384511cd732b29f59a6cacb6ecd10fe4961ebbbdf1f3
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\ieVl2ZhZI2eCN5jzbjEETS9weq8-59Q[1].eot
eot
MD5: f89702f699ffdac1594d6f777276495f
SHA256: 40c49d9a9a8d517eee94584cbae80629cf1432b2e24d60b172c9b1cc9a004c24
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\tripadvisor-badge_tcm233-4231455[1].svg
––
MD5:  ––
SHA256:  ––
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\skytrax_badge_2018_tcm233-4231454[1].svg
––
MD5:  ––
SHA256:  ––
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\external_link[1].svg
image
MD5: 6951ce2e4aa2ad128d9ba6171e3e2800
SHA256: 752c818130e1f552c1f6b636d69c1a3791d0a59088a0c60a01277265972b8130
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\Footer_Logo_global_tcm233-4139304[1].svg
––
MD5:  ––
SHA256:  ––
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\Google_EN_tcm233-4143606[1].svg
––
MD5:  ––
SHA256:  ––
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\Inline_Logo_global_tcm233-4096794[1].svg
––
MD5:  ––
SHA256:  ––
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\flags[1].svg
––
MD5:  ––
SHA256:  ––
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\responsive-footer[1].js
text
MD5: e227993e3a626b7efcaab106cd0788da
SHA256: e0b7fef1f2201beaf796fa0cfd0818559affd0b556d6f2a898e51861b7ea323e
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\botdetectcaptcha[1].ashx
text
MD5: 190333cda6268a87c7301304f8d93137
SHA256: 42a4f04d37a9a99f91bdebe4bfcec85bd83dba8c6c7bcc5253996f083b68f539
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\bg-map_tcm233-4590065[1].png
image
MD5: 15fdcdd85605f60268cb1833ac858a5a
SHA256: 33cb12ddc6e86d62fba5445c2190d6e9008d3ca2d3edb9ab61f11bc7d2bbdd32
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\adrum-4.5.0.773[1].js
text
MD5: 7cf69f5b9e01418b5f7a050c5ba12e8b
SHA256: 14a806b8e455dcc19500055370d9972233470b28bd0cd5c81ece4bd115267faa
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\global-navigation-v3[1].js
text
MD5: 9ef1556afc6aaed3c7ebfdcf2cbd8df5
SHA256: 7c4cf5b9cc4699341fd9cc50a961d05410f4b76772a528d5f3252232c1f600e1
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\english[1]
text
MD5: 44abf46636212b8bb3c5e16f0c279e13
SHA256: 137326eed6d8dbc06ed54d7bfab15c035932054d17af25733a905ca4de44806a
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\Apple_EN_tcm233-4143604[1].svg
––
MD5:  ––
SHA256:  ––
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\googleplus[1].svg
image
MD5: 36ba0120964c66aa0297003d0ea8fe40
SHA256: de2e24b39f61f529fea5ef054f3c6d16ad9e14ceff65fe0cfb6e97cfa1056fc6
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\instagram[1].svg
image
MD5: 695e9255301f29c92fb1375c45650510
SHA256: 8111fb47d93711e62fed951914b4bfa6cc058decba7138729dc895728ec9d9f5
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\linkedin[1].svg
image
MD5: b41bdbc3660704711d1fd0c6d98162d3
SHA256: 458afd5d92b094a751f8cc94d4fac2827a4910561681217d08779bae631a8f8d
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\twitter[1].svg
image
MD5: 0ebfd1b8b0baf88b2032ab645b91bba9
SHA256: 81f13bb68a9a090d047f44b22590c8b039f6043a6e931761de736449de37280e
2044
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\index.dat
dat
MD5: ad450c426a08beebb71daaf97a13e40a
SHA256: 0b2e86d2f836878d13c74c0ac1a80a2004003f825f88028da38fb58fb3f7791c
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\facebook[1].svg
image
MD5: c8be980d6f5e3862d75478525288e5dc
SHA256: 2b3292cd529e9d18ac4ad9813cfc6ce9c39db847b3b36104961fa644aa0e00bb
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\youtube[1].svg
image
MD5: 4524735504ba5f8ac9ee9b962d056706
SHA256: e4ee2779ad8aba067b65a4ccec386ff8f1b0e28024b5bafdca3ca60e76f6eb0f
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\Badge_Logo_global_tcm233-4139303[1].svg
image
MD5: fcd74cc9b3adde882663b18eef5f106d
SHA256: ae3545c47375c303a3b8c27d6858ac06337a222011d0d72a27619224a2f6a29c
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\Emirates-Medium[1].eot
eot
MD5: 63046337fc715bd861542d7e67963b58
SHA256: f0550638ebb3793eeec8e7310424a45cec1ef9af0f4ab8c89172e861b59abd7f
2044
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admi[email protected][2].txt
text
MD5: c43930a299088521c72646dfe79f947c
SHA256: e63f378a2383d1eae7a359993705539e218fbd4b75b2b995039914114b8b0596
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\Emirates-Bold[1].eot
eot
MD5: 5376c8aec5077b24f4473785ac704cc3
SHA256: 4a1de83a9ee03db847396ab1e1324eac44b79ca369bc257d2535f00a84fea8b4
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\css[1].txt
text
MD5: 0fe40c4082735575fa2f8f60db4cb5e3
SHA256: 0a4c53986fa3a1cb36f5cb0c811a8afaca99cfaadade1a68d417c26ac7ef0585
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\iconography[1].eot
eot
MD5: 3fdf3a8fc5bcf8d07922f63d58b92507
SHA256: d576762f88a7227f7802e6edc53e973f1496fc9e3aa3b2e3ec57ec5c963cc6ea
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\heroic-condensed-light-oblique[1].eot
eot
MD5: 6f73c95c6f404f2c9ca3507829ed6dd3
SHA256: c7ca8ab6719dde7af97abccbd60fff8a9d4b2165e87e18590b98a7dde0a86eeb
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\heroic-condensed-black-oblique[1].eot
eot
MD5: e4d360785cc065e4eca05bbe4c327d40
SHA256: 21e29887769fd91a93cb56d590be3ed64ed2f6b42c505d0a0d0487313c4e8897
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\emirates-light[1].eot
eot
MD5: b798d6334d5c453e1089e1a2be513592
SHA256: c82ed1b9175acf9bc50b2dd6ba1210ede34b2208507d235ff52f9d8300e09076
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\emirates-medium[1].eot
eot
MD5: 0c21076cbc056fcc17fbf5723a31a720
SHA256: 0af87c6aa266b19e849a816cd85f7949fc34f3ab308063b6eb5b1a5a840a9f87
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\emirates-bold[1].eot
eot
MD5: 194cb21d35038214e40fa101eb28b472
SHA256: 783d599fcd85b7fe02b4c31d0bf12e8387fbc047a3c33c2315c101ca96d57c86
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 0b39306e6bb314d10831eb1128f73955
SHA256: 1be7dde25729834c8658837e6c3276864be4a942e030bdf6d91160bf7db0036e
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\ek-font-icons[1].eot
binary
MD5: 4bde2b8a6d838e8690284745433c04d0
SHA256: f9947e31000bc69f2a6f02c54fadf44e94547545e6bebd27100ea113a1ecd286
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\heroic-condensed-medium-oblique[1].eot
eot
MD5: 0d0d40a494543a659dee85bff7554480
SHA256: 9ef213d593e097871c516e6590c5563c7842f93625ec7b6297ec42b153145a29
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\opentag-93989-1321710[1].js
text
MD5: 336e2d3dddd1bb467aed119302db8860
SHA256: fb45db45455cc88d2c499e715d70a5a1ef1ff79add3a20f30f5435d437ea0fc6
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\eol-components[1].js
text
MD5: b2147510466f0357338ae03d062ecf77
SHA256: e7c929f84bc77990c3883d1d0dc5a4e3a79c532505ce3d08afbdec0c1c5dcf70
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\placeholders.min[1].js
text
MD5: fdf6a7b6dea3b8e6ca89c1d93ba813f4
SHA256: 68ddb014542058b7b89df6020eba86d3c2be22ef87762d8a31b6536eecf866b5
2044
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 8784212fdba5a2adfc53a29a560cd5ca
SHA256: dc7d3160d8fe8982a93962298482e028b1d8524ce7d987e1196e3d1fab2b8cea
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\html5shiv.min[1].js
html
MD5: 3044234175ac91f49b03ff999c592b85
SHA256: e0eac80838c161f29e7c46d54fbc044d12cd164baae13255e562c6be3aa91809
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\respond.min[1].js
html
MD5: afc1984a3d17110449dc90cf22de0c27
SHA256: 83a8807ef669fa70d0d9375347f5552897f76c6ae8e2e6f97ef592595462d8d1
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\global-navigation-v3[1].css
text
MD5: 739be13c63bf2a6dba7483c3d7b17cb6
SHA256: bfa1d24306e7ebfe8986b988673fa85512aedb6d6cfa78417ccd77d9c7dbc5e8
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\emirates-office[1].js
text
MD5: 28524f5817bd3d802efe1063d217bc46
SHA256: 4dfdaaf3be5bf53f54f46e00dd933f1569855f255d18ddaee14b1eab3521f922
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\tealeaf[1].js
text
MD5: 09dc8f6a31988b13cf7f2144d1e2a7f8
SHA256: 5899b7ac7adeeb9d032d0ff040c42764419a95445e31fc073f3dcb8ef3f4c33c
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\fs-widget[1].css
text
MD5: 538d01ec0e2c46ba49348ee7d780da27
SHA256: 354247177991a3d8786b94ee6a3bc4e3354468129e91247d78a9bff98723b2ce
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\ek-core[1].css
text
MD5: 2849ecbe55ed25a6910e965987ae788d
SHA256: 327ca1da74b6fe7227f74d5e6ef825f9d563e2bcfd549e752544df76da636e47
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\emirates-office[1].css
text
MD5: 8e137e0dd7bd36266f196465ab53b14f
SHA256: 28177312f29165fb26edb8dedf420dd184a251ef0468a845652404d19a718fee
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BWPPCY0O\opentag-93989-1321710[1].js
text
MD5: 336e2d3dddd1bb467aed119302db8860
SHA256: fb45db45455cc88d2c499e715d70a5a1ef1ff79add3a20f30f5435d437ea0fc6
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\ek-webfonts[1].css
text
MD5: bb40941fa30afaa45995f27f384f85e3
SHA256: 983247fbfc3e2705da2695b063050f6fe02f3f20c56ec96e0ef4e2d3aefc7458
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\747071d1[1]
text
MD5: 38d9c04d3dba17ecec90f3b4ac4ac575
SHA256: 337b99459a2f3e51d932ee831b893be39d1053cefe7503a6c66d44c1ad8b4b92
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\responsive-main[1].js
text
MD5: bbd4189f945f61ba11c97d96324b2f74
SHA256: 56386c3f53f9f879d2bc57373e27737e00e6c2db0b6a4e36e21162d55e47a856
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\emirates.core[1].css
text
MD5: da6126dbf8207734dfdbb23a89db12fd
SHA256: 99488bc7eef155614c03d5425ed94cd80e9e76b5f089cb2fae091d2e930c5ece
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\offices[1].txt
––
MD5:  ––
SHA256:  ––
2044
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\offices[1].htm
html
MD5: 7598f3534d36cb268d8fb7b72dc9b83b
SHA256: 484b387f2bfed10553831367ac2f0ef5bee6b36b7fe0e8507b3c549660405287
2044
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
text
MD5: 0c38059b7ae04ec9d3b4ec915497f146
SHA256: b16c0d9a41a20f4d2fdcd14ed3c05f7f05fe36f076333a57ce76870925d25fde
2400
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[3].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2400
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2400
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
––
MD5:  ––
SHA256:  ––
3008
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_TCPrefs_2_D042D73FAD114A4DBA76B85992DCDE5C.dat
xml
MD5: f194b1fa12f9b6f46a47391fae8beec2
SHA256: fcd8d7e030be6ea7588e5c6cb568e3f1bdfc263942074b693942a27df9521a74
3008
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_ContactPrefs_2_51E6A63C1C84A34398CD8F1DF3CFF32E.dat
xml
MD5: bbcf400bd7ae536eb03054021d6a6398
SHA256: 383020065c1f31f4fb09f448599a6d5e532c390af4e5b8af0771fe17a23222ad
3008
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_ConversationPrefs_2_163DC7591C0D46488F4FC86D549F148C.dat
xml
MD5: 57f30b1bca811c2fcb81f4c13f6a927b
SHA256: 612bad93621991cb09c347ff01ec600b46617247d5c041311ff459e247d8c2d3
3008
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_RssRule_2_2AE97F5355DAEA46B54747635678E605.dat
xml
MD5: d8b37ed0410fb241c283f72b76987f18
SHA256: 31e68049f6b7f21511e70cd7f2d95b9cf1354cf54603e8f47c1fc40f40b7a114
3008
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_WorkHours_1_863DB93E75918346B5E6C34DC880DB5D.dat
xml
MD5: 807ef0fc900feb3da82927990083d6e7
SHA256: 4411e7dc978011222764943081500fff0e43cbf7ccd44264bd1ab6306ca68913
3008
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_AvailabilityOptions_2_33142075944CD048A2305DA447FF12D6.dat
xml
MD5: eeaa832c12f20de6aaaa9c7b77626e72
SHA256: c4c9a90f2c961d9ee79cf08fbee647ed7de0202288e876c7baad00f4ca29ca16
3008
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\RoamCache\Stream_Calendar_2_8B9889F32266C540BFD06A03466B25F4.dat
xml
MD5: b21ed3bd946332ff6ebc41a87776c6bb
SHA256: b1aac4e817cd10670b785ef8e5523c4a883f44138e50486987dc73054a46f6f4
3008
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{56706AB0-5BBC-4899-90F8-226825F859F0}\{1C306CB1-771E-4B4B-A902-86E897877F5B}.png
image
MD5: 7d80c0a7e3849818695eaf4989186a3c
SHA256: 72dc527d78a8e99331409803811cc2d287e812c008a1c869a6aea69d7a44b597
3008
OUTLOOK.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm
pgc
MD5: c0269bafcf36f043868403a43ad204b0
SHA256: 9b82954e3d93e45cd0d88d91a9a3f39ca27e33cf84caa3698b7835c5682b11ad
3008
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Microsoft\Outlook\mapisvc.inf
text
MD5: 48dd6cae43ce26b992c35799fcd76898
SHA256: 7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a
3008
OUTLOOK.EXE
C:\Users\admin\AppData\Local\Temp\CVR9D45.tmp.cvr
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
7
TCP/UDP connections
90
DNS requests
43
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3008 OUTLOOK.EXE GET –– 64.4.26.155:80 http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig US
––
––
whitelisted
2400 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
2044 iexplore.exe GET 200 184.30.209.229:80 http://cdn.ek.aero/qubit/opentag-93989-1321710.js NL
text
unknown
2044 iexplore.exe GET 200 52.222.161.53:80 http://cdn.appdynamics.com/adrum/adrum-4.5.0.773.js?r=cib-767a US
text
whitelisted
3000 iexplore.exe GET 301 193.104.215.66:80 http://get.adobe.com/uk/reader/ unknown
html
whitelisted
3000 iexplore.exe GET 200 52.222.163.164:80 http://x.ss2.us/x.cer US
der
whitelisted
3760 iexplore.exe GET 304 184.30.209.229:80 http://cdn.ek.aero/qubit/opentag-93989-1321710.js NL
––
––
unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3008 OUTLOOK.EXE 64.4.26.155:80 Microsoft Corporation US whitelisted
2044 iexplore.exe 184.30.209.229:443 Akamai International B.V. NL unknown
2400 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
2044 iexplore.exe 184.30.209.229:80 Akamai International B.V. NL unknown
2044 iexplore.exe 23.111.8.154:443 netDNA US unknown
2044 iexplore.exe 216.58.215.234:443 Google Inc. US whitelisted
2044 iexplore.exe 172.217.168.3:443 Google Inc. US whitelisted
2044 iexplore.exe 172.217.168.72:443 Google Inc. US whitelisted
2044 iexplore.exe 52.222.161.53:80 Amazon.com, Inc. US unknown
2044 iexplore.exe 52.222.161.53:443 Amazon.com, Inc. US unknown
2044 iexplore.exe 216.58.215.238:443 Google Inc. US whitelisted
2044 iexplore.exe 54.229.223.249:443 Amazon.com, Inc. IE unknown
2044 iexplore.exe 104.111.224.144:443 Akamai International B.V. NL whitelisted
2400 iexplore.exe 184.30.209.229:443 Akamai International B.V. NL unknown
2044 iexplore.exe 178.250.2.130:443 Criteo SA FR unknown
2044 iexplore.exe 104.244.46.16:443 Twitter Inc. US unknown
2044 iexplore.exe 204.79.197.200:443 Microsoft Corporation US whitelisted
2044 iexplore.exe 52.222.173.197:443 Amazon.com, Inc. US unknown
2044 iexplore.exe 173.194.69.154:443 Google Inc. US whitelisted
–– –– 178.250.2.82:443 Criteo SA FR unknown
2044 iexplore.exe 54.231.50.34:443 Amazon.com, Inc. US unknown
2044 iexplore.exe 172.217.168.36:443 Google Inc. US whitelisted
2044 iexplore.exe 52.58.102.110:443 Amazon.com, Inc. DE unknown
3000 iexplore.exe 193.104.215.66:80 Level 3 Communications, Inc. –– unknown
3000 iexplore.exe 193.104.215.66:443 Level 3 Communications, Inc. –– unknown
3000 iexplore.exe 104.111.237.111:443 Akamai International B.V. NL whitelisted
3000 iexplore.exe 52.22.166.234:443 Amazon.com, Inc. US unknown
3000 iexplore.exe 2.18.232.23:443 Akamai International B.V. –– whitelisted
3000 iexplore.exe 23.38.53.224:443 Akamai International B.V. NL whitelisted
3000 iexplore.exe 54.194.25.183:443 Amazon.com, Inc. IE unknown
2400 iexplore.exe 193.104.215.66:443 Level 3 Communications, Inc. –– unknown
3000 iexplore.exe 54.194.108.5:443 Amazon.com, Inc. IE unknown
3000 iexplore.exe 172.82.236.67:443 Adobe Systems Inc. US whitelisted
3000 iexplore.exe 2.18.233.74:443 Akamai International B.V. –– whitelisted
3000 iexplore.exe 66.117.28.86:443 Adobe Systems Inc. US whitelisted
3000 iexplore.exe 52.31.106.135:443 Amazon.com, Inc. IE unknown
3000 iexplore.exe 52.222.163.164:80 Amazon.com, Inc. US whitelisted
3000 iexplore.exe 93.184.221.240:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3760 iexplore.exe 184.30.209.229:443 Akamai International B.V. NL unknown
3760 iexplore.exe 23.111.8.154:443 netDNA US unknown
3760 iexplore.exe 184.30.209.229:80 Akamai International B.V. NL unknown
3760 iexplore.exe 216.58.215.234:443 Google Inc. US whitelisted
3760 iexplore.exe 172.217.168.3:443 Google Inc. US whitelisted
3760 iexplore.exe 172.217.168.8:443 Google Inc. US whitelisted
3760 iexplore.exe 52.222.161.53:443 Amazon.com, Inc. US unknown
3760 iexplore.exe 216.58.215.238:443 Google Inc. US whitelisted
3760 iexplore.exe 54.229.223.249:443 Amazon.com, Inc. IE unknown
3760 iexplore.exe 104.111.224.144:443 Akamai International B.V. NL whitelisted
3760 iexplore.exe 178.250.2.130:443 Criteo SA FR unknown
3760 iexplore.exe 104.244.46.176:443 Twitter Inc. US unknown
3760 iexplore.exe 204.79.197.200:443 Microsoft Corporation US whitelisted
3760 iexplore.exe 52.222.173.197:443 Amazon.com, Inc. US unknown
3760 iexplore.exe 178.250.2.82:443 Criteo SA FR unknown
3760 iexplore.exe 52.28.52.91:443 Amazon.com, Inc. DE unknown

DNS requests

Domain IP Reputation
config.messenger.msn.com 64.4.26.155
whitelisted
www.emirates.com 184.30.209.229
unknown
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
cdn.ek.aero 184.30.209.229
unknown
oss.maxcdn.com 23.111.8.154
whitelisted
fonts.googleapis.com 216.58.215.234
whitelisted
fonts.gstatic.com 172.217.168.3
whitelisted
www.googletagmanager.com 172.217.168.72
whitelisted
cdn.appdynamics.com 52.222.161.53
52.222.161.196
52.222.161.138
52.222.161.103
whitelisted
api.boxever.com 54.229.223.249
52.16.56.255
18.202.144.116
unknown
www.google-analytics.com 216.58.215.238
whitelisted
libs.de.coremetrics.com 104.111.224.144
unknown
static.criteo.net 178.250.2.130
whitelisted
static.ads-twitter.com 104.244.46.16
104.244.46.144
whitelisted
bat.bing.com 204.79.197.200
13.107.21.200
whitelisted
script.crazyegg.com 52.222.173.197
whitelisted
stats.g.doubleclick.net 173.194.69.154
173.194.69.156
173.194.69.157
173.194.69.155
whitelisted
sslwidget.criteo.com 178.250.2.82
whitelisted
gtrk.s3.amazonaws.com 54.231.50.34
shared
www.google.com 172.217.168.36
whitelisted
www.google.lv 172.217.168.3
whitelisted
fra-col.eum-appdynamics.com 52.58.102.110
52.28.52.91
unknown
get.adobe.com 193.104.215.66
whitelisted
wwwimages2.adobe.com 104.111.237.111
whitelisted
fonts.adobe.com 52.22.166.234
54.164.20.167
whitelisted
assets.adobedtm.com 2.18.232.23
whitelisted
static-fonts.adobe.com 23.38.53.224
whitelisted
dpm.demdex.net 54.194.25.183
52.17.226.250
54.154.98.49
54.194.73.223
52.49.47.75
54.154.86.186
54.76.214.247
54.76.193.55
whitelisted
p.typekit.net 23.38.53.224
unknown
sstats.adobe.com 172.82.236.67
whitelisted
adobe.demdex.net 54.194.108.5
52.208.135.160
52.31.219.56
52.214.151.124
54.154.158.135
52.213.58.51
52.30.113.91
52.210.213.208
whitelisted
get3.adobe.com 2.18.233.74
whitelisted
cm.everesttech.net 66.117.28.86
whitelisted
ml314.com 52.31.106.135
34.246.247.78
whitelisted
x.ss2.us 52.222.163.164
52.222.163.162
52.222.163.220
52.222.163.47
whitelisted
www.download.windowsupdate.com 93.184.221.240
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.